Malware Analysis Report

2025-01-19 00:36

Sample ID 240505-axmh5agg7v
Target https://skmedix.pl/
Tags
microsoft discovery phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://skmedix.pl/ was found to be: Likely malicious.

Malicious Activity Summary

microsoft discovery phishing

Downloads MZ/PE file

Executes dropped EXE

Modifies file permissions

Loads dropped DLL

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Enumerates physical storage devices

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

NTFS ADS

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-05 00:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-05 00:35

Reported

2024-05-05 00:52

Platform

win11-20240426-en

Max time kernel

1020s

Max time network

1021s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://skmedix.pl/"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{BD7346EE-FD19-4AB9-95A4-206BF7BE0BD7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\SKlauncher-3.2.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240976531.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240976531.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240976531.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241010125.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241125390.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241262218.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241262218.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241262218.tmp\jre-8u411-windows-x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\SKlauncher-3.2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4728 wrote to memory of 1392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 1420 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://skmedix.pl/"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://skmedix.pl/

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.0.695670748\141942197" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2084387d-b8bd-4be1-b9f8-f56356e84938} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 1900 1dbb2d23758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.1.874327467\637683423" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {957237e9-6978-410d-8c0e-f50b9a41dee4} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 2436 1dba608a558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.2.1450800457\1420332274" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2728 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a94aa11-b926-4c7a-8f48-9390fd67889e} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 3076 1dbb5d2e758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.3.918613106\255206731" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f3052c8-dfb5-4486-9de4-bfa76c89c606} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 3624 1dbb89ee658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.4.1085220760\978301763" -childID 3 -isForBrowser -prefsHandle 5184 -prefMapHandle 4832 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2574362-f353-44f2-9bab-45e3f16a90ea} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5196 1dbbacd0458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.5.1186336260\1184244134" -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5344 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93f3632f-29cb-450a-a8b3-2db448c46c17} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5328 1dbbacd0758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.6.126990703\1607516241" -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5540 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {101ba4db-9761-461f-bbf8-1e09b8483018} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5520 1dbbacd0a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.7.2097113422\871103396" -childID 6 -isForBrowser -prefsHandle 3544 -prefMapHandle 4532 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {613ebbc3-3eb4-4324-8ddd-c2a80e6aaa12} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 3552 1dbb94bc458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.8.1406958986\1392212268" -childID 7 -isForBrowser -prefsHandle 4456 -prefMapHandle 4464 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5f0a33e-f5e1-4147-9320-796ea8ff8220} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5948 1dba6079958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.9.795539479\1489248209" -childID 8 -isForBrowser -prefsHandle 5276 -prefMapHandle 5264 -prefsLen 28281 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af03fcae-23b2-4b0d-b9e4-30ff81738c65} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5304 1dbbb63e558 tab

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.10.2089693272\1451817500" -childID 9 -isForBrowser -prefsHandle 6640 -prefMapHandle 6636 -prefsLen 28360 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a508556e-d613-4672-8ef6-a948c53f38ca} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 6656 1dbb7b19f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.11.464192849\2052338484" -childID 10 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 28369 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb5f5210-e67e-4500-a87b-1bf9478e8fb0} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5664 1dbbb59ac58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.12.1486119674\1908232649" -childID 11 -isForBrowser -prefsHandle 5512 -prefMapHandle 5456 -prefsLen 28378 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d11e9b30-f566-4281-bcaa-072642a7fdcf} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5488 1dbbcd9b258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.13.781113389\1203483586" -parentBuildID 20230214051806 -prefsHandle 6532 -prefMapHandle 4552 -prefsLen 28378 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4b7a5f5-6d55-4a4a-9958-953306e265ea} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 6844 1dbb8874c58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.14.708424458\962412870" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 4652 -prefMapHandle 6608 -prefsLen 28378 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ab094ab-b9f6-4ab4-bdda-688c3cac7a12} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 4664 1dbb7b6d158 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.15.2071431097\797794337" -childID 12 -isForBrowser -prefsHandle 6572 -prefMapHandle 6680 -prefsLen 28378 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39e8bdaa-7494-402f-8d72-1236b75a7396} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 6808 1dbb7b6e658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.16.751386790\236454939" -childID 13 -isForBrowser -prefsHandle 6760 -prefMapHandle 6764 -prefsLen 28378 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b404a387-2800-4769-8766-b5c22cc421b5} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 6904 1dbb8862858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.17.1072538208\1387490055" -childID 14 -isForBrowser -prefsHandle 6796 -prefMapHandle 6620 -prefsLen 28378 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5ece548-430e-49f8-b9a6-01af5af52edb} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 6596 1dbb7be7258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.18.1745971528\950003018" -childID 15 -isForBrowser -prefsHandle 3168 -prefMapHandle 7248 -prefsLen 28418 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce3c030d-6cf7-4714-9a09-f47bc931d6a7} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 6824 1dbbb69fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.19.407304867\1677674945" -childID 16 -isForBrowser -prefsHandle 6972 -prefMapHandle 6724 -prefsLen 28418 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30ad6ce-de68-4845-aa2c-e9b9c25a5145} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 5420 1dbbc153558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.20.749365919\1415618871" -childID 17 -isForBrowser -prefsHandle 7284 -prefMapHandle 7296 -prefsLen 28418 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbe23648-3d1b-40e7-af9f-c36a9ca29e25} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 7732 1dbb88dbc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.21.1374888293\1209221695" -childID 18 -isForBrowser -prefsHandle 11392 -prefMapHandle 11820 -prefsLen 28418 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9de5d068-ddf3-41ac-8223-e8e8612bd1b3} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 4716 1dbbddc0a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1392.22.446452501\974728422" -childID 19 -isForBrowser -prefsHandle 11204 -prefMapHandle 11124 -prefsLen 28418 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1ccee10-fa73-480d-9840-0ede96afc394} 1392 "\\.\pipe\gecko-crash-server-pipe.1392" 11108 1dbc1eaff58 tab

C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds240976531.tmp\jre-8u411-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds240976531.tmp\jre-8u411-windows-x64.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds241010125.tmp\jre-8u411-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds241010125.tmp\jre-8u411-windows-x64.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds241125390.tmp\jre-8u411-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds241125390.tmp\jre-8u411-windows-x64.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds241262218.tmp\jre-8u411-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds241262218.tmp\jre-8u411-windows-x64.exe"

C:\Users\Admin\Downloads\SKlauncher-3.2.exe

"C:\Users\Admin\Downloads\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb8883cb8,0x7ffcb8883cc8,0x7ffcb8883cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6404 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3800 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004C0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6495736204953509059,15194271945526821300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1

Network

Country Destination Domain Proto
N/A 127.0.0.1:49737 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 skmedix.pl udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 44.237.171.47:443 shavar.services.mozilla.com tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 172.67.199.2:443 skmedix.pl tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 172.67.199.2:443 skmedix.pl udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 104.21.234.235:443 rsms.me tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 142.250.200.14:443 www3.l.google.com tcp
GB 142.250.200.14:443 www3.l.google.com tcp
US 104.21.234.235:443 rsms.me udp
US 104.21.234.235:443 rsms.me tcp
US 104.21.234.235:443 rsms.me tcp
GB 142.250.200.14:443 www3.l.google.com udp
US 104.21.234.235:443 rsms.me udp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com tcp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com udp
DE 142.132.140.101:443 status.skmedix.pl tcp
N/A 127.0.0.1:49744 tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
BE 64.233.167.155:443 stats.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 172.67.199.2:443 skmedix.pl udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 18.172.89.125:443 services.addons.mozilla.org tcp
GB 18.165.160.118:443 addons.mozilla.org tcp
GB 18.165.160.118:443 addons.mozilla.org tcp
GB 18.165.160.118:443 addons.mozilla.org tcp
GB 18.165.160.118:443 addons.mozilla.org tcp
GB 18.165.160.118:443 addons.mozilla.org tcp
GB 18.165.160.118:443 addons.mozilla.org tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.200.14:443 www3.l.google.com udp
GB 142.250.200.14:443 www3.l.google.com udp
DE 142.132.140.101:443 status.skmedix.pl tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 2.18.66.80:443 tcp
US 52.182.143.209:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
US 172.67.199.2:443 skmedix.pl udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 2.18.190.79:80 a1024.dscg.akamai.net tcp
GB 142.250.178.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn2.gstatic.com udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
US 172.67.199.2:443 skmedix.pl udp
GB 142.250.200.14:443 www3.l.google.com udp
US 104.21.234.235:443 rsms.me udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.21.234.235:443 rsms.me udp
DE 142.132.140.101:443 status.skmedix.pl tcp
GB 142.250.200.14:443 www3.l.google.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 172.67.199.2:443 skmedix.pl udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.200.14:443 www3.l.google.com udp
US 104.21.234.235:443 rsms.me udp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.228:443 www.google.com udp
BE 64.233.167.155:443 stats.g.doubleclick.net udp
GB 142.250.200.35:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-if-v6exp3-v4.metric.gstatic.com tcp
GB 142.250.200.35:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-if-v6exp3-v4.metric.gstatic.com udp
OM 216.58.209.131:443 csi.gstatic.com tcp
GB 142.250.187.206:443 redirector.gvt1.com tcp
GB 142.250.187.206:443 redirector.gvt1.com udp
GB 74.125.105.136:443 r3.sn-aigl6nsr.gvt1.com tcp
GB 74.125.105.136:443 r3.sn-aigl6nsr.gvt1.com udp
OM 216.58.209.131:443 csi.gstatic.com udp
GB 142.250.179.242:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-267835-i2-v6exp3.ds.metric.gstatic.com tcp
GB 142.250.187.242:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-267835-i1-v6exp3.v4.metric.gstatic.com tcp
GB 142.250.179.242:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-267835-i2-v6exp3.ds.metric.gstatic.com udp
GB 142.250.187.242:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-267835-i1-v6exp3.v4.metric.gstatic.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
GB 172.217.16.228:443 www.google.com udp
NL 23.62.61.137:443 e91569.dscx.akamaiedge.net tcp
NO 104.110.16.41:443 static.ocecdn.oraclecloud.com tcp
BE 23.55.96.141:443 s.go-mpulse.net tcp
BE 23.55.97.240:443 e2581.dscx.akamaiedge.net tcp
BE 23.55.97.240:443 e2581.dscx.akamaiedge.net tcp
NL 23.62.61.162:443 c.oracleinfinity.io tcp
NL 23.62.61.162:443 c.oracleinfinity.io tcp
US 8.8.8.8:53 240.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 162.61.62.23.in-addr.arpa udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 18.172.89.120:443 consent.trustarc.com tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 3.162.20.35:443 consent-pref.trustarc.com tcp
GB 18.172.89.97:443 consent-st.trustarc.com tcp
IE 66.235.152.225:443 oracle.112.2o7.net tcp
BE 23.55.96.141:443 e4518.dscapi7.akamaiedge.net tcp
BE 23.55.96.141:443 e4518.dscapi7.akamaiedge.net udp
GB 142.250.179.227:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-267835-s1-v6exp3-v4.metric.gstatic.com tcp
GB 142.250.179.227:443 p4-fzntxmev5ncv2-hayqjhx2j6k473ai-267835-s1-v6exp3-v4.metric.gstatic.com udp
BE 23.55.96.141:443 e4518.dscapi7.akamaiedge.net tcp
BE 23.55.96.141:443 e4518.dscapi7.akamaiedge.net udp
US 2.18.190.75:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 2.18.190.79:443 trial-eum-clienttons-s.akamaihd.net tcp
US 2.18.190.75:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 2.18.190.68:443 trial-eum-clienttons-s.akamaihd.net tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 23.220.112.104:443 e2875.dscd.akamaiedge.net tcp
DE 18.192.231.252:443 eclipsefdn-adoptium.netlify.app tcp
CA 198.41.30.198:443 eclipse.org tcp
CA 198.41.30.198:443 eclipse.org tcp
US 8.8.8.8:53 www.google.co.uk udp
US 20.62.244.126:443 adoptium-api.eastus.cloudapp.azure.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
BE 64.233.167.155:443 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 104.103.251.196:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.103.251.196:443 javadl-esd-secure.oracle.com tcp
US 172.67.199.2:443 files.skmedix.pl tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 libraries.minecraft.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 8.8.8.8:53 sessionserver.skmedix.pl udp
US 172.67.199.2:443 sessionserver.skmedix.pl tcp
US 8.8.8.8:53 textures.skmedix.pl udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 104.21.50.12:443 textures.skmedix.pl tcp
US 8.8.8.8:53 beta.skmedix.pl udp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 8.8.8.8:53 meta.skmedix.pl udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 rsms.me udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.234:443 rsms.me tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 234.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 154.167.233.64.in-addr.arpa udp
N/A 127.0.0.1:53329 tcp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 13.107.246.64:443 acctcdn.msauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 20.189.173.8:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 20.189.173.8:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 signup.live.com udp
US 13.107.42.22:443 signup.live.com tcp
US 13.107.42.22:443 signup.live.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 fpt.live.com udp
US 52.167.30.171:443 fpt.live.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 iframe.arkoselabs.com udp
US 8.8.8.8:53 csp.microsoft.com udp
US 8.8.8.8:53 signup.live.com udp
US 104.18.33.170:443 iframe.arkoselabs.com tcp
US 13.107.246.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 client-api.arkoselabs.com udp
US 8.8.8.8:53 client-api.arkoselabs.com udp
US 8.8.8.8:53 170.33.18.104.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 104.97.15.58:443 aefd.nelreports.net tcp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 58.15.97.104.in-addr.arpa udp
NL 104.97.15.58:443 aefd.nelreports.net udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 testfamilysafety.bing.com udp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 8.8.8.8:53 201.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 204.79.197.200:443 tse3.mm.bing.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 204.79.197.200:443 tse3.mm.bing.net tcp
US 204.79.197.200:443 tse3.mm.bing.net tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 74.125.168.105:443 rr4---sn-aigl6nz7.googlevideo.com tcp
GB 74.125.168.105:443 rr4---sn-aigl6nz7.googlevideo.com tcp
GB 142.250.178.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.168.125.74.in-addr.arpa udp
GB 142.250.180.14:443 www.youtube.com udp
GB 74.125.168.105:443 rr4---sn-aigl6nz7.googlevideo.com udp
GB 142.250.187.214:443 i.ytimg.com udp
GB 74.125.168.135:443 rr2---sn-aigl6nze.googlevideo.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
GB 142.250.178.1:443 yt3.ggpht.com udp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.78:443 youtube.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 142.250.180.14:443 consent.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
NL 104.97.15.58:443 aefd.nelreports.net udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.17:443 csp.withgoogle.com tcp
GB 142.250.200.17:443 csp.withgoogle.com udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\activity-stream.discovery_stream.json.tmp

MD5 db06c67f8a8551290a82ae2d089af94a
SHA1 dc5baede09dff948ea6bee24e6ca9b7994ba7862
SHA256 dab7509d312a86358a8020aadd0b2a7fa2ba2226cb9b2b82478704faaf1480da
SHA512 495def92cdc9e480ee7ed77828365ae22ab08ca9a28c5b6e4040484ba7ef04e4d609562f9898303abe141ab94f1fc95e7a4764f29a03d6cb9734a8e6c508c976

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 490a193b2913288d440b29a8653f4d0a
SHA1 f9e69cfeb567c09be61c10dc8179bfa9555a2b49
SHA256 fc3a06f94633e3f4d9090896b1ce90f58c7dfec45708f5ff691383dcf4b8b175
SHA512 ae098cd71112523b4596ef67c31fd4b821df1cdf222b046c07855736df0cf75eb553ab7396abc611681b9fbc73df4b2509c84f0f771a1046dd82bc74b944d0ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\prefs-1.js

MD5 ad47daec3a67d320255bdf84d2492116
SHA1 745cec8800b5134c827fdcf66d87d3cffda76b68
SHA256 e13b9d7b31960bc553f969ffe3bc307173d5bd5cd0bcaf673b899cc389daedfe
SHA512 94fd74da08727ddcfc500d97f094ffd88c7517b8e44f7802bd67268673cccf98fd215a35b6fc9f6a8fcf6298c10279d306ccae78d65ae14796bf12c5361ac5cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cdbedb24b8af31c6072d36f869f60d2b
SHA1 be00d10a13b6ae71ecf0348ef711b3cb6814fe53
SHA256 124d2575a9fb06f725eab966f5cade23c11b0ebba3c61bb8e85fe918c6970c18
SHA512 25e93732cb267e803cfdb6e4fe795e05c0b2e0267e914c49091da590a35ae4decbe3ae216c4d62b9f8240c2f70e4f05b79f371521c7f125e4d94a25bb8571458

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2080f2559002e8eb6f8e6d51512baabc
SHA1 a154bd2ecd4f9b683b1c6805ab99158868bfd6f4
SHA256 5d9ee7e5252cb6e446176395e138e10d450d8a50727590345cf4330ed79864e0
SHA512 7befa71571ac5a85866c69e1c91f86a115c54241fc34d1629243934b29e4b1ae55e15c28222560768f0406b45147185c457c9193eec7adb799ce3357cea8b999

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\prefs-1.js

MD5 76a007e242647e62f7794497f050464a
SHA1 33c66d10a3ca4b263c2a72a55b0b3852f42503b7
SHA256 ca8df41c0732dc4e02e36eca57463de2b715f0512c8d53583415699856004200
SHA512 748fc111fc00a93e884093f3880c66edc88d7b5c010ada34e0aaf1f3ec13f808b2accdc7156482235e2c2146eb4518f106ad98d6314ff0b492492d85af4cf85f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c2cddb24ab8fb7bb79f72a724f20611d
SHA1 ea64463853f8ccf074c759bcad6443a1e1e3e4c5
SHA256 662d1aed8e6b9c2a5d0fc27d2e79ae895f01262df578c6f438f341c7d1105591
SHA512 862b88b5ff875e4d2e8b124648e22d9f9598138b414a951b0ac186f66bd46a7b0d718dc8e1d133876194c50eecd6423394aaa75c61885aa43fe2ffd68b37cac9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\7320

MD5 5bfbb1743c24c6fce6c5791f5bc965c1
SHA1 00a79a7f827b61a266e07f89e41dda87737abc22
SHA256 f51a4f492d1628b87f5f0743844322c2e4750738e2250765f5442c59e963247f
SHA512 286a02cc51ef56783f848562b83b30a3d2209687457c5a61b5f5201146c4c0981a6e640ba097971f2e0ae68e42f13184f1d28fdef816a81dd87bc27dab238bff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\10709

MD5 095fbff628e798d041abfa8127cb197a
SHA1 40ba1c8d9f166af04f3cb6c6a2321ac2817e7d93
SHA256 de78ef7b427b85ecdf79fd4272ddac726687de526a354b4bb17ee86f73770bc8
SHA512 085918efba6cd188b067cb98dab18d1ab85c5d505272009af838c2e21927898107b5530f78579bd46857d298b738701cb8663c7692f031bcd3ec0a42f642ccb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b04e872cc4cd37fbc192139066f0fbe
SHA1 9edab6348a1269867b7b6f763cef2c0bde7bb2e8
SHA256 905c967c1ae4c19d43000cab581c543139c3cd2ab4ed9347f58dd87ef45f8859
SHA512 6b97e8bf427d81604e2f13319effe034b07fdd69b5ffc8ee2fd1dc41a8b6ab308c7f37fcac4aa5be2a8ec3acf0056cb3eb8a325306585179b3d5fa2caa928b0a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\8FA1D7DA4BAED01F5526DC243FA0E25A5753036C

MD5 253de4708224cdbff4b6d48c98225579
SHA1 7c4afdb265a2a8780ce5397d626f90cb21c0b14a
SHA256 8e234d168119b59dc2ac76b6c3ae88ebcdca86fae52bd42e8dcaa04c2ea9d1cb
SHA512 6e4f354c8a903938f45fd081a70e0bbc48176657512d14d63bdf7886db2f57f9f06a521b99a963a6c277fe6fa41383299ec0ebd1957740268f08f4551c8df685

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 38af4b21511edcb16e05527340680b98
SHA1 b3b36ab8ffe24f2d9ed2597cd4e13359ce8054ea
SHA256 eb0f4a44347b07545b51bfeb3ffe75343df5aab60e2b6a522420fb4631f47b6f
SHA512 e0ce174389c202016eeceda25ce222e6cec85bef7a25089ab6ddc9989f4b7d3207bf913d37ac147b45a34403613cbdb6f3937a44796593cab407e423042c0aea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 49185486195ea00947eda28f346493ec
SHA1 38224d974b75cb10145fc7357d588f1d3ae15855
SHA256 f819db98ade8866c8898ba317ee7e26f81a3a26375e16c5c249efce0d87111eb
SHA512 8bb26634bf721b7fa54b5565824df4f99a574b62b66c80742c9f5d20e9508c4d0eb88442025362921ca65b5b838dc22acfa5112902546b0ece605f2edd0c4bba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ff3f17600819283f2caef6bebabc08a3
SHA1 0567ed9c908eae2bc22859a09e746f7b3ff29d24
SHA256 d1f5aa025c837515f040f9513fdb68977b07bfaa1bf3a27b9cbfe50d18300cb9
SHA512 fcae7979ba1b2f93ce7c2df73e82d686e2f83ec0da2107e1ddc529cbc6e08b79e0a64db7f90821c5ec658af43ab8d6bf4daaba3b8e1ad34b69784a82ab2edb0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4aa9c8f8d12419159f73083a605df940
SHA1 73dcef87c3c1f5f3be49a204c61c28805eec0d20
SHA256 c0f138f064fdf665ccf50dfe9c40717a08ba12588c9f2fd4e72897236ec1c9e7
SHA512 a4e2e19dc5e4a81347986a93646e862c22a0ab1652715cda95bc7b6a80109e15275f69b10b5f9db856387d59623a85cfce4f2072fe56c3be9c2ff43467af7cf3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7d438a3cf4807651466a1178c1449c62
SHA1 34c90f86ca4501b1015a265cf13fb8ef1f237774
SHA256 62da4ee49058e0d30a2202b14ff9cad5a69dc46df5fddf5f09a17665f853db0e
SHA512 42a17ef0393f468dc4fefe4adaaf60724f64c88dd0cc620baaac34f56e9fff5bc961a8810272874b3b8a6e6262d8818986b1f4e917bde650aaddd71fe529425d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0733542881672b6837091a31808bec9c
SHA1 22ffb781db5683d03a596ce1e41a6294096c63cb
SHA256 840ee2d66a936a37e795f86bec680737613d638e9edfd933f6b4dfcbe34b5c52
SHA512 f4fc3930e2bf8ecb3e276957f87667ebd1254eab050a138728f396b1d8ccef5fad0cc7449955ae3d977158f9718e446dc6a7005438103734bc666d33b6d76317

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\0F6E48FC2FE3BA07CF39A943382347AA9FC8C2FC

MD5 3cfe7feb6b043ec5d5107d138b33c02f
SHA1 c4ac9762504f80a80883efebad88afbe7f1f6987
SHA256 d492f5396a3a225c661fad596d27cbdc07042e950d9a68bb23392caf9820dd0c
SHA512 0bae6bfe286bdaaaf3e2dfdcf7269f5cb2ee0df94450db6f995bea72f98121db16194beb2a7d2cc4e9c1922b6fbf1e99a40e6a2ebaa471e7af493038d33eeb9b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\21712

MD5 e7142ca5795a2c297082ee3cf8f984f0
SHA1 035a427bf9f4c4b03dd3fe4f76e04db3bb05ca29
SHA256 036ff6542bbe03393c5ebeefd8a84a994afa33e2905b37ae0168cba42f234e80
SHA512 9913249979ddeb895a2f53cab6bd604c99c75925e23fabe84fb989aa30ac11ea19582f47ccb95ee8052fb05eecc10278802fcd5209fe56f9b68fe4814e465355

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bbff5b79ab6bdd749a5173c38852bf8d
SHA1 6ddc762316885fdb6064af0b51a74523943ed992
SHA256 3cbc8ee3e6935aaa5412b62df2eeb9cc50ce1c7f8d084149dfbd4164d97099e0
SHA512 41a24b2877b075dc710d0aea541f0774c7aeb0eb1de80f46869a12c4d9560a3bb544372066cad54a1db734a00f6fd0d945f2d8d1f5318eced1f9773d07e5244d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\29080FEC855CD2187E892DC013F455B0F9E7066B

MD5 1cac57c747f1bac2ca95c115a8931242
SHA1 57d0491f606057d5ee9da6f9bb1b33d5407c0af9
SHA256 7909a7f6680b5be07b9317e12686c3ae468d2d9838494822d7decb99ecd80156
SHA512 2532394e2fd3c5a8e3721e121e27a63b86bc0044387b8e6a1d63108abe3cd5dfc3aa71b74b64ae81490db35199e162120b99c13e3faa55c1d1b98578a2ab5ef0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\10178

MD5 a441222d809bf1800d24562e179cda36
SHA1 81308dbcad4f4a137b0cd33184adc81fd636d215
SHA256 9d1db7f8302099dafa05e291a2dfbd7e8095ffce8784a91ec3b4589febac484e
SHA512 1a09e6db9c62a39286a8bb944a3248e9674d534b64c54c51de6dded227cc2e3e971d2b3060d87b39bd2fe932b61db044e78c13b47a032f344af5ba523598ceea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\26293

MD5 e72da8feebac5c0a75474faa63fd6144
SHA1 4aa7f2b4c7f67f3fe6ceb4ff1fea08da74d4c972
SHA256 212d82e898588834f42914f95e03fea4e0aa39078a77686570d113b0a65171e6
SHA512 e7b55bb55b793dc951c2047572268e89f30600fd5cc76fcddeea8729c217635d0e81040a130d291f0bb2592a94a3b509a0e8e000c755934c27765c208d3a41fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\1425D8142354B20A243BD217B4DCC3ED3782824C

MD5 23123f8ea9d70c431a66f38d3c0c9dae
SHA1 da71e998f7a03059ac085dc03ff3c6f9d2d3b6d8
SHA256 b7b4182f23d5bf731baead77447eead9a63b4bd8dba5baf8fc28cc544cfcbf02
SHA512 1af9940acba9572755b4b68bac395f8ab176edfb6eed5d58263c926c4a8cf9f2d31b37b9ca3dc732e9dcecbe8df93331f67ee9cd32aaa474a5b7be066e3962c4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 5441fd940516ba9ca0905fe9d06d51c5
SHA1 dc205680f6d17bc2e59fedc44fafe367e3a86ed8
SHA256 13da956e80ad1909ec5f7c687b5e2a1826fb494af6bcd53c77ebc5145d84a8e7
SHA512 6faf252df15b33c0548d3f5bb6059951a5483292f23ac55485dd6b1e2fa5eb371c3a3e5dfdd1bf56ee708644b533e8a0dd02f32b7edcfc3ea290dc7ad49c7452

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ac0252caf81b92480924b6080edd78b4
SHA1 4606aae541c42eace4a9449a04355e82d35a38f1
SHA256 c343699dea7d696d27e6036a7d7d2f01a6e1a8ad3ce8ae4868d479e8cade1bbf
SHA512 500a3fcb55539b5edc1ee4c85bd08fe720e11558d95d1d7fa0803c46d7c546f16b3cb45d8e53267ffb325a3e5abd33ce7b199ecb9b10bfb63c5e0b366dcff892

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee8bc37cbd96f96cd82fe2da926f0402
SHA1 88ee9f435561bb6a485b2ee40bd6f845680971d7
SHA256 e5feb7c173516c5dca3a1ae6b17df50ea4d900024e54be17922acbc7a82841a6
SHA512 068cb1d7b4645801b7361a5726dc8f0e7f94160094c6f7caac7e0dcae7965af8d4ddeaf07bc5b0ae6a80d584a5cc71b469f564eab56488b8e51b09efbec1ae58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c44fd30334ea5634e4f1e537a13a6f8f
SHA1 5be4aede1a083c9c3f6d5f89b20543c7b442320b
SHA256 3109d1c0468517588d8910360c5db0fe05b2509770ff3bf33985d20b58a0d5ae
SHA512 39aa6e7d5905cbbd906687a8fd0f20c5ed166e108bd735eccfbe6cdd43452cda7c5e2641f360a4449e29f1fe021f91f58eb7b5a0a4d1157310d86acd8b86cfc2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\4614

MD5 e7142d574536a87d2fc83b56a0aa0a3f
SHA1 9e7aa107994dfa07a57b2c697d9d9bd13f4c14d5
SHA256 d18613cc618bf801d01fb0fa7ca35da08a24473952d6142d6aa2eba317eafd79
SHA512 d3a9f6bcab2cb91826a804fddaba07a514f8866be6a7a0c8a8c470d39c1b6652f038a5bf76b49c5cbd0a9ede37799b0713616923c66ea7283616fb11a9e56b2f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\26265

MD5 589ae0922e24992dd6a300ba2858fd7c
SHA1 ace2f59c4a603a222ef5cb23e4670f5406163471
SHA256 cd3ef99cb5d57a0740c822313adb07a2f64dda8aba3bd647dbd846d21be90cad
SHA512 de92ab897721928b347b83d3032e758eec181ba7c33cddc76fb41383ca1ca4e6ef604234e73734ff1abe10b06e2056f1111e3ce17ab25a926cd6335f76cf8432

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\15540

MD5 db4659d75ae5c37631f71c5c87e97db8
SHA1 9026e581bd2a04563d0bce6307376e7e792f0e7d
SHA256 1c806a84f973ec28465130e2d5c1ee5025971f7bd9e7d54d316c91a44cf0ac59
SHA512 45e4ebe5b05a632a6fc1e146508170fdb08cab1ad441bc03f5dc433c3d249420bd5f07639865ac75def4adc68b1dffd79a7bef5b9dd3f2d7fb5410bcaa693828

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\3241

MD5 a69d9662f3a29ddd2cb0fc5155ef600f
SHA1 4ff75e24d5002063079947089343b84a84a9de10
SHA256 cba899531476f619a5809460ff0c618d43384793d89d4063687ed4157338536f
SHA512 c2e0eefb19ef924a1dcd501643439b520a06bc567310cfb2998dde0568124663ee1b8531c4d09d437e9dc528188ab81eae19a20b280019da4dfe95cc0c8c9283

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\22986

MD5 aff57a04d8bb5e0eef9f921d3f2cc3c9
SHA1 c8a77d80c7ba5d1053efae7257970a6db1d6a85b
SHA256 abed9dad7ec6e979d205fbda1c48f27af5275dd9a798c345efcab3c4fcdfd344
SHA512 5e4dd828fef320b18af47278bae347ca575ea21311df09b566cc2606775e49846ceb6c8a18e6f7d8e3b35dba3df8f6a78425897532a0ff0b2fd4e536e0fd2191

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9652c95b664b0e5f4f0ab4dce31f0a0e
SHA1 d3b938903d22d9ceede4dea838ceeb5bbf60a98e
SHA256 6f5ad356b081aacd297a7e87b247a66aeb078a4a4f0c8b9ca867dd16b2437856
SHA512 5f0d63df8166c97bbe96ce538bfc1960f11e52c4d13582cccaf04e1f48bf65520de13b706e721016b8fc95e757a9707e306fff73f38517e2f530f5443ef9954c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\23214

MD5 a3bd5ccee3a4b06378650234a6042ee1
SHA1 096565f4f8827c508f424c33d675b49dffc8447b
SHA256 245467f64081ecc2476bbbb9db0ed7a3a5bf623be4d315ec1b856ab828527138
SHA512 30357d2783e2bd4e3cbb1effd25952611869015be18d30bf7a4bdb2823fbb3eee8ab88e2d488bca5b415725d4042b8e81004a8f7db21cd4acb3da0e855b2c4f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\2BDADFD1626355CCF0B4864B5B5BC6566F9B4291

MD5 012e6da4220d02cfcd6ad38d3ddd6655
SHA1 4b27bc3ed17131980f9c71197b7f34d234999d8f
SHA256 eceefb516fc6c51ad4e709db2bddf0af2b68fd6838ecaac73c8a5660b036461c
SHA512 9ced424bcc44304e82d0418a5f357d70171c34ef6440c14002aa5b94cf6108c5f0e68f58a0360f3a182297c1a6e2c0d56c507ad15dccffe0740fcdd73534d5f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\2642B139127293682A334A3B94AFED2E56EF6902

MD5 f11dce6d9b1e89db6b343754f1809724
SHA1 b0ae8e67c2f7b527b169fb27e22592c78c6b60a8
SHA256 84a7bde0a54f1a1fbf89ec4448074538f4816d93f7ccacc227d3450d6a7db74e
SHA512 68a1cd08af66eea26bd14c522a72ad660ba9e7fc1e7637ae4d1c60c8895f7ae2943c645ca93b73cd02e985c94bf0f338635c99a6b24f170810dba678c1a93068

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\25964F52691AED972ED9651DC62D2ED649D0CA04

MD5 c45d80266a4c1323b7336522e4548530
SHA1 b948af8c3079e6f6b91764cf27f85855666636f5
SHA256 c34f3028a23999ea58d745a090475f7c25ded7a075bfba4e95f4ad0133e3b3c6
SHA512 edbfaf798a0c11886256aadb9120fe6bd7cf6586ea8487e1199f29d15f5dc2e63706136a4af7f8355b7cfa7faa69e28472d035fe089c8b4772a58932f15819b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\A9820D3AA01082CAD0464F5D7B7ACC7020B5827A

MD5 c19a4c1de4217b35dbeb8eedf75d2b45
SHA1 ed487e2173391286fad6ae565ba0ed1e0f6939fe
SHA256 7a2208877cdffe77254eb7e3c0b910d88611682da3bd1fc20a423c2f5a4bd0f3
SHA512 d0348cf6bbb6114a77f6f06a0f0e7af553066d936fea9006f3fd851b61eea3bfb3d4a0b694f0d08da2cf26257abbde4c2649fc73ae7928c469bb7b409a5b2f74

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\29080FEC855CD2187E892DC013F455B0F9E7066B

MD5 c53c22131a4a8eb4045e8221dee7cdf2
SHA1 a3233681bcd923216f6c20fbc3f6f9d258f53876
SHA256 eea84a28514c246079765aa882d5af0b784c1789789a35835eb0562fd7d96b5b
SHA512 ed8e714a225cad7099cc9d1f93d0e9a11084a9c3d18db901ac602f470a60f34ca72ddb741a89ce5b51d139aafa5f6d762a6c17e5516204fb2094a377aa43717d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f378fb5eb643329b22372d309c7724cb
SHA1 38d1d8a5dfcddd36e9c49d02c94efbb26c7ed7e9
SHA256 e0f1c5b0e2cdf32dc54716ae849c4b1fb803e54dd39054975de6e20c17741db7
SHA512 30b50ef7215ff23920d0a7bf5e1ded800945c673d582a308de63002423ecc6f7f23c6beb221deaf8789193eecabdc2f972ca41bcf7b69c4b18a3f6509985055b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\31576

MD5 8925951c4f5399630dcc259967e0f105
SHA1 4746c2cabf44cf712665eb35a193a0ad0e87518b
SHA256 ec4ddc15e4088922380a632657397d4cf75007d54fc82ecddcb8fc3637814ff9
SHA512 64cbf25693a0cf027cfbb4bc9c3cf43b3d16bf8cee87a1418248cabcf3b26e59411eeff643e5adf94e0c1f6bd3a18c8e50c70840707562ecca50c2fb79523f8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 54bbe75403154a5b1f45ae377e60f4ce
SHA1 742b688d356ceec016fe81c57fcefe402f70a61e
SHA256 ae344f979e948820ea9a5fe0a071b3e7be31cfae95ebb3cab45466bb824672ad
SHA512 5486449397985258082fd61757b3e3b396aded7a43867e924722cea848d973e994473616c01fdc551dd6c4e70db0de03040aa6e1ff7763065c1999249190ac54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5adc046a3c38000dfffa9395c495832c
SHA1 620a42c09db397e25c4ca22f998cf0389830695c
SHA256 2cc09e4a5f5cbace96f3ade0c8ad4500b75103c5d165bc83918d94388e42590a
SHA512 4c05f83184c96b56f4e38dfd111f8ede5d4bde8648e1d76d67af79b89fcc4a9454ff7969bdde1416fa5bff8bd22c2a7ec6ebab4d159ff4fcb0b76706ab9976f4

C:\Users\Admin\Downloads\jre-8u411-windows-x64.bAzexCaH.exe.part

MD5 c352b03e421407a2aa9eb8ad3a12856c
SHA1 f75431d84190b539a76d47bbecdb0c9fbdcf7667
SHA256 6eada6e5391930544fdece53aac83be53b9b4b66bb1dd02ec9b39650eb0e7b12
SHA512 f659c09aa8632b27981ee94a6b4846edd3e28e3243c4cbf5efa42d2744e5c24839199b42129e109fab169e17c1070930f02c2c76c6f0b49aef4871a1cc7466b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6ce09979a0f11cb58305b7a0cacffd9a
SHA1 dba2438afe761b77c6942990fe82aed8dc39530d
SHA256 f561e13c5125429168df359114a75708f769bef281ba71a310faa3c383e076c5
SHA512 1264ce78ec9852b444bf9e57741176f379d4b218021bb8f7e27cc49cd2301a6e69fe7e1a50ea73ff6f289f5e73de5a16045978e771166c033e99c9f96a133ead

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\13755

MD5 d7dbecbf0ca27b6cfc6f1b1975f9daa0
SHA1 baea9547735a49f390d0c547f1663eec8c8a23c5
SHA256 ae4e6a9fe9c7ea745bb58b474cbd55a18e8cfa98239287605c177986b4d57db6
SHA512 26fabc8d5e9466b223fd2d3c0cff8f113e08e22538d55f3e70549b37c1b1a52b18431bf0a230b5bbd81549e56c62e14afe1ec4aa13715cfa3c00a9e41c485c5f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\7224

MD5 d5561eafc3d1085fe1e5a1a2fb5db7ca
SHA1 b51e4687e62586262df417e2a68337e122b17329
SHA256 046312393b87a4fc312ed008637104aecfa400bb0fb0ada78aec2e393feca6f3
SHA512 8222eebf438f8f7dfa48df796546379dfd8b36e3e8bdd8ff65e3b26c56193c016bd59657c37f6a8274bb7d9bdeba952ebf25020409562e882e5053d3fcdde93f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\30083

MD5 f531a2ca50ea45815c088e870af2f2c0
SHA1 844aea45dc7549d5b493a005ff18a046590671fc
SHA256 46be8262ac83275fff75d26546d1561a4276ea8446594bb5c2c6be5e24d31877
SHA512 1c981ddc51a07cffb475b472c6a45b9d5d6a5e27ac38dedfd22ca9986f2e464dfbfbc3da8b40fad1beb31ad55e5e9f1c1f289bdb4bd7b2b5184ab782ff042061

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\26817

MD5 381b54667c7a87df35d5665ee6a1b2c5
SHA1 144f5d1bb81da04480a8c4b13d3784f293640b21
SHA256 42271737a6156952cd5bf1d34c25f64a3d2911da44ee4717e48ef624995f929a
SHA512 10285b1937e8998144d61451a1bcd5747cde700fd273df43b36aeaa2df1b93f7c01b874d76841fa2cfc370ecf7a122e2ed6ad13265aee5549ffcfa5b9a91b28e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\5427

MD5 f600464e45474532512b71d0a96d97ad
SHA1 8a8332aa4b624a8faca3b85c0579956024741f27
SHA256 353dbb5a3fff5103296772f2eff83d2776ac83df6247d0d3e7a163026584b887
SHA512 d192a6f5b9caa0339b026e897ff0f1124a056cf72dabb021190621745ad18ca58079f5e36af90db09b044efce4a0e6ccc06451685c12461cd71659b9a75e683c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\28747

MD5 6a3b9b2867cc7904131f80a599b679cb
SHA1 9602a252551f47bbbbb22695e44d8031164c544c
SHA256 2ec06ed7f8545f1c39221517a9ddefd3155d3dac393bbf756d53886e641c0c73
SHA512 f59884d6f7d2aff5e37726c41a574ff6a83b1f37998bec0a747f9e1a7b3f83c4a46a763005bf77681ce40452588f89074a9ad6c41cdb7a86a19235aa2c8f4555

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\2049

MD5 3097f20a3f50e0621c5fba7a4bc9a84c
SHA1 0b7e3e2310c6478a30353cd9242b0b5b913373a0
SHA256 030968b0f9b1ba6ea9e3d3378597c68e05f719ed161cc51228b1f025d268a7fa
SHA512 4dc9b8618e10fef7ec31669b765452ca9073e20222a3adf6cebc71f80e1dcaa4fe014818871fa25a28b34948701cc0a053817d9613ab91aae8ef34eda99a28b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\21755

MD5 3d2f825baf35dc032c79c5c98fbfb7fb
SHA1 39a248533f6e248b9e41d9445604860ed9937b99
SHA256 84340af399ad4956599e83f240455477aef911fc2c10dc31d7da235da7600392
SHA512 d7de701fb1edb3296b4691d3b609ecadc0bf62c215bda4fbca0f3379c5b13f7c3ca3cbff2f912d2e62bb5d81d41abb296a72d79edce808015e4fc51fa6836509

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\entries\66A1821858D2B19DDC1F3430B616866C7B53DDA8

MD5 0f8d7fd3b269ed264868bc3294d1b454
SHA1 25c274d6a2ae6b55f66d9db954ecef06c5560122
SHA256 51420540ba9904ce6f208e44f42da788fd9b686ed299afb1759dde1c814309fa
SHA512 d03034095dbbe777d9f0f7edea40d2f46aa1cbb84db75f7f770eea2c1456984c95089c47e583b7a2a1843b0fdd9de937d2de8e22391f052d76382b8ff30a2e4d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 06f71c0dbc6b41205127cdcb1b0c1aa4
SHA1 781e8702e2e39f7a8ee1b6b4608888bc88bf9002
SHA256 5ebcb1b529087c7dc9f9e3f9ffe0166e290f72173aaca54b642b384fa32b1d8a
SHA512 ac9486a439971c0fe16644f6f37971fac774c908c72f32be9ed5dac0662f10fa9411806f2d10f120aa7607da51354f3e6ed55cdb0e19670a5a9358f9244ab384

C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe:Zone.Identifier

MD5 87ed6bf4286943b86716926d09184ed8
SHA1 35f4f668a4a8e5c964cb4cc6a666eae1cb4e9bf4
SHA256 7dbb8214052e60fca4b64866ab876d64ac0eb2b21de977a4814a690ef4c9f407
SHA512 2d4dd128155c1523ca044fdc0a6d033bdcedb61cff00bc90768a19e579700e9ffab49f16ac4800ae0304df8ad1d93a1ed2d86480de682c52f1e548b769a9f4b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 faeb5de559b8cea87fb4292e7d709e8c
SHA1 de41729973dc27273c2375ef717d09d694e3981f
SHA256 c0c24677675ca255acf73a436c9bdf697b449ccc7417966f528c513d2a745eb2
SHA512 717f02b39f8e04749df6af2cec50e6581b86e1684987aab239d7f90a384391d6024bd2e6a96c896e804ae9027df2ccbce5c530df4ae126b2b8e2ea8b0a6b4c4b

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 94b17613b1f2a0ac442bcf1e6bb68499
SHA1 bc092dcf26e1a58fab756c30fab31a8c01f422af
SHA256 359a0a07d655beeb5736cb18553e5c643cd0e843c8166ee0d26a7aa35e5bffe8
SHA512 7c05b496442f50293115805cab3e3f957a40592d8006f20452c6f45632907f6b2b5973d87554aae89de2b7ef8c7e4504c713b3d559dbb0fa4bd10052d6eb5f5e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 effdc63ee5fc58c916aa24d90006c71b
SHA1 1d90e016821713bd3fbbc10301b0f1146e9893e7
SHA256 e1d1f42071103d28d6cae4c18f25acfe403f7262e578ff91702e611dde369eb5
SHA512 b07d3a90061f0867742818ad6fb6a64110e3ca8d3cf3a1e2292aed3a58fb12bb9272f6d0f8c2dd14af518fe65b8f5d538b4d4c6e744708a8bfe608acd34dbbaf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore.jsonlz4

MD5 c78135f93c0f091db3abf901841d3937
SHA1 dbdeaaaa386bd6385248e90a4380737dd5bcc15f
SHA256 7795082c05d7b0742e2b650caed626eb12e378ad790048463a5e535078fc50d5
SHA512 084b0eb6734e82654a4251008336758d352354673ece043c2df0e671615e4c5cf7ebca2c833ed5de48dc6888e65e121d197579bf5b51a7af22f19c5cfe270b90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionCheckpoints.json

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\prefs-1.js

MD5 55523b73a7af652bfabd70badb3e3e1c
SHA1 7ac18d164a585a6756ecebbb4df5e89eed7a8da5
SHA256 894615449ff84257a3a17a7d0b0d2a400269dda3c12b15de06bff3ad514908e6
SHA512 fb3454b52ff53b2771c9e771a1cdca319ee7ba924eabc65a0c00237242529aea4b743ac7017705071b150d1f12b2405af9875a2886235ef072ec070e61cc4048

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 17d4963bf85c0b2bfe90bb5e4f1d77e5
SHA1 30f5a4dc6025176ff8102c6c43af073a939017e0
SHA256 3f0e66ea54e93a63591352cfe92f985b44cc358b84789688aa9ac00e50ace762
SHA512 5f29d21413b8b06adc0be929fa49518b194c7bf504fdd44d8f7a0c2812d3e9e86a97912b308eac425722c490080f85c825f8d47ea814967514514945b7f59887

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 f29ac040aae372dabf98070a0b2c7753
SHA1 2ea533208891ec9d56e0aef20047a51949bc4437
SHA256 1363c951412aef318b8668848adc620250380fbbfd81a544c112ff4e380bc7ce
SHA512 5de8f839a8a7bac681b1659bde82cbdc4f59bef4635540a97f96f8b4e0455226f2c913aa704d0fad007779d3a09c8d5cf22330ba6c80635adcc433923c419541

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4fd2b552d864b7806d9b79beadc4904d
SHA1 0e21f07ecf2cb90c0e207c7229fcb11dc1148a04
SHA256 f94f0d79774e669573b594d616972441cd0b67775f1792231e8368abce66777b
SHA512 78572617384e59be59a611f4a4c45f76f98a5e0389c6e6886d1c882a21b80a883a7b0a6249d4239c2e7d82ca76d66545ef6ef360d0658ade1e92dd04bfac45a9

memory/5528-2242-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2241-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2240-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2246-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2248-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2247-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2252-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2251-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2250-0x000002168A070000-0x000002168A071000-memory.dmp

memory/5528-2249-0x000002168A070000-0x000002168A071000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 e674ccceae164afe9506dd350ff032f0
SHA1 dc5afb4adb226071e6a2c8cf4af80f2b854f40b3
SHA256 7a60531720d2ea93e610e9d38113368848fef29fc1713492f8f948611202a336
SHA512 640352f987a29ffa143cd59f75360f95d0a9566f64a2bc604d3be9a4d354b8b57b66c5a62f3342909a6afb0de9848ba68eacea92f86f01cbafed77ec21201b33

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 ba2050d1d160e5560cb695b1eed9ac59
SHA1 1e148ff65bee8bcc16e6bf2226556f43ea579847
SHA256 dc270829ad0c6a0d664c93538d2960fb2c0ad2e08c4744d8e029acd06e20c1f7
SHA512 30c8355336aeebba51675fdf3c18785e6ce914151d7c5272cea133af1180178bc94ae6a26d121241b444089d649897be91b002aa68a000dcd01f8393270a3014

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 61874b0117140531eb03b3f2e731dc45
SHA1 3e004811682ad18f2777bb06447e1c85f82b59f0
SHA256 d54b366880f2975ae5ec41095ca5ea427475468351b6d2e9000727ce74044fd8
SHA512 b8605d515a45eeb6f89ef73b686151c0e4f96afb79507fb6a9fcdb4036ae91d219b39eda4ddc57bd68953aa6d1bc4ee68b3552f62fd1f3952e69d2f1a5d9aeee

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 16846df493521e84fe47cd6b6451ec8f
SHA1 6d99eb017c5aec08d3a7e908bbd4a051ce250c02
SHA256 69f19f2ab2f3625faca623477864766ab1ef3a21712bc892d7b2b0886585b3f9
SHA512 aefa5121601b8273cff6b79b7f76417c71e29e835b66faf3e1a67d0d38fb9ebe90320b75493fd5c4a2d9ea3e3c485d0a84bcdbfb78c26a8ecee3175cd8bd93cd

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 9e466b4837d8431be725d6b9c1b4d9ef
SHA1 3f247b7c89985a41d839cad351cd0fc182fcb284
SHA256 2f9a5eeb5ac8cec52a3e73621e4d392f501f5d657dfec3215ccd40eec317208d
SHA512 01de0fda555d63b5c38339b0f6d38c28de2a882643439679e63cf5d75f13516b57dc90e8dfb8c638bda328fc12342e58d1e501acec8f85b92dbd5589dac06418

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 c1dd5724ed3e7789628a1cf5b6772af7
SHA1 9d3ae780f055cf0893a94a2187c9c0fd0b4d92f4
SHA256 d1c3984644bdb3ae39c614bea73abaedfb02d4857a6ef2914820b7c1f814cf8a
SHA512 bdbc2f04fc3e7d88bd80e7ee8709e9f2f8cf7bd7b1a6f222345b61a7f2fdce0b32a786b3b8c413b8619b711d008553b2a8d4a614012b2cee21fc39866183c42c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

MD5 e45d71f471e83c1f615ca9af23e9b280
SHA1 69c79d178961d6da9960063aa4bdce231f402615
SHA256 b843463d9b416a46d2a70918558f57ba46c78837f7c40bf3eadffaa9c4fe0155
SHA512 2f92d9aa2ffe7754af1eec4106865b20e56449e2e3c1de4865c1faf45b4e269721a1a9e2c8d010f88c8f252bd7e46877bb80ce293070bf2828b6044c6bd26ea0

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 013e14b73969b006436b9a5af7ded556
SHA1 f7a1c93c1e1dae62734ed078d744b10757bc6d9a
SHA256 0dc60ca730efd4032a128e881886813af6a07210ab759a84ca2abffbbce1490b
SHA512 c8f27ced0261ad8c8d39afd48c97425dd774f6d4bf28e6be1fd0066188bdfd8e0fbde6a08eac8988d436edae46e6e68115e3c5017b040403b85aa81fa9a7b3ba

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 89e09af8491b3835f35fe9ea45e0993c
SHA1 6992774aacf2d5cef09f3443fde7118aa6f4dfd9
SHA256 76114b672454da06c5f257788754f8e0c9e5214c50664b1980cb210b45138e4e
SHA512 8fcad38833638112eed65948490c64c098e08bc3f911f066555859f1e20b92589f8a7ca572d8e9565154dcb2edbc4fbc84ac742996342d3c28671136550986cb

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411_x64\Java3BillDevices.png

MD5 8e52efc6798ed074072f527309a1ba25
SHA1 347d4c6b4f92e7315d9b199a97dd5cf7d86b2431
SHA256 12491ebc4eb99bf014d3bc44f770114bde013e84cbec2633303559a8c6e5f991
SHA512 0653c6e7f94ac36fe555db3eda8465f99d17cdbab91ea6413c6bd68dbbbb4db5df06e5d62768f6f4dfcef8d207d771e0b6924adfe403b92729bc4c5689e4fca7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 8d27deab4b17a749076a11a302048e80
SHA1 18985941a25be3894270d666991b0c65245547b3
SHA256 07b69a641dfabb47934d8ab989307e77f8dfa20c71d8bb0fde73e912387fb6f2
SHA512 d150b4e9356ee1a1f349ffc8661dad04ea062c89261f6b779ae3aa2c0677a021b2d6e7d973286aaf7c31b07b49151037e952d1f224b2aaf18d8705637bea2ddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 b898713af42b97ac157363e87480cec0
SHA1 8c4b851a5ef918a0293e8bfdb295677950946637
SHA256 11baf600ee7b500ef92de8c2203b934b6bd572ea50064b23eeb90c5f5389e308
SHA512 bcb2bcf1cc07522ab8ca9d95143198e0f9a8e5a70ddd09ba4c016c77c419ed8889ae12236bc10c02e9fa4fe31156c7ecbbb8d8bf50fefb35ef892429d5058546

C:\Users\Admin\Downloads\SKlauncher-3.2.exe

MD5 b63468dd118dfbca5ef7967ba344e0e3
SHA1 2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512 007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548

memory/4684-2574-0x000002C514DA0000-0x000002C514DA1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 4e8f7dc26c0feff806e3fd9918e7e6b5
SHA1 c299099edcc9da9221b76997ab2b6b2da3a6abbe
SHA256 92ae1a57037bf10b01b49baaacadef9705078f041bef8a7ff959e6269aed34c2
SHA512 2e8f0eb742dc98aef5328d168fbb85f76cbc34da505b4a63dacba115bae7830f1b7a0e34403af8ac8b231e66a156fb86c50c207d07ff03bf5a0fd4af64d76b74

memory/4012-2587-0x000001C69C470000-0x000001C69C471000-memory.dmp

memory/3336-2600-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2604-0x0000000002510000-0x0000000002511000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-11339012800500.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/3336-2638-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2679-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2694-0x0000000002510000-0x0000000002511000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 5b0bfa78154b1c57ab68574af285fc6f
SHA1 bf9f6b357352f81a2e4427c4e5d839b89b32d3b7
SHA256 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f
SHA512 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26

memory/3336-2733-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2777-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2775-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2794-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2798-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2802-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3336-2805-0x0000000002510000-0x0000000002511000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF8888973284665396977.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

C:\Users\Admin\AppData\Local\Temp\e4jCFF2.tmp_dir1714870032\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF1642459026155381168.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna559130284357192654.dll

MD5 719d6ba1946c25aa61ce82f90d77ffd5
SHA1 94d2191378cac5719daecc826fc116816284c406
SHA256 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

C:\Users\Admin\AppData\Local\Temp\+JXF6817093851101578341.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d22039bc7833a3a27231b8eb834f70
SHA1 79c4290a2894b0e973d3c4b297fad74ef45607bb
SHA256 402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6
SHA512 c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

\??\pipe\LOCAL\crashpad_4172_UDMCMNILKOOVAZHJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 046d49efac191159051a8b2dea884f79
SHA1 d0cf8dc3bc6a23bf2395940cefcaad1565234a3a
SHA256 00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7
SHA512 46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eea8a7e9c19efbd7076da57bb4a5b5ee
SHA1 f7b2bb7b44d45af45a166733242bc639dcefbd4e
SHA256 42a98fe105005e83c362ec5c3b4c303e36e8ef8e186a11bfc5515b5f9eebdd31
SHA512 8b1c01154bc577ee7dbf6199c20399988e80a09b9a02a67b4950c11d6ad3b63fb041f752a656120ab1b869bb3acf49c79b74278c23247008de0aed814f2a47c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6190bc8757c05ad6359d89cde3182689
SHA1 55bf34d774e9ac39f0c2c6c39715626342d7da0b
SHA256 0b3364158ff5038f517c12062458f4da795c50e0c791cd2022dfea4bf84253ca
SHA512 710901fac92bbe6c0a3cd3d19a35489d9e79f2d13ad3c5ab74ca20a3a37c7e3c37b3cb75c5ea20327c13f067da5b2c9fe3e54dea2ce867c9a774e528f8ac80d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1f44f63a157bedb3c949472a7499fbd
SHA1 ccb4a3dab781b671d6c178545cf7e70681815f26
SHA256 6c979db44bc877370019acd6789a987e7cc42206c3e9b2d1a6bbd74f4dca6299
SHA512 2e09382b9743a51eea971ddc44cb72b2747beee1a6f53a541113749024820c03c0e767ff75da2dadcbdd793691ce074d45d08aa255438ce51a97b97fe941437e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d7bc2a6d93dea7031918f2782cec70e
SHA1 53bd44c48383436166101ca3b653880c60d5d549
SHA256 671ed683bb8327b5f3fce9e2cdd76eb73dcbc2baa5477a54b50315aa08076edb
SHA512 d3e764df0214078894f7a277df36fb1440bd09fa914a7789f75aec5bc9ff0bc6a7b7b2827f76773e2fee0c53343897e565d42455e4ae6b1df1ae436412206186

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b154d8f518e4936ee67640fc631174a
SHA1 ddc91b19c1194e016fcfa4689b5d4776b4fe23f7
SHA256 2ffc9a7053e6a8158f1eef8c660d6bbf3ea8548bdcda47db13c1907b7e65114a
SHA512 05e6895a3ce44dcf33e24c211a1a2921088b8de6f10af78c84722cbfbde88f1f9ae95f493e4e97b11338dc8c35879a48e53e65354ac2f5d3474f041941d6c174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8f71117ecb26c846bc8c616a9a834f23
SHA1 5957a7ba712dc1f4d518b350807698e873e6a301
SHA256 c83292ae6f4706e556458234b387aa2288569a4bbe3a2ce0746afa3aa593dd0c
SHA512 ec1d130d7c7ef37e818659fc85085124bbe67302604a6d4edfb6bce83c60cbf6f3bd8287ee7d7367155f978586fa0f5ad18a10a3ac789f78d8018911f46fec5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd8b671f2e56d333b7f8419a94876554
SHA1 4f173244b19b96320e869b622fd18358bdf2a832
SHA256 1e81d1e16cd294b5696971293eeaa453b6f50b551b8f96fd382db59769c378e3
SHA512 6514501bfe9988b308518e878b8ccd8611c2d5d4df714de5b123ef0ea79d71dff1ff7c873d6485e31b0cd97df8b19eef1a247fba67a6250a1a4a6575fadd3f4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe63114b.TMP

MD5 006a07faf724701542c944043d47f44f
SHA1 daecab286a717942a07e42c685af635b8941cefa
SHA256 6314555a5d183f265c79d117723df4e558aec16884e09eace8d75815206ec741
SHA512 a693822c33dcb0ffcd788549f4afa3bc760fbf31280e02f4e5558652d4578eff72082222bb683d98bac04776f58e932ed40e86c68225d1cfa6395ceb2848c25b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24ec2d3eace32bbe801d01739685005d
SHA1 51a72ebb8633bb918ac71258ad78974a18d12468
SHA256 8e2f671e070a69d97257201a10684225d13afdfcb326b9d60cb9ceb11017a9e1
SHA512 adf100cee4db2f77239d6416d9a598e8d0e4484afd34ad648eb61c55df375425753f3c91156ae0b52796d225f6e648fe93c6a343670a9ad7f5cda719e1bed282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 70371a8967a6224d36882bfdf9102c56
SHA1 7ca91ebe1bcfe6c4651aaf916a2cfde6972dccbb
SHA256 dedffd53d0c986d2dd57186ea7c28826eb9733421f7586c251cf44679dee43c3
SHA512 6a71dbb757ee49713fa7cf740e8bb102a4ce5553c0c73d5279eb9f33907e91d6809f6e0d1a029a601c959aba8f8692668ce289462df7e280a42868848204b8f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 43c8b8293bde6db1a080af2e40d98597
SHA1 304c0857d74a6ba7e21f64d1a3dff95000059690
SHA256 dfec5f228616fe1ad5ff793c0d27e0f13295e98b436f7352afea7777ac110c2a
SHA512 3ebf6080d64a50fd36b908ba64ca235f2d79344214cfa8ebfa80403a16a6a444825de3b6253f4005eae1707c3ff1860c4afaf00b1011ac967dc0170abd6d1859

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb03fd0ac98ae1152640a43f72c23708
SHA1 8c4b6fdbfcc07e167d0b23c75560de75500bad7f
SHA256 6d9c0870e501c061d52a004f6d8a582b7a70bbb22e018d75b9b7152176856ddd
SHA512 a7584db10e63840f2cac1cd7946f09f27b9d0bea239c1959da09030dc158f85bfe9bbeaf71f936acc127c228000a23734aa9d449f5eb03c65a6fe70ee21d760c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e490e47e1667e714e2f083428f1bbd4
SHA1 5d796f30619c8e93ff76123cdd08ba3e07225b00
SHA256 25e65a523c05fa48e3fb20e4ec98ae28961aff706491b9754c1510e272441c6b
SHA512 5b644be71cf1eb25f16caf48e8f64bd072523454cb01f7d32705c911c939494568e30dc7740a569947ab88f5b61a79fcdd1def02d01a746e5d4b2a755f185835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 36416c0e92406ede75d24fc115ef4522
SHA1 ef93e1b0188f0559a750fa1a178e7fb11c0bb692
SHA256 80cf792a4c1b66ce48ae95402018a81dab1168ba47fb287d4c1f5f85c10ae33a
SHA512 77c509af5381d131a16fca075d7838bde7afab497932e9454ceaf12aa65dc5ca01e5addaef9c459d7f45bc62da116e528ea085ed42cbb8629a1882bb5667103c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9fdbc5486027969573632502b06f7cb0
SHA1 19e713dfa6cd84c36041f348160b63cf67c0243e
SHA256 f5d0a31c6c127d61ac27317f94fbfe2841065107d172e040c25556f86770341e
SHA512 41a35eca930ff271858905b7eb4b32079c3c48f547d16ffee8373e5922aff58cca2e2176e5cb67b6725988db474fe05253cd72971bcb9fcc67bb3f0856b10067

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a76d184674e7b2e050df178d35032774
SHA1 d773fb62e855eea3153dba1336568a973f15e951
SHA256 c22bcb62a730a21e42b1792ff8eed1310f150a2dc62f02af97a3c1d7987b0bc5
SHA512 0ec1991b7e48ab3004fbf38b503ac3ee20a74993f90cd3e5599242ed9124e2e081c3b90d7d7318c46fe9e40487d4dbb8dc3818e3245e73d0dbc96cacb946d486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 88d13354d32c4bd2de969003c239e3b1
SHA1 720a48058d5ce6c8730f8fb7e32fa8ffcaae23b1
SHA256 0c7dc38fd7c3f18e13a7ccf91176da05d7eb081bf302151ad22769a00725af41
SHA512 db5f4924cb8978cdba92d30362e73ec545f37b431ed3cd6fb957a09574feef3d0e618f25e1c197ba6df902d25c93da98ea4d024d769468bd78317b24942f17d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 314ce4854c635502dce280bdea6c9f93
SHA1 188123e49b6529e106d446d90bbeaf480a0e70e8
SHA256 0227d44e6980e687b0c322198fd44f6565aaeff9f5e832e6f621282881bedc6b
SHA512 3bcb5aaacf5114e6840cb5c5c393887c9c3199ef9432c488f219bd7ff4880684ab9b6fc5849d544220469dee044e6b4aaed52d6496dfec6da3ff8e38dab45c6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 183c4b00e5fed71e7c33616736152452
SHA1 98ca05d06025eab458402a6288cfbedc7074060a
SHA256 7eea8a6117ec998acface518432caf59993a4dab99ca07afb680dd892bd24794
SHA512 0666e7dd6116ba6eddc8c58c4e086482117cea81bfedecc0dedc4e5d3bfcd7375c7c7e6227517c9ee1a4b65fc06a972c2545ba1a95027b16b322579253c7f6b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed69ad8b459377b4d9449c4181caa8fc
SHA1 cce14542cf2ff99388126c366c9fabd9beb69c90
SHA256 6843ddf871b74a6ac7daa47821c18187c0d98779def9772bbcd9c72cb5bb98eb
SHA512 bd7f8c3b5f62db60e94c483bfbbe7fd6e96df028ceb918589ba52e6d9ef46720a3c508c642b628c05209a579af41de78366f0fb5f22b3c42df7353fec7011038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0b6272e936e88511269968fca195ef9
SHA1 01ea2d8204c656b3e0be01298f6af6e91a5ae27f
SHA256 f4e79b30c66fb11370d3fa5ec117ed5a28d9fa35b010accf4383cfca26a4af5b
SHA512 2f4afcd26fb84d7b85097c9470a5857bb4695bce50d1741dd048e2e0f7331378fedbd2c36e95f8254df87c3869861263692c67b3ef05c1a4fd45227e1c14637d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b6d46883e9597ed7db6051025f2f060
SHA1 ff94aaaaca9a0009f9737944cfe55e15eb6b452c
SHA256 fbd29c160837f2882fc4179b48b14550832293f930716185c33a3c51624a199b
SHA512 cc13ef394f80b8d14282cbef5bf60fb5850b725e17d07145385e650023b73ba5a5ab95d3812baac1a92efd6d165650b2de67e705440af157f321f4868091b49b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be927f85ce95ca080ca605d50d664418
SHA1 200736d97106241af887baa9ed3200d508a4a077
SHA256 fc2200c1e8c24341cfa3b529f4a74b598a7853a86b7b5e9bf79798751d9565e9
SHA512 50fa895b85ad144766a0f9872a3d2256cbd00d3ba12586da6c2935c1da24449389025d082f628c0f89ed804014bb11acea8a2cd8a8036c2077a286dcf9b14722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 ad41c0bf481fc026fb5dd7bc5d42a587
SHA1 8d76e29ea2a0756681e4a018d06b941fc690c4fd
SHA256 2205a91208045c5071d38404e02305882d7920beeb6ac0aa56f52e63bd30eae8
SHA512 649bd4b3c4858566d6862a276d595b75b4ac8489559df676cf4275edfc6073013b9880dd59c12a43aba9c878542bb232e13188c9c74d46092cbba31dc49d63d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 5ab2d1f8cd709d40a8ea424bb51be98e
SHA1 5423cdf5c8eb1f57c0c330617cf2277b1283b6b4
SHA256 bfda89ab36691c4c6e8e8db2ee2b4bdccdb4d624410d97889f82c31d176facea
SHA512 912b41117f1603d903848822ad61bea5f9561c95049c1c689cb36be40f2cb58f7cc92fae4fd8b47297a127e816c657afa7bbbb3c087c21d80d9bc31639237dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 c53e50cf82e1e78fc6f29a2c0317fc19
SHA1 2aa1ed2bb65c86e3c45a5f579f11fac97a87a1bf
SHA256 39dae79c2fd99a92f5a2b17adc1fffbd11d299fd0cccb4ff19f30fe4764c825b
SHA512 b733a04951d4c7c28c915a246ad22c3847f8add63a5845d7ec2c5b42f30b805d7a2ea46d55778d5747217bae79e4221f9ed96ea8ae409a3074d2961fbba1b9e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f03bd4abe7929507739ca8097b7b9afe
SHA1 35bd6d43cc5c6f4105c42b0eba3b8c2c1959f1f2
SHA256 1dab8ed1224aab6ad96c08f415267c15adaacd6d547168319e53d0a636df7335
SHA512 8c8db6ee6822b0e02ca527408227b488ac612f212d6fb1a99d670f035286c37e08299752026d2e555fa552001c448398ead9f7fc3f1129714ec5558154f65109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b2bf4cc7e057533a5d59861f48d51508
SHA1 905794381e0bcda1ab603763dbf636b62ee2087b
SHA256 499038e57032d7f59283ba1215dc7cc240f98eb62d2f35dc3302bb05ea2f3774
SHA512 c159172980508a3a3fb9b298423aa2a0f9207ab1d1b6239e298a5817fc22db2c5a741e88712d6d90ce9de5f9e6291720d7b1bfd56faa1f36cfb1713792f6c478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c93c43369482ab2c9335c6a76cef128c
SHA1 30aefeecd2e7739e2cb58e8778f57b5d4288fa2d
SHA256 08cf8448340abc8ee631ba2bc4b19e38c32e029c0c4ad059298090256fd900ed
SHA512 86e85d48bd0ffe979dd216e67643a2f7f2b65edc9cb72d220ec92438bc46ffa480b704cab9de28c10a6f49f892dde1a72d78b3b294abf06a8b39a46e122c7941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b1552219ea3a082caf4eb7896df366c5
SHA1 3672137df39a9a8fcfa33d483579b35c8757ba83
SHA256 80266118a549b9a2eac30499372adef4407f5745623eb97862d6e4760b833c75
SHA512 c82d9eb6f1cd0be33b8cfc5291fe6c0542952ca1903164b9644bbf86da09d7e2f92a1233167b333bd61a6f3920f26eadb7c9600b7bba863bd8a0c36d96aeeb2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe65d760.TMP

MD5 ed750ba2c7df69fd7ca02c3b7a32b8ba
SHA1 f4a8f4beefd8b60da567727d7c60997ed7e86efa
SHA256 6d69540add823a7300f9dc2ab8e6ff2eb29812f00cbe33155cdef83a532faa76
SHA512 771768851ed45f80576ed25191035a7b50157a499a5d7df2bc936ca513b08550c5c0d515b87c4d55cbd249c29f3802700ea5b51ce8bf00211a68b771a180e6b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fffbbb21bf05ea3c5716c066e8dc404a
SHA1 fbb36a4079bf5d2b3a00da759324ff46408cbb52
SHA256 2b5a30a9699e734c2fee52e1048f25f72f33dbb6e528a36bfde96a3667873809
SHA512 0515f2db7e7f322239a635926623053e0f41a121569cd2896c1407830448692da80f1007d5e994ba031ad9e63a9493ee6e2a3db3f71b87a07faa0e98c7a3f92a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90b6a5a1196cc1ba72ee786e39f534cf
SHA1 c0082466b48d88be8c1b538cb3c9a827fc4dbe96
SHA256 60884bd015eecfcc4fa0bd6d7e0615ae28a8569acbdfe7e744193017093e4af8
SHA512 3e85ecb9a1d04fff69dc5557aa6c41e8f82ffbb94e8ae97d1c133df2b4f1b2e25d1808fead8f2ca09494a68e6bce329db1752dac141e4df3550959969d59b0d6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 0fce2b4a5f943ccf83fc2fd47b61ac36
SHA1 5246089bb23f8ec15d9f56c243b2367473eb3779
SHA256 c825a6ed175b65ddc8d745cec7917cbab307a054e0bc83f06b434ccac29df7d5
SHA512 4f5bda0d4da65d08d0c8d183d3659d984f96de8300a101e974ede1b33f913ac001e81a7b90abbc6327c35da42a94811e45cc9484171f5379befbbf1fac9d30d0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 ac14847f207013f08db2aace6faf88b9
SHA1 1333a1c85d7015fc82681fd67b49b2d75743b7fe
SHA256 427bb100cfd5fc918062c1cd5d9fd6813ceda5d421538aa72f7d98d891359ce8
SHA512 f908995e20eaf299eb5925d91f99bff703b03e4a7866bdb232b202971e773fe71dbc7f079980aac78b089ae2a589467e7526426beaf0ea190944a4d13e86a5d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5bd68965a7b5a2d00b952ef2589a3d2a
SHA1 5266be421685633d6b907baab13bbd7a6effbb41
SHA256 3dad366344032288961cdd303a40e09d025d11840a8fef081fa501fae2914d02
SHA512 96bb6c5b31d8c03e6452c9060c415861f34a6c282e88fec37322cbc3059bb05323fcab85acf2876e4c00e5667e6b0f36ff834975191e1cf2b51818c451024f3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe66268a.TMP

MD5 34a758c4e3ddca7d2afdf2d6dea7b76a
SHA1 d70db1cf8402870aade0e4af86d68869dffc3ce5
SHA256 8b1c8361711a6651b5a83854972c61aebb51bd25150cf03bb0d19223361d7b8d
SHA512 318ffc7be512bbc86831c8761470e5cf2cd8300a587b1c699b67de85573d641396ca4e91ec6e5873df44fc4adc73fe6be587dade2a44629549374439077b821e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 af4a03ecd1e47ac27a20bf947c5acff2
SHA1 48dc5047fe847bf7c1e2c8e7744acf793b3da256
SHA256 21155314de9d4debc7306bdf1566b569393cbd417219ab57a2d221fedbb6324f
SHA512 672e7a230afc22d615f65ba56acf0571681901e1c0776af842c3dc321d3c308563c32e0d275b6600b16d16389298012a3d80e0cc7738d4dff4803a64af4bf8e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71275a5b4a32989dbdd4a75b764973d1
SHA1 77058c60b89ca25a594026b9e27d927b716f62e1
SHA256 d7e9d2ddcb2ad28e9ab367af373bf3bc2c22a6453e2b91b5462617debc634167
SHA512 52e3059823ae63721593856ae74db2573d25913367ab69b4469ed8e5a21bf7ba98d08794e219aca20f0a98e94ebe61b3b91b7048e9f1cd76097186dc0a2d61af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c21e1b29-9877-4f1f-85c3-c8e899998aad\index-dir\the-real-index

MD5 e2a5346e61f5894a35ccf90865c6657d
SHA1 0ca043d8f59c8957c0e2fa1e526b4ee3a6a8590a
SHA256 bf7cd5a7e90187e077a8278f4879bf9b8a48f3b3b8f8079eb40b9158725da5ed
SHA512 23a574b2eea00cd9494463f978f7b02d79ce3a736e3a31c1c3f5c2f3525e2ff241795be1abd8c3c18c0c6ab73e570cea1d2a23bc9448dbf49d73d70cc8237c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1d225ed18bb912d6d870f3c2fad62c4b
SHA1 22727190fea660697321ee9cc5b0dd85caa597fa
SHA256 7465860514b4f420ae1a3d93f0c7a7184c530b7eb7cd4af2fcf371d94b73fdfa
SHA512 0273574ca8d88b1ca89b96bbffd153e75ac0542fc7c168e43fcbf83a4299163fdfc4b3ed2dbafa144d4036b77066f7897f7cf2e8dce44e9fbce692aa4947b3de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c21e1b29-9877-4f1f-85c3-c8e899998aad\index-dir\the-real-index~RFe66406b.TMP

MD5 d4f3f6e1de49e273086f8372ede89d1d
SHA1 400f303542bff704bfe7af8b69e846068e99f484
SHA256 cdc8e9bef522ad3737cfd49a7725869838ecff6451ee92a7dcd6afec5cfecb03
SHA512 70704ebd4161319b583675b6c2207c2175bb2e00c298d567d3ba3a51f42cc411a2b9d6a677fe865581f30dc9a13d771dd75066ec3b7ef9589d6cffa574f0532e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 eea0b77ccb5d900f3ea52b21c49118f5
SHA1 5645598b1f250d1b1dddd303b24eb8d78e19d066
SHA256 5ccc2f349de58c59aa77954c87d47d529e6232c6635981601afa3d16b00418d7
SHA512 2db56f9ff5aa3e4457524e007ab58f599445fd3a24cb8a8baae5c90f37dd609c9d8b079822bc0f2cf6877ea7f55f6ea63fab8ddd389a06dda4c35f4d00db3372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c21e1b29-9877-4f1f-85c3-c8e899998aad\index-dir\the-real-index

MD5 238b3d93f432d4ff9b83e3f20efe7360
SHA1 72acc011d6d3e3c4380b7fd6db309b8a6e519b4b
SHA256 5f45515331f91a59656eb33ba1e4983df7c9624f2bf7e7c6837477fd1aad6a31
SHA512 74a0d7241771997f93650bc2e43125e748506ccee797b3d28f5d9fd507cd41e1fb1e73a76bf2894f4ff28d6989b26b487fc796adef2ec8d29fb538d294a27d16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ad2f3d2f4498044a59f6defe67598300
SHA1 b3117759dc6280324e1d973889e1f93516bfd40c
SHA256 1517a30caa8a16fdb72fb35757ee7e40df328389bae36399c9e1dfdf99735d7d
SHA512 a3b972616fa3a110e440d3774dc560e05e41b157ccdc46ad1eaded7ebf28a8412086e1209709baf26026bb882f55588b58101f79d0a305b16bbd5522eb329e72