lumma | ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
944s
max time network
947s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12-03-2023 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta.exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

10^/10

lumma discovery persistence spyware stealer upx

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

MSAGENT.EXEtv_enua.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

KrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeTLauncher-2.876-Installer-1.0.6-global.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exekrnl_beta.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	TLauncher-2.876-Installer-1.0.6-global.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	AdditionalExecuteTL.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	krnl_beta.exe

Executes dropped EXE 22 IoCs

Processes:

7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeMSAGENT.EXEtv_enua.exeAgentSvr.exeBonziBDY_4.EXEAgentSvr.exeTLauncher-2.876-Installer-1.0.6-global.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exe

pid	process
1884	7za.exe
2240	7za.exe
1704	KrnlUI.exe
828	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1804	MSAGENT.EXE
5076	tv_enua.exe
5916	AgentSvr.exe
2656	BonziBDY_4.EXE
3768	AgentSvr.exe
5668	TLauncher-2.876-Installer-1.0.6-global.exe
2132	irsetup.exe
112	AdditionalExecuteTL.exe
5132	irsetup.exe
5352	opera-installer-bro.exe
1356	opera-installer-bro.exe
4656	opera-installer-bro.exe
5180	opera-installer-bro.exe
6140	opera-installer-bro.exe

Loads dropped DLL 64 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeBonziBuddy432.exe

pid	process
644	krnl_beta.exe
644	krnl_beta.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe
3300	BonziBuddy432.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/2132-7419-0x0000000000120000-0x0000000000508000-memory.dmp	upx
behavioral2/memory/2132-7800-0x0000000000120000-0x0000000000508000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral2/memory/5132-7847-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral2/memory/5132-7898-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
behavioral2/memory/5352-7897-0x00000000001E0000-0x000000000072A000-memory.dmp	upx
behavioral2/memory/1356-7899-0x00000000001E0000-0x000000000072A000-memory.dmp	upx
behavioral2/memory/4656-7904-0x0000000000D00000-0x000000000124A000-memory.dmp	upx
behavioral2/memory/5180-7926-0x00000000001E0000-0x000000000072A000-memory.dmp	upx
behavioral2/memory/6140-7936-0x00000000001E0000-0x000000000072A000-memory.dmp	upx
behavioral2/memory/2132-8037-0x0000000000120000-0x0000000000508000-memory.dmp	upx
behavioral2/memory/2132-9163-0x0000000000120000-0x0000000000508000-memory.dmp	upx
behavioral2/memory/2132-9630-0x0000000000120000-0x0000000000508000-memory.dmp	upx
behavioral2/memory/2132-9928-0x0000000000120000-0x0000000000508000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

tv_enua.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

opera-installer-bro.exeopera-installer-bro.exe

description ioc process

File opened (read-only) \??\D: opera-installer-bro.exe
File opened (read-only) \??\D: opera-installer-bro.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

description	ioc	process
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe

Drops file in System32 directory 3 IoCs

Processes:

tv_enua.exe

description	ioc	process
File created	C:\Windows\SysWOW64\SETCF3B.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\SETCF3B.tmp	tv_enua.exe

Drops file in Program Files directory 64 IoCs

Processes:

BonziBuddy432.exeBonziBDY_4.EXE

description	ioc	process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\registry.reg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\test.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sites.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Uninstall.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\s1.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\favicon.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp	BonziBDY_4.EXE
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg	BonziBuddy432.exe

Drops file in Windows directory 56 IoCs

Processes:

BonziBuddy432.exeMSAGENT.EXEtv_enua.exe

description	ioc	process
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETCF2A.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETC301.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC313.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETCF08.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File created	C:\Windows\msagent\SETC314.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETCEF8.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC377.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETC377.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SETCF2A.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETC312.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC336.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETC337.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SETC389.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETCF08.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETC312.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETC324.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETC338.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SETCF19.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETC313.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC324.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETC335.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC337.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETC3B9.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SETCF1A.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETC335.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SETC389.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETCEF8.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SETCF19.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETC301.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETC3B9.tmp	MSAGENT.EXE
File created	C:\Windows\fonts\SETCF1A.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETC336.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETC378.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File created	C:\Windows\INF\SETC338.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETC314.tmp	MSAGENT.EXE
File created	C:\Windows\help\SETC378.tmp	MSAGENT.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

BonziBuddy432.exeBonziBDY_4.EXEregsvr32.exeAgentSvr.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{643F1353-1D07-11CE-9E52-0000C0554C0A}\1.0\FLAGS\ = "2"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{972DE6C3-8B09-11D2-B652-A1FD6CC34260}\ = "_ISkinFormEvents"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD7-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{972DE6C3-8B09-11D2-B652-A1FD6CC34260}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1B2D240-744C-11CE-9430-0000C0C14E92}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{643F1353-1D07-11CE-9E52-0000C0554C0A}\1.0\0	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1354-1D07-11CE-9E52-0000C0554C0A}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComTransitions.1	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\ = "ImageListEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E27A70-69F0-11CE-9425-0000C0C14E92}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6CFC9BA2-FE87-11D2-9DCF-ED29FAFE371D}\VersionIndependentProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\1\ = "&Load Skin,0,2"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPopup.1	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPopup.1\CLSID\ = "{CA478DA1-3920-11D3-9DD0-8067E4A06603}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F59C2A4-4C01-4451-BE5B-09787B123A5E}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\TypeLib	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F68-055F-11D4-8F9B-00104BA312D6}\Forward\ = "{22DF5084-12BC-4C98-8044-4FAD06F4119A}"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{311CFF50-3889-11CE-9E52-0000C0554C0A}\ = "ISSTask"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DED86423-10D4-4CE1-8C84-9C9EC1B43364}\LocalServer32	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPanel.1\CLSID\ = "{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar\CurVer\ = "MSComctlLib.Toolbar.2"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\ = "IToolbar"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4F2C1F0-6FA6-11CE-942A-0000C0C14E92}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A1-C5AE-11D2-8D1B-00104B9E072A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F8C-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\ProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\ProxyStubClsid	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon.3\CLSID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCommand\CLSID\ = "{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\ProgID\ = "BonziCHECKERS.BonziCHECKERSControl"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1\ = "132497"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\TypeLib\ = "{643F1353-1D07-11CE-9E52-0000C0554C0A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6549F504-C43A-43F3-B8CD-D077AF0427C8}\ProxyStubClsid32	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F68-055F-11D4-8F9B-00104BA312D6}	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E27A70-69F0-11CE-9425-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD33B25E-E99D-40C3-B5C5-7F5C3F130777}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\ = "IToolbarEvents"	BonziBuddy432.exe

NTFS ADS 3 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bon(1).zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

CefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exemsedge.exemsedge.exe

pid	process
828	CefSharp.BrowserSubprocess.exe
828	CefSharp.BrowserSubprocess.exe
1704	KrnlUI.exe
2744	CefSharp.BrowserSubprocess.exe
2744	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
4884	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1140	CefSharp.BrowserSubprocess.exe
1704	KrnlUI.exe
1704	KrnlUI.exe
1624	msedge.exe
1624	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

description	pid	process
Token: SeDebugPrivilege	644	krnl_beta.exe
Token: SeRestorePrivilege	1884	7za.exe
Token: 35	1884	7za.exe
Token: SeSecurityPrivilege	1884	7za.exe
Token: SeSecurityPrivilege	1884	7za.exe
Token: SeRestorePrivilege	2240	7za.exe
Token: 35	2240	7za.exe
Token: SeSecurityPrivilege	2240	7za.exe
Token: SeSecurityPrivilege	2240	7za.exe
Token: SeDebugPrivilege	828	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeDebugPrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeDebugPrivilege	2744	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	4884	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeDebugPrivilege	3632	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe
Token: SeShutdownPrivilege	1704	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1704	KrnlUI.exe

Suspicious use of FindShellTrayWindow 14 IoCs

Processes:

KrnlUI.exemsedge.exefirefox.exe7zG.exe7zG.exeAgentSvr.exeirsetup.exe

pid	process
1704	KrnlUI.exe
2952	msedge.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
4044	7zG.exe
2716	7zG.exe
3768	AgentSvr.exe
3768	AgentSvr.exe
3244	firefox.exe
3244	firefox.exe
2132	irsetup.exe
2132	irsetup.exe

Suspicious use of SendNotifyMessage 7 IoCs

Processes:

firefox.exeAgentSvr.exe

pid process

3244 firefox.exe
3244 firefox.exe
3244 firefox.exe
3768 AgentSvr.exe
3768 AgentSvr.exe
3244 firefox.exe
3244 firefox.exe

Suspicious use of SetWindowsHookEx 30 IoCs

Processes:

firefox.exeBonziBuddy432.exetv_enua.exeMSAGENT.EXEAgentSvr.exeBonziBDY_4.EXETLauncher-2.876-Installer-1.0.6-global.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exe

pid	process
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
3300	BonziBuddy432.exe
5076	tv_enua.exe
1804	MSAGENT.EXE
5916	AgentSvr.exe
2656	BonziBDY_4.EXE
2656	BonziBDY_4.EXE
3244	firefox.exe
3244	firefox.exe
3244	firefox.exe
5668	TLauncher-2.876-Installer-1.0.6-global.exe
2132	irsetup.exe
2132	irsetup.exe
2132	irsetup.exe
2132	irsetup.exe
2132	irsetup.exe
2132	irsetup.exe
2132	irsetup.exe
112	AdditionalExecuteTL.exe
5132	irsetup.exe
5132	irsetup.exe
5132	irsetup.exe
5352	opera-installer-bro.exe
1356	opera-installer-bro.exe
4656	opera-installer-bro.exe
5180	opera-installer-bro.exe
6140	opera-installer-bro.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_beta.exeKrnlUI.exemsedge.exe

description	pid	process	target process
PID 644 wrote to memory of 1884	644	krnl_beta.exe	7za.exe
PID 644 wrote to memory of 1884	644	krnl_beta.exe	7za.exe
PID 644 wrote to memory of 1884	644	krnl_beta.exe	7za.exe
PID 644 wrote to memory of 2240	644	krnl_beta.exe	7za.exe
PID 644 wrote to memory of 2240	644	krnl_beta.exe	7za.exe
PID 644 wrote to memory of 2240	644	krnl_beta.exe	7za.exe
PID 644 wrote to memory of 1704	644	krnl_beta.exe	KrnlUI.exe
PID 644 wrote to memory of 1704	644	krnl_beta.exe	KrnlUI.exe
PID 644 wrote to memory of 1704	644	krnl_beta.exe	KrnlUI.exe
PID 1704 wrote to memory of 828	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 828	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 828	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 4884	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 4884	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 4884	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 3632	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 3632	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 3632	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 2744	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 2744	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 2744	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 1140	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 1140	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1704 wrote to memory of 1140	1704	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2952 wrote to memory of 4048	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 4048	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe
PID 2952 wrote to memory of 960	2952	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:644

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1884

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2240

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1704

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=2280,i,6132806147480703667,13565686974735362363,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=1704
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:828

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=3048 --field-trial-handle=2280,i,6132806147480703667,13565686974735362363,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=1704
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4884

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3228 --field-trial-handle=2280,i,6132806147480703667,13565686974735362363,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1704 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2744

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=2280,i,6132806147480703667,13565686974735362363,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1704 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3632

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=4048 --field-trial-handle=2280,i,6132806147480703667,13565686974735362363,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=1704
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultcc4013abh8e95h47a7hb22dh86072bccec84
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8a27146f8,0x7ff8a2714708,0x7ff8a2714718
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6030179007501271044,16186569404239201032,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6030179007501271044,16186569404239201032,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6030179007501271044,16186569404239201032,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
2⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3efaa8a5h56a4h4c3fh94e8hf9fd76ead878
1⤵
PID:2748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8a27146f8,0x7ff8a2714708,0x7ff8a2714718
2⤵
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14190729144061061952,10552489637975177400,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14190729144061061952,10552489637975177400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14190729144061061952,10552489637975177400,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
2⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.0.192689424\1498602168" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d722456d-37ac-4c20-80d7-b35d0fda1394} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 1916 13e65bc3858 gpu
3⤵
PID:3256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.1.90988396\474493252" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f5e4a3-cf34-41f9-9b9f-73ef9080b593} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 2316 13e65b0e358 socket
3⤵
PID:1640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.2.1314792167\1710432649" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2992 -prefsLen 20996 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e90221db-3782-4db7-821e-8f3c472b3996} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 2976 13e697d4358 tab
3⤵
PID:2172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.3.1530239109\75561718" -childID 2 -isForBrowser -prefsHandle 3376 -prefMapHandle 3512 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7d6854-a84d-4121-a1c0-0f0d0bf44cb4} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 2488 13e58c72258 tab
3⤵
PID:436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.4.1574258383\1693813149" -childID 3 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71f59c28-d08c-4591-bbe7-1b9fce5de1b2} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 3888 13e699f8e58 tab
3⤵
PID:1492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.5.1508724880\1176480184" -childID 4 -isForBrowser -prefsHandle 4988 -prefMapHandle 4900 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce675e30-f41b-4b2b-8a0f-a69b66de1ff4} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5024 13e58c6be58 tab
3⤵
PID:5548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.7.2010376866\483793848" -childID 6 -isForBrowser -prefsHandle 5308 -prefMapHandle 5304 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {318f37df-ab1b-45af-b93f-75061dfd1933} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5476 13e6cbc2e58 tab
3⤵
PID:5572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.6.785961522\302423527" -childID 5 -isForBrowser -prefsHandle 5032 -prefMapHandle 5028 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f794c68e-eb17-40e4-8f25-1f3c1fb856d3} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 4376 13e6c041a58 tab
3⤵
PID:5556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.8.1622334409\872436612" -childID 7 -isForBrowser -prefsHandle 5316 -prefMapHandle 5288 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e8020c2-5ff0-4304-b53b-0dd27fa1fbf5} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5592 13e6e2b7558 tab
3⤵
PID:5404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.9.1737234975\1468325129" -childID 8 -isForBrowser -prefsHandle 5468 -prefMapHandle 5084 -prefsLen 30220 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47416f87-3c2d-4ef6-8349-c5309fd7e2c6} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5072 13e68379b58 tab
3⤵
PID:4292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.10.2111247075\591783847" -childID 9 -isForBrowser -prefsHandle 5064 -prefMapHandle 6172 -prefsLen 30220 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62033b8c-1359-41b4-8729-6ae956458e3b} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5376 13e73764b58 tab
3⤵
PID:6012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.11.1748437204\1994510948" -childID 10 -isForBrowser -prefsHandle 6292 -prefMapHandle 6296 -prefsLen 30220 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa5f548a-ed78-4012-9f2d-5fd15507689c} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 6280 13e757d3e58 tab
3⤵
PID:6016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.12.2024213337\500724349" -childID 11 -isForBrowser -prefsHandle 6360 -prefMapHandle 6300 -prefsLen 30220 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35d6127f-4b52-411c-b06f-5f4cc1259716} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 6504 13e70057258 tab
3⤵
PID:2368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.13.1554631001\236456852" -childID 12 -isForBrowser -prefsHandle 6652 -prefMapHandle 6656 -prefsLen 30220 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cfd67cc-ebc4-4ba5-9c50-758ae479f168} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 6320 13e71e6c558 tab
3⤵
PID:4984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.14.560424389\928108752" -childID 13 -isForBrowser -prefsHandle 6608 -prefMapHandle 5244 -prefsLen 30278 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b42e4c9e-e5d8-4c4f-8bf8-3c2639507d8d} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 6232 13e6ab77d58 tab
3⤵
PID:5612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.15.2080610734\480224011" -childID 14 -isForBrowser -prefsHandle 5408 -prefMapHandle 6492 -prefsLen 30278 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a58d4fbf-e3da-4854-9f7a-e05db61549d9} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 5512 13e725fb458 tab
3⤵
PID:2508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.16.501376630\1838771954" -childID 15 -isForBrowser -prefsHandle 6612 -prefMapHandle 5200 -prefsLen 30278 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c31b96c-1fb5-4ad8-b925-e10795ca89cc} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 6604 13e74cf6e58 tab
3⤵
PID:3160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.17.819956353\128484523" -childID 16 -isForBrowser -prefsHandle 6784 -prefMapHandle 6640 -prefsLen 30278 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91f82a6d-a691-4d7b-8878-42fd0f20a295} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 6772 13e71a83258 tab
3⤵
PID:540

C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe
"C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5668

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:23643746" "__IRSID:S-1-5-21-4238149048-355649189-894321705-1000"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:112

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-4238149048-355649189-894321705-1000"
6⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5132

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
7⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
PID:5352

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x348,0x34c,0x350,0x320,0x354,0x5d4724a8,0x5d4724b8,0x5d4724c4
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4656

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=es --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5352 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230312205941" --session-guid=c7f0b0f3-688e-4e99-a9d2-173bb32b9da4 --server-tracking-blob="MTMyY2RkNjRjZWYwMWY5ZjU0NDNjMDFkZTZhMTg2YTEzYTllZjRmYzcwNDUwNWI3ZmI4OTU4YTViODBjM2Q0Yjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY3ODY1MTE4MS44NjY3IiwidXNlcmFnZW50IjoiU2V0dXAgRmFjdG9yeSA5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYURlc2t0b3AiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJNU1RMIn0sInV1aWQiOiJmZWYxZDE1My1lMzc1LTRiNmItOWU1MS01ZWUxZDRhODE3NDQifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=B405000000000000
8⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
PID:5180

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x344,0x354,0x358,0x320,0x35c,0x5cac24a8,0x5cac24b8,0x5cac24c4
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6140

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\assistant\_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\assistant\_sfx.exe"
8⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\assistant\assistant_installer.exe" --version
8⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6e6c28,0x6e6c38,0x6e6c44
9⤵
PID:7224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ad.tlauncher.org/link/hight-gpu-settings-en
5⤵
PID:7052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8a27146f8,0x7ff8a2714708,0x7ff8a2714718
6⤵
PID:7068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
6⤵
PID:7332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
6⤵
PID:7348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
6⤵
PID:7372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1
6⤵
PID:7648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
6⤵
PID:7792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
6⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
6⤵
PID:6184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2496542496737286698,8831108559346509586,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
6⤵
PID:7716

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
5⤵
PID:6736

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
6⤵
PID:7488

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Bon\" -spe -an -ai#7zMap11504:68:7zEvent13731
1⤵
- Suspicious use of FindShellTrayWindow
PID:4044

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18227:68:7zEvent3553
1⤵
- Suspicious use of FindShellTrayWindow
PID:2716

C:\Users\Admin\AppData\Local\Temp\Temp1_Bon(1).zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bon(1).zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3300

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
2⤵
PID:5596

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
4⤵
- Modifies registry class
PID:3768

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
4⤵
PID:388

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
4⤵
PID:5128

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
4⤵
PID:3520

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
4⤵
PID:5420

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
4⤵
PID:5904

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
4⤵
PID:3928

C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5916

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:1316

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
4⤵
PID:3544

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
4⤵
PID:1272

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:4764

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x3b4
1⤵
PID:5932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7580

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
PID:6596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:8172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
Filesize
153B

MD5
dcf0700fdf2dc4989207b5c223738fb1

SHA1
e7bed575c70e5f892b096c1c7d102ca03b443bda

SHA256
5986c1d21aca7fd63e638f576af5298385fae4b53c3a4a2c991d989183d71c92

SHA512
a202b083f59dd547dab1ee78f572ba61165450963e559fa6db5f03015f94c1fc1e7684257c116d3397f71918520eb99fd6ee1268bdbacb745675d71ae36d4b02

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
Filesize
65KB

MD5
068ace391e3c5399b26cb9edfa9af12f

SHA1
568482d214acf16e2f5522662b7b813679dcd4c7

SHA256
2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485

SHA512
0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
af4f76d30335fd1cbc4f7b01ad6eb2ca

SHA1
4044068472e4b8a3a31558ca3705e277c50a2a04

SHA256
17198887eca0407b58b6419b0ea46a7464e033c49dcab5c56d5569a586d3c567

SHA512
2123f9af5d12eea830b4e48a1b89853b67d1fb6946a154202069cc8849cfbd70306c8689b3a758d6a2373c65abfa9b9c0df82b47dcd62ea1cb446ca4bcd83b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4b02df0b36203c01f54f5192c7fa0c

SHA1
a53385481b20816f40d92b7df2d26723d1154d32

SHA256
d6c0f58c404566de059db9d4678f1948cec3a031952b7819d14fae8ceaace9b5

SHA512
712073390b86f1931b6389c34b6fafe819f84575c8f3698d1014bd30ce4053da0a3d4848a1b59aa7918848ab2cc6596f9b1326c472a2feba6c781399148251af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\33c764de-836e-418c-98c0-adbb2f2e582c.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
33KB

MD5
89072e4b3fe475b77da13a99691a2a22

SHA1
b3841edca0f8bd6b376e83f16bc9f742b069d656

SHA256
643eaf3bbc420fb32b7ce3e53ee20f489eaeac99f74267b6d036be91eb877c96

SHA512
75db33d9d84e334b2dc6d9eae0e8f84381c84c5f52cbde845a46e5ae08e1a11283e7beadc7cdb92ad9b19446f0eaec9d8145363999574e0d819bb961471258f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
347572659419f843d75db840debe2770

SHA1
ef81d4179d0dc7509e5f902079c7adc216007635

SHA256
888b2bf46c8a70ba8e6f8ebfc05e4874ffd1405ee098475127f138332529dc01

SHA512
322f9ea6e7b88bd11d6d851425c4055297a68c615c6f4c53302cee1329db95769c68464f823b38093b2af033a8693b2e9ddd878292f43ef08417b88edf942907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe643931.TMP
Filesize
48B

MD5
196a649e7bbe46f17402f3a22cb81cd1

SHA1
bede9b2924e79d7a80ff4a6d9c2cb0b77c85d956

SHA256
3e26401fa47c33ab150573ddc1b38637558a548e13976c4ba5830b4fb4cc0474

SHA512
32fc46858e6cf150fbe71d1f295ad36e9392161a85e1268115287a408c0c93039e002ef342ce02424825ccc878adc5ff866024973b134b597c8bc6e9be90527d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
6dce6f13797738b44a6f652313c986ba

SHA1
da17fa7704edc410c95f7373bc24d8ac041d6032

SHA256
b8b91e13dc4ac432866880ccb22b10983f960b90179f0ac0d692ea23acc69d48

SHA512
0fded36744315779b481b0f7e52ecedaf4ffe3809da2815a714ad63abb8652410252503d54daa724404f202515dd4a02d0c0c75520a279bc4f7c3a6135fc1d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
1164d097a0c1b2bb316e82d6561f9e75

SHA1
4e181585e1d7b774fbce9951ae4eedb8b8459405

SHA256
bc2f4e071ff8c5d0b1a72cca64a6556eac6b1abca9142739e18158822a6f2ef7

SHA512
7d179b8c9325c76b46f83e257972fa8529aef7fa58582046da6faaf2dc3ffef2208856782edd7f525b6791f210218594aa7fa9c99578b90d52dc51a6b1a30b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7be465ba4f6d1a52654a8e306d40a9be

SHA1
cbc80e436342d98b85a91352afbbe940108a8594

SHA256
46a2a393adfcb8b3fadff90d6ae0f83874651c9fafe55f3414d13a056e3e0424

SHA512
e4982538a4c4485d8beb7ab5722924984e372ec25da74e6029c38d60336e5a51ea854a6e902113fde585bd4a5a1e057e2e092d69cd03c4fecb0a64e8162cf8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6a69794857f3d5035f76d473b79cca8a

SHA1
3130aa69fe35faaa2225b85795bdd1826647498d

SHA256
bbca3cc4738422a719d20577429cdfc0678535fded0e221838904b1ee6d88d50

SHA512
3f4f0d864fc0226e8d79a6b29b479633adf8e589307f132a96b47a5e97b2b2faa17483b3484708d31d8404d2ae7037e3b46e2b6fcbc8a9eb41560dbd6c2f32dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c9ad5b281b07c73a2b580a5dcd2fed95

SHA1
0e2d10edb7697932cefff79235c2165b549c0cbd

SHA256
ea66d4fb377aa96b7c970b0fd4a2a7eac4a253ca7ec1244fd46076bb08e6286c

SHA512
2c40dfc2db460efbc522725f5786565a953ea6386d10a8484be945b84de10582ff9935929878e266692d3beed2ffb971ae8f3760788ab55c491d4bce7b96522a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
44a58be31841b136dd581b5a344484c0

SHA1
5ee4bcb617468bb92e90c11f02e0fda6e59be108

SHA256
aeaed5b786740d9c284123756d1d27d907599adecd1b4a1aa3347bd97520b806

SHA512
6c7e3a72172beab52ec262f82c37dfae74ad3db49c0570fe4fff128b515724f8e79b59fae1cfcebc7801531a26b6011648ceb1c4f6dd396e2d3741deb49abc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6a9e5950ce8b0fc421df1faaa9714f07

SHA1
fbc1e6d7b98c9a44ad69f4cad55026076c289afc

SHA256
d3fbdca4319ab8818145c722ee7f6a9458d847a9a348f7d3fb4a408ee9662c08

SHA512
a3ae746252c1b8f2a7e76c02de5c18828fe15796cc3f4341b0492f03b8a6b1d3d9f429da9fa5d4a507cb3b0a807d5eaa04e878dbb508caff77ee549254b0f343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ac1bc95c3aa9a9c632675e63445902ea

SHA1
d625ade828694e4153d18caef036a193797a7031

SHA256
eef772ea4d78203046f3446c5079b68ece5fc01b9ee39792210953c77c4464af

SHA512
9442607e662b7c204948030977956725d7632a87043d72919223d28ae1dcee1ad366f8fe4b1d6d6fd224849fa1e9cbf1afb4486eff09e627e5f584a879ef2832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe63f274.TMP
Filesize
1KB

MD5
6ee37d0593348be4b3706985a87eb01f

SHA1
753c8f336e58e54070dc595fb27c267e95332d18

SHA256
a161bd2b458f4c652d7155c3712360f1f59841c28f570a64bfaff174e9ae4084

SHA512
a7c366cf2fb29c06f4ac9fb85ff19c07e121f48faafb7f007be37083f424d0f042504c411cafc0a3496acb3e6c0462fb11d5802e8803dafce968f76238d5d698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c3ddcdfa-8338-4530-983e-905b52771540.tmp
Filesize
1KB

MD5
8c639816f4d73ed2f42150ba66132427

SHA1
4cc075326c443443d38d5f77f5373a2b7f307f25

SHA256
73318e7a9a01e5fe25b0f882bfc3561125fc580cf988c8b53bce9078a39c6515

SHA512
fb03dcfe98bbf085abde508998d5e3210312360a3fb575e5febd0df0c3d765a217aa66b9679b3249c72de74fbb1a2a37133b11db0aace350600c2625f90bec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
6f2e5e41230d81ba4b82910878bd9aa7

SHA1
da58119febc8c1ddcbac8b201ac63ffa75641457

SHA256
1922640ed4e9735652b9a6b5308f913baa2145db643e59db81559594826596da

SHA512
b523dd26184fbbfd9aacbc491ec54cce0454df2777197a99d72ae44a8b52d2d56a8f60e2aeb273b7b9eb31d2c5677d63f01a0eec6fdaf0bc0ab2da2793cf6d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ecfb4a529be06a407787dace194e0e69

SHA1
6d29be145d83c06a3485b79f7e98b5c212f9befc

SHA256
7a52730e4c1a45f0216af89c5f3852ba1b3a58803090e845a4a641438490f9a4

SHA512
4eacb8f0f0090a9c1ae0b75e4905c9be575394423ac5b632eeac4505be470499a50bcc228630a77741af06d9b3f91b5b40c6cae1dcf5aa84ccfe071fe25476a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0c3dae76af6302b786f84bfa8510a96f

SHA1
fd765bb7dc8e757568bc2902f7f40f92487b4a95

SHA256
ea6bcd3fba64f5231424094a3418ff4eeb8c5eb036f99c06da57c407e5eb6489

SHA512
d7b0c602311d7cff66a42cc6269b413e15fcf1efd8a8b3153f8b8fc93b4c4e5fdc6371b1b71ce58367a396dd0d38e17c4a789eb95f6e8746535894e6ec951036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
42c502cc9eb5e0acd6f3264f36e77d3e

SHA1
8dd108c587f6225e077416e558a4cb1e15754cad

SHA256
ed2cb1018cecdcc7a2f83ae9764d4e05fdfd74a36305f3ffe7cdf958ae430ed7

SHA512
127fe8047bfef516aa180ab1cf582624831b29cec264d0e3a98dfdd9c082c789d9aab77c35b1cd2b0e908404947e529835b48b125c75b5fadc95c39628bee799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp
Filesize
146KB

MD5
edc2f57cb11358b44a4f7125d3389d0e

SHA1
5a369945f089ce9641e6b6d268a72e08fcab706b

SHA256
6717268e2d79e066136982aca8160379c958ff9143f61c0fdc36936c8ba478ef

SHA512
1e4ffaa672e2f3a967a3610d364d9983379477324d2a711773ee2df58d2ccf78b1638c39c5dfb4c4d185d85269f7274100260b21ec798db67fd542576e01542c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\11181
Filesize
9KB

MD5
36f0ca88ee28bfd50910123f0e1a23b8

SHA1
3e0ab510efe70d28ad27e160ee4782c55f2c3dd7

SHA256
010e6c91e12525994bda79f5abbc0b63916e3ca756dea31bb641f3515c5e843b

SHA512
6d8d2a3f97807d4846a1c7f6818bd55c03992894f22e265f0ba49c19b61eaff5f703d3221eb3e9d57e23aaa2fee5c1babcb3b386254ee4e51604c407217f523d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\23570
Filesize
56KB

MD5
76d15c16a038167c0a888469c164136b

SHA1
105a653369534322efe0a66e640073a4f46f2390

SHA256
e0d02913d9da34d51630ba3b26e9640382faa7b143b94da5060f369ab0ba9345

SHA512
1bc885891b92c7c9534edb293e6423c718e93a402ea0e23d71d6374e80a9268a6004034a5039e1f3be24f51dae0596b8b1f7f65664dde8153e2ca3cb90fcb107

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\2853
Filesize
9KB

MD5
d581dea046f06cb372e8c5b900dab5b4

SHA1
5ac0af52dfe609103fdc9d5a2b2439a7c9d6e9f0

SHA256
b1d346c1c575e95217d14f355280d22ad05fdfdd6f77061fad77744119eba003

SHA512
c6065adc3b6d21b4fa79c79a0f9f4f14658c48cbad3c6e1feb047a9e069b615d77088b75a0b370e2e85b511b70f96fe95605f6eb36adfdbe07c2ad8f79a8bb6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\30974
Filesize
8KB

MD5
a670713dea3b0dcf27e7a96b38afd0db

SHA1
69c6ef9a62ba3e058e1956dfef1cc6ccd6238da1

SHA256
676ed8032c101cc071d45638876bcb53edf1799271085acff6a2873601e88b42

SHA512
4492abc3cf5f14e6fc5cc21a0c33625e93fbee2b60b31e2cb3f4e485e6028d61fa329da77f03def779147a0a427483a4890e4c99fcf7891a5a79a4c1206ccbb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\0023CCD27A4401E92F32259AA01669BD277B955F
Filesize
1.0MB

MD5
377e5998a5cf50a465d5f178ac08da27

SHA1
3cf430eb89ab1473e9b3881cfda634322eeb623a

SHA256
bb3108d80fcbf154fcc40918319f531e5f80b05a0db620c5205d4c697c60cee5

SHA512
f17af0786d6f5484d408589b543d08da518a6bd0fb223005a0bb2a4150d215e7444cb6645bb65762cfc308a9d6a4717b0f2b62179433016541d9a763a6fe0f25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\184C843EA0B8CD10730CA2564A233632E40FEF45
Filesize
14KB

MD5
f5d8af9420523f815613a48903a17d5e

SHA1
3b49347a2c575295fbd4c2c49bcb73293106be33

SHA256
9ad8106978d2940ff0970907d3e8bd63cb95cd54085d7faaefdbae746bda68c8

SHA512
02f3369e9cb3e71b025e3205c9fa966912d130f8c21cdd51031c3f2bcb6e01b3eeca1bea2aa996d481f8f52235d7fb34ea0c13c2e6594a263416b26f8b1008f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\387E5A50C493C06C665748A30FF6C29EC8F55BEE
Filesize
116KB

MD5
456ef9ed813fb847cd7831c856c2d0d7

SHA1
72a04fff0c26e304250dd34aa45a7923de05be4a

SHA256
91da3d901719ac949ddb7d45c5dfeb1b8def02f1c1f5021795b9bb7fda590025

SHA512
b67736a9b665a22e1cd72974e95d0f15dce37d22a83345d1e8224293c05e171df7ee610d20bea2a87b7388959f24a974cacce04336c345d9927b2b1cd3dc3146

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\67CAA1C45FFBB1B6BBC9F1B2224488FC9C3A2C93
Filesize
23KB

MD5
71b5710593651c62f0edbaf93c13e37e

SHA1
1a879507e0a5278361cfddf7df2ab0db1b08891a

SHA256
c8de3f6a5cb03d16e9ecf41226aeab28773de23276e7aa6f77e95ee064eeb5c0

SHA512
ae1ac07c21ebb1935fb45818c8c103baf6d3822845a3ccc08a5a4875754f08dcbf6871e0af186f784b11f362925042e1171e24b9e5208898c4ec4fd87173c9e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\921A892E035650C9C7B52D31CABA193B64E8A141
Filesize
183KB

MD5
bd62955da302f860b414276bd28b8b18

SHA1
44298a51ebff2a25a5ccc03ea14456d903158723

SHA256
c7d9f81c3c28280c62427d7896a385dca2acab32b9d760d782048d51df6b3fdd

SHA512
1fb123b0926cec937b5ed632886896ef59fed0c0a1b3e3e425988d0fe6f1bca7e8c8103305aff03a46543bfbb9aa5af67ce28ce17a0fa9d00f98814411b6cd85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\BD3B753D62DD92E361E775EAF326C27CAB102BAF
Filesize
807KB

MD5
9f5160cb6427d4358451d41c3a8814f0

SHA1
f3ccb73cf8c6b6f1eb3803a56e70859b19fb6dd5

SHA256
0b1fedab9d7109e0ce07cf0aae66da52f4ba5f700a365eab9c55e1e21526e28e

SHA512
35894fe9f33bf061e132e1437a279083257d34b5ebb2dafc70206f8604e0bc37044e012210ee8d1bf4d4a71361a3c3cbda086301ef0d7cb98ee7e1fed09f8b05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\D069E0884474066F492F219170C47717C04077C8
Filesize
118KB

MD5
d37f613a7e6b776f236b23897ab39aa0

SHA1
56ff8e4838121daa870e99a4c622d5b9e08c188e

SHA256
b33a4cb533f58db686d1325fbf168cde5c3e9d14e9f138eba78f7d8d49960fba

SHA512
048e2d3197efbf33ff509aea63be805228b2def4c3771949c380aa764cef121cd5b9cb3340e30d42a6dc2da9471abe84b1ef461540b197dd65245f8b08df97ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\DACA415ED7D7588BB494AE2465F6F4BF7F8A8A6A
Filesize
169KB

MD5
db57a69f2d2ad5699f80f022b29f07cf

SHA1
c20c4efc4ed49b747064c867c9db518211e10873

SHA256
db2a8184b98259b2914da605808848cbc9bbff7392189c4b6aaaa3b09cf8771b

SHA512
f3a69e822408ce4990217566d32214d1b5e12d699871a90ec4b3271795d6e90a3d6079f80af4b6892d4571fa67a8bb7ca2fdb36dc2aabd6405b4b0a5da08d54f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\additional_file0.tmp
Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303122059411\opera_package
Filesize
87.9MB

MD5
b004716641db018a37f534c46df35215

SHA1
f612420cfa0570cd5f8f051cc99ebdcc57eb129a

SHA256
29bdf09755fc63557e1b4a12e664a13513560669aab3f819c7966bd7cae6a7db

SHA512
aa6a3414f1bc390eee3a00f5d83082ede3b12e1efe6fd311b4e4a50d985eebf875ddb485a7f01a47e0582d9f0a812a7a1f219d61fadfa95e70f2eb1a89b7f53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1704_1393408021\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\1704_1393408021\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303122059407921356.dll
Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
27e7f3d4f0383f5aa2747a73b2247056

SHA1
bab94178cde996a35dfaa905cede8015da321552

SHA256
71d7808cae47025784d1a5a759d80c07704d5c745661c07d2bb5f883e821a7b7

SHA512
56f486ca2dff3a94db51696f402d73b43b9f7adc576299c7fca1472dd1194c03cc36c9933dccb94579aaf87d6943c0b108a26a09b269f8fab07bec26067a9ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
Filesize
644B

MD5
d0283575c47a16d567f02b70550e22a9

SHA1
189ce85ca43d3aa4336c2e7719cf206691257999

SHA256
44464fa74b703a959540202a83383c33cee05f7affc69898e0d3b541b1e87970

SHA512
5b70a22b0a48aa3c6e88123c4d3ff928b02bbe158d63e565bd558aa990482a4d9a98e710ec3dded8fef6042eedb5a1ed62ffc632fe9d102a9cb49342727c515d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG
Filesize
40KB

MD5
add45fcce9e1d8992e60401842562c2e

SHA1
7869dc6ad6116e2c864f32b959a489ee4100aa2e

SHA256
4c9e68ac4cebbfde2f2f5a9318b597825f3d7a41f32cd288e3fa964b95a69fff

SHA512
2f98fc864d4bf46c8595f94c4296e6d4213d90591ee197679b2c4f5f4a27b248a52a941b811fceca2f8d32044d42dfe589ec981baaba86a7e4d844d687d048fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG
Filesize
2KB

MD5
8691619d3729db635b36abf4cb92b722

SHA1
5f65a27c0b8d2a25a3c107eadcde937a6c9620b1

SHA256
386db08587c847acba938e16a37f345f8d95cc1c77ed562b3c2cc71c1ccbfc1c

SHA512
0f2e192e6f23a512c7e0b75ecf54bfe8cdfcd4c18f48cb4a4ccbb879881ece3308e1fb97891583f1248c2a833c36509e8e1b81bf39958189676b05d9bd9605a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG112.PNG
Filesize
2KB

MD5
86b43fb6bc008940b9fca56df7edc7db

SHA1
b75507cfc870e267aaef54b5f52ba16a769e94ae

SHA256
d0d41f09676e52c73885fdd628e35997605790aa0339f5d5828466db026a1203

SHA512
2181a959e7701dbaf74e94dc5ac30c5c8243c8e8260e0122260f118b4bb5e3eee44b542f73488bf39a5a270a2f62a9e7f64666bf747f8eca450fc767a1defc85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG
Filesize
1KB

MD5
1c9e24d780e12c81094546db7dba85ac

SHA1
9a21b5304a8326f4d115f1aeed413191969f82ca

SHA256
06fd6ea5ff0c58b5dd1ee0ff062e79f66f40a2ab4a0cb3937949781db90b0ad7

SHA512
a0d66cdf4e11fcb991acf2faae92f91dbb2144694a353a41e450ede37c9de605cedf5772744c90967eddcd88055023ba6e4a9bf1a8a6875f8750aedffcf6618a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
342916f21c1e06bea05bbf019607713c

SHA1
93a20cbead12b1d710aa30b7ad11f322b6e253fc

SHA256
93fb9f9ed1a680f419d545084a11db8a1ff1a9466cedec71ac33d78f39c367d1

SHA512
321a5b6120008c510cbb43813b56eefeacbba3cc67fe1d9fc579579a6b8577999ac1a14e17301c4a3bdf3c98644a1c3519c63b6d079d06e614eca4b79fdc7518

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
3e4f9ad22e78d1916883ba8ec1b40391

SHA1
4eb8e83f9e4f24d6252c83640061cf6fbf8daf08

SHA256
20ed02f9caeab1a1947e436aa39f99f8e69653e6f9ba5da3b88e31a461676e88

SHA512
d80793d15dc318fa2ab89252d153398ee5924391b0d3ff63b1063bea076c6681f9692284b6e744dd68abdca240c3c1b3eaa224a0449eddadd2c7bd7e943e8190

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG45.PNG
Filesize
438B

MD5
343b2dec000aeb270da2da3d091cccee

SHA1
8ab8987520beb6f4ee7ecf85f5d3caf88afb4c9c

SHA256
36d9a038c082d934df2209fccdd5ddf7bfd15b393581bfd48f510cc161db5232

SHA512
3ab0006fe9be943285f8294752d9ee14959284103676af7418fa2f59c967056bb2646fd48432af0e97be00c608ba493f08b160aa725898084bc726c904ffaa0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
Filesize
43KB

MD5
e0901ba1513ace1b39991bfa0b911498

SHA1
4ce82072212487c2f484bacf1de20e179b3fac6e

SHA256
c571b49df24291011ff427f5f450b673531409c7b4576c34ca3f284ef3c55493

SHA512
7ff181c9ea32ca2828ef7d1e34c96c6855dac906108eb680a90da5dd9f2008d815c96969263b3314b7db1a83bf7032da631c878dfa4a99976d8cabf79ea62b8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG92.PNG
Filesize
1KB

MD5
ea96bd465b5cc6f02a328606810482d6

SHA1
ffd69d92498767a78431276bf0a77fef17fc8e30

SHA256
a4dfc277e282e9f917d29fd98b4682e98017c24dc7c8a96b1ae56fe71c5bbe64

SHA512
6bced983a20fc1b413f579b6a668f0182ae3283516fedb8b71d3c4345bd6512ca836aac4784589fd5dc2f9ac91c4144f640a4b4e9b9ed84c8962263eb6a0208f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
Filesize
106KB

MD5
51be149c8e20df63087c584165516ecd

SHA1
feabbb95b65e6929f086266b06ee1cfef83539a7

SHA256
b949eb246d81688efea07a7655652107ad435f37d493d93dd68c88a9fe6f3e33

SHA512
6f24e4caafd6af85c2f8641d7f2b066dfafa7d6abb512fa62f3642eaa42b549692b15043a3bf0e13cb1fae377fc1d3139dcf5cea3d4def24de197f75297e17f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
705ea796a09e131fc4d5dfd10e86655b

SHA1
b7f4f715e30ba70d18233900bb647b85d2b776fd

SHA256
666856bed9675e0b4d858e0e7dc5743659f4934899a7eb01a4f2df7f81b0742b

SHA512
a1b541b0d57230089507a70229804170a0faf2a0bf0b4db77959ed33a671fd1d604e9f6d340728d360fecf0b5965ae9bd17045e6f95485b3129f70405b889cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
6.3MB

MD5
f08d9bbc61cff8e8c3504524c3220bef

SHA1
b4268c667469620bb528c04eaa819d508159b398

SHA256
2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb

SHA512
a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
Filesize
451KB

MD5
0b445ace8798426e7185f52b7b7b6d1e

SHA1
7a77b46e0848cc9b32283ccb3f91a18c0934c079

SHA256
2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6

SHA512
51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG11.PNG
Filesize
1KB

MD5
fe236f1182935dcbcfec9b864cbaba81

SHA1
ef04ae2217dc030047133cb2a7f5ab7d3b45363d

SHA256
700ff688c18f645159807cbeac403f852646ad2d1d4a4f3a62410e214c23db96

SHA512
59fc89ac345f0f931fbbec93a930d32adae4d6d1b5ec89057988f060ad6bc893d681d957915a7c59d45875275a6d3019d786f71e84401a5ae3d67eba60b2a6da

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG29.PNG
Filesize
1KB

MD5
9fb892cb12987eb85b303745c00e0005

SHA1
4afed97947228ae2eb97579c04681241471101bd

SHA256
328f2d535ce6695219d02681949aa63be40433be6c51b5727d0b7865440d2949

SHA512
adf7d20b5096f5c985d931f2e222e388dc34ef8a168b061c9e6250f6ecea944204ec3d616857c4d447985bc5e6a5bc8384e207a00f50ad4a119bf0b3fea13059

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
Filesize
45KB

MD5
c00a190340711134584dc004bf18b506

SHA1
72bbbf9ab0e5b3fbf825b0a46da1b25641fbf346

SHA256
db127cc179eb800b489b1d0d014d6d5b5bf04988b23b55ce7b2d108a4852f343

SHA512
597ce1ae67201158e554f2e85218f2bb3321d0b47593c845d5130d80f7817b5ad4b92f30053ef0809315c4f02299edfe09fa67870e11cdc6095390683c0b4d56

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
Filesize
457B

MD5
96df483076fe5b82a193e0f74ae9427c

SHA1
e2914a84864c5a0507406b7e013c915eb64c5d88

SHA256
b08c9f5d1d5375498e555889886992e45c805658e7fb18def814a4ea6539c096

SHA512
732dc92695e193f359b42bd0eea7310406fade281ab3965727ca22b707ccedbae4c7f7706597b8b23ba93f9c259229e9c14a1d1efd959c6acb17905b36d52769

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
Filesize
352B

MD5
82b5905aadccafd519f5baaba8b4235c

SHA1
ac20c24c050d67ac9cf6d5d012f6c4e3e109dc6d

SHA256
7b0e92663780a8c412e31cde6f5abc18ed58bb19e3791208e8bd77ff9df2a4e7

SHA512
28a04532b8416eec31022493b725150711036cab5b87a7e4a39284ff4799e024abb34b808fc2182318cdad282c75958210d68368222ecc583ac139e6c1f0b802

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG
Filesize
206B

MD5
bd8b796fabf29bce107b327cd690807f

SHA1
edde96dc69ec4c6a8374069e56b27cfa98b50694

SHA256
8f65c8b2c3c27ce8bb37fc64aba53eb01ded825f26f9f09bd4b03c6bc41b6ca2

SHA512
b4091792afe29bb346350928b7726c1a4411bbae732f4d7a862faa909453b6efb79417053a10db1c70f11315a2064682842655bdbd2c374cb6564693f5f1fbfa

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG54.PNG
Filesize
2KB

MD5
f77565ceb1fdad8d7eb1b0a5bfac2206

SHA1
0cdd715372c5e59cea9784b3723cc7571a08a791

SHA256
926e2ea2f76a728d04e792b0f3959ce71c09509769f6d0e4ce0c947888750bac

SHA512
7001b182d9a92e25a4cac3c36f3c8546679ad46a612ac52d946b798cb129be026c05ef62259fd9b61eab91557198ec693c9c87ba8b7e23b3e7ab6dee1152ee04

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
Filesize
41KB

MD5
f2664610dabb317dfe1120518e323887

SHA1
33f8a173d6a0d4b7ecd4b5be9fd052795d689919

SHA256
67d18f4a1cdf8906751fed972deb353a773101fea9c62929e434cf4a31124cc9

SHA512
16ef6bd74c99e4c805ddc53d2cfb6ea3913f8e78ca674e3f61c3b49510c40d7b2b7a96f80e72dd428a28334deebe6859f59d3fdd40e44a0356224695c8cb8eb9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG73.PNG
Filesize
1KB

MD5
6d9cad201627bf9b04e0ca95d8b1cbdc

SHA1
9bc353075f733d583e7a7258064df4f601f5c59e

SHA256
fc6960c7e3a746b86faf4cf6a84e1369367485cbe0814573444807576f81ea0d

SHA512
5f51c62de85c36cd842cf9666d78c946306a616f93e4ab55b8eb0fc64b218c1088bbf30f7abf72bcca354a0830abd9d8c004ecdc2aa88ce50657daa8afe6abd9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG8.BMP
Filesize
451KB

MD5
d2b43decae0a14deb90423bfb687dc63

SHA1
c191705fcb927d476d4fc639860bd52e324a274c

SHA256
3266fb3a33a97fac7d71652129865c3d0dd06e70af6ed5a3b2506d842eb69e70

SHA512
3cd903b0c4590e25502cd0f91b678c1e798989211e174d5a6dbfd52b343a426b867204979cc078a4919d63a4c4401c4f8eaa295227cec0ccc043c7e285d3d2df

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
14KB

MD5
d2a3578c51348fd5d301648da44f2f55

SHA1
c0c9fb36f243344247526275b2f366a7e2a5a0cc

SHA256
6f8675f44366866923d3edd94dd2f90859245e2c84be280860d2d3a990087a70

SHA512
14d941d941580fbe6fad03a9ed6ed822756d2560fa98b8e4028ea992c1199939bdd8f251bb5db9004024800addd479c65ea9eb41cd18202843ec7b6be40dd698

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
33KB

MD5
8f6f50457e85ac034a6b83a281987f6b

SHA1
ab67beed73469d067d3c4dc15f40fb2dfb796ed6

SHA256
e5716e2ddc1fc9ef66d4e8ff56cee22e73494ecf10173536a47ac3272c4671e1

SHA512
689ab421dd357c947d72f2995138fde7e459bfb1904df5df1c9a62b026bff0bf74a743214e5d8d7813df6ada185a96e29412d1be91a50d565135472c61f8a29f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config
Filesize
12B

MD5
773229091774b2b77583da0f15a718ac

SHA1
fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3

SHA256
f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9

SHA512
7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png
Filesize
155KB

MD5
971fcb67b3ed9746cfd5c12032c8f54a

SHA1
378d56a2909c9b4dacc1a679664de7a3b9b48109

SHA256
94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc

SHA512
3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png
Filesize
7KB

MD5
fe0cf96f57839cdd21191af66c241b96

SHA1
fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562

SHA256
bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc

SHA512
5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua
Filesize
1KB

MD5
4417aa7a7b95b7e9d91ffa8e5983577c

SHA1
367b923829db8fecf2c638fb500f161d22631715

SHA256
eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6

SHA512
04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\card.config
Filesize
11B

MD5
a3d8125d741db04d38a0c2c56eb9521f

SHA1
69729d39c0b4ff201d2aa7c6a77ecb4652b22aa3

SHA256
e2e623686b91cc0075b0f86b4c4577e45d4ee2ac6fce0aeae7326550675d1a96

SHA512
014cb710f3ad4264bc6cb524c33569e297ff6eee5dd417d10e4a1519951fcc739663a794f373a86eae4a0280002b4ce2d90715e4d9328bfe18f669e98878a994

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png
Filesize
534KB

MD5
1ea0fccbceecbcfbe9c57bf230241889

SHA1
4b538297c419731bed21e7f0f8c1f921c6c3f389

SHA256
79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd

SHA512
6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png
Filesize
19KB

MD5
be676e5468366d6f34839bab1a2be5dd

SHA1
14424fc881b910a406f364d1dffb22ee0dc28e04

SHA256
196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e

SHA512
3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\script.lua
Filesize
98B

MD5
1f74e0539c4f0816badd444b487dbda9

SHA1
07fc32012374195023f00353c12d800a5ed8d07b

SHA256
f01656ce161b59d49730ced251f20cea8a4aac04efbd85152e3c89e0f182a41d

SHA512
d068fb33ff098e7db909784985bd7a47b62ba607119d976c7084db8260d05b1aacb984543b556cb002f53fbb14c9107477e9d1b51a78648e6bd040840a87c55b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\card.config
Filesize
6B

MD5
af55765f33160409360ffefd60211d32

SHA1
f16b23456ff82b6875e996c252c92eac375c5c54

SHA256
adfe3a9eb182052dabd7530e315fc5c0784bf5d115002b9a1a6f76dddf35773d

SHA512
1488a18106ed2dbb1502f218f8a543eb45fb5d12fc5867dfbd7d0bb500915c9705a5a8e2a21e964f5aeadc460d69d0f39bc729fee8d66e75e08907bcd0adbc4b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\preview.png
Filesize
10KB

MD5
6c5d6e01657cf543c2211452ff43f52f

SHA1
7f4735960b3128f279aa42c4351ee50b32580788

SHA256
014920b3352e755b1608681e3dc613ce68e7875527ac8372a8edf5f875d32f5f

SHA512
f01c45f42f9e55982e9191979c3f0854a064b7455f65141e9feeebb72432ebe3d784263ac81d67c4cdf48e4eb49b39787eca2fe3a4964a799b130ac79a6b4b04

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\profile.png
Filesize
12KB

MD5
516a58f5a912ea4cbef1098f8fd5ebc3

SHA1
217162ba93d4c94d7b9389694734e365a91905df

SHA256
c9d71e41f4103780f381c11ce608f797ffbbe3f92f20922cc8576203543aa461

SHA512
ec211867be06425d54e6c70aa60b99dd209b949cf70ed6922689645bc86e9508ce234c14e3a1c37f2950a95387eef7424a518abd82cd2ac4e6680fcc329ab5d7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\script.lua
Filesize
281B

MD5
c0baed80a080fcfbcbde7dc86d38b14e

SHA1
1d81bb414f6853c313b6eea6169a7b68001dca68

SHA256
0109c27defe896cf9cccf23e0dc8765d705e8660360c3eca2a2f30599b46d77b

SHA512
3397e3b5bf3591e8ae5ac4b41be05973c484279151d1239d1976ba1267441809e2addc04f74fb61f7ec6f82fa1c3b6f92acab90eb620095e11f55c9f3f2edb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\tags.config
Filesize
33B

MD5
b042ffedee19500bf6d971c456ec3655

SHA1
077c12ca4595d02a810a592f8cc85bc961676f4d

SHA256
83167cc46576dd7ff84b1f107e9024238395d2a6016f88b9cb911292d52ec2a9

SHA512
0010593f27183cc66acaeba66c0cc4bf82c8faa821c1f5ee75bc78552792068eaec6b120f17112a3df267784dbf8975d6fce2f394e5b616c7f719148e68e0d86

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\card.config
Filesize
11B

MD5
5e42cc2c2e0f1e430aa404314afa53e4

SHA1
794be48d0f018d9ef67a9dddb4dd4b6ba66d020e

SHA256
4f94d5d922df31f5611e97f785b3f7bae178268b0f0727e733590ddd6de13bc2

SHA512
e38a0e93a5f7b9d0f3f09d8408fd29450a88672382e828a5926239ce926782fab49692178ba4614e0683bf4ae50d4ebb6491e6bb6e85372972ef4b1b5435639d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\preview.png
Filesize
49KB

MD5
7b0d11f82c6d558ddccda8a4563f6238

SHA1
615e90c3d799e58850efb189bc220a621dc56e96

SHA256
24f687838f65b20e4f826cc6ab709124a8a91c43789a0b71cb6fc8a58ce8273e

SHA512
5a8dce1fc5c9e2d47634b888bc51ca0ed73eef0f305993979f380e2597a3f5fa45facf0639a2a7d3410c40b29f2ce2b40fbb222660babf009382475cde1e676f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\profile.png
Filesize
237KB

MD5
6cef901a51f67313821f9f7ccca5d38f

SHA1
6a612a1918e94c08b54af9e7e63356d41eff2d82

SHA256
1461d4e5cc1d955721e68d745c900c56c3c28490d86e00cab39f0bcaedc702d8

SHA512
818314e8bbb20fc0fc7ca7884a930063c8c906e8af39abe6c507b96ddeaf5515a9de0c0408bc2483eea067dcd1102bc63095cfd27a6a1af2f628a1bd26929522

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\script.lua
Filesize
451KB

MD5
1cf55875084e2163bbdfbf66452b29e6

SHA1
f28c38a655dd68075ade6b915f683968e77bee97

SHA256
177d8cf42fee5c6012f6571b20e7e17e55df8564af59b9be5dddcdbd879b5c5d

SHA512
3e72263077a032688770f08e181d8786c1248bec31a5f69fdbbff2c127b49466909ecd68a5dd7e1061542bf1900a6f7a6ab498310a460c8fbfaeae81aa5f5db3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\card.config
Filesize
4B

MD5
656626d3691e02c2c2e83276a94add4f

SHA1
258635defa94ec462fbe0c1af91c7b59bef1d1e4

SHA256
0fcf591eb63af5717e253be0931f2e09747df34a27b3ba8d092faf0e55318920

SHA512
2878ceeff7c9d8225006bea6f280587d84d0be316aae41c9c859b632ae71043af52dd2ff1cf50a0804a0a5120da4a500a468170b710e6bb53cc18a391fdf514f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\preview.png
Filesize
465KB

MD5
4178311492a7c89b085dd0f9e16059d1

SHA1
a8c09191f29ba3538bec9ae2ba14aa4eeb59b5ef

SHA256
7a6e75f8f2a3ed7ba1b3ddb2b34b56ff751053896f37c02d527ba496504563be

SHA512
770cc5a277455c4a6f6da2dcc0ab4951580cde25ba1524194967dc1dff8d5d0cc81c9131313f131fd83f7569b2e56bbd55673fad8ff5f1a847e1ddd7f750a4e3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\profile.png
Filesize
8KB

MD5
5f7201b94d86517399ee2a8de627cbeb

SHA1
0028f36c47b6dd36e7e5a1b24ee41f965be3671c

SHA256
6acc361fca4ef73d7a0bdd39482f3d2938eab6d2d942db995666e0978c0f59a4

SHA512
8037df886217f45330630205090724fd2a1c5e66b6084c9ac746cb52e5d653f3d1816e1feb236df760bf72090b8a880ac6391daae5253ac99e9489551ffd1526

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\script.lua
Filesize
115B

MD5
ef0dfaca318853907f49290a828e73f9

SHA1
e4c200f30ed72a6b384c712ba1304fa2dbe72a73

SHA256
80c4123264cd0e6ae4d5308b8c451ef89cd35ab3bbe214f034a34d243abeb8c5

SHA512
b5fec7a5b7c446f6ed8802740b8afbe948ed24c5d677a8748819988e4501e94deead3e7c933e33e19dbce0e10260dc43ac7710435c3864576b38fd27bc35503b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\card.config
Filesize
10B

MD5
cdf58d0e1b6b0dd3f523e7817a0ea0b5

SHA1
a87a1bfa5593ccb6ce553543526b06c7b39c3330

SHA256
a9292bc3beaf23e06a4cb67c4bd213737754f9b5c1538876da059b0ca71e03fe

SHA512
ae1b344d078af79886c7d2d0bc4c103d5873621b3d549362ee416fb6c43f5bfe5d9c43b5073b034bb1ee5b4413689a93dde12f9a8408e4051a39f0f089500784

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\preview.png
Filesize
171KB

MD5
220cf576403c96a12e4831c4e1aff13a

SHA1
b6ff4cb1a6aec90ea01f3807a66ff1b0864d10bf

SHA256
1bc331bf9cfe7a2ec83fea1d9d67cfd2754239edc4dda5a17f99b420b75d6fd9

SHA512
103aab3a35694076ab14874c1f826a51bf8db59349f66765528d70484a4f5a4c6d751e2af3b5c4b832df68233ea33c5b08662d009fc9f2897c4414d61e0f4e41

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\profile.png
Filesize
19KB

MD5
20f7c123960c173546b91a9147be8a98

SHA1
d83534a97c5ff8e917bcd92f2e31d558e863796a

SHA256
d132445e583c7e8662fa48a83c35074d91557c34ea713d1812040c33ce8b89dc

SHA512
1f3b3897f21599f99f89846fb92783fad0c2018a4d20da12c9ae1789bc8b284987433c183582dfc5914f3d3b176ecf9f70de036f032b24e78054869ada87826b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
d4b44f9a8c3891884cbd93748bac4146

SHA1
7f77f6377b8a84de9d96a1568e1cf125bcd046fa

SHA256
af6a24188c6f99436da0fe18aab1989ababff9ae09c4b669cc23c7e9f3f478c8

SHA512
b71c080e19875fc2282240e949b608e779af1269465e915382e430de663e6995b1ab5676b34c6831fe3db97bbf03b0b861c8ffa17617cc4ec9582e7154aa71a9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak
Filesize
620KB

MD5
e05272140da2c52a9ebef1700e7c565f

SHA1
e1dc01309fca499af605f83136d35e6d51fcd300

SHA256
123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3

SHA512
476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak
Filesize
933KB

MD5
0d362e859bc788a9f0918d9e79aea521

SHA1
33abea51f76bde3e37f71b7e94f01647bb4dcbd5

SHA256
782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28

SHA512
37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak
Filesize
296KB

MD5
99b4fdf70abc76d31e44186e09a053a6

SHA1
fb4192460341de2a04127f1e7fdf5c41b12ca392

SHA256
87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

SHA512
d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak
Filesize
6.8MB

MD5
34516ad6ff9278dea1fa89839156cbe5

SHA1
c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5

SHA256
91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426

SHA512
6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
5b551d96d77bdf56a703adda73c8bada

SHA1
8c39d19465417293abd7d1378cfada739e66aad3

SHA256
435c1c1419a8b44f152c8807ef780b5946d13c6395d7327c478827561000a4de

SHA512
61016394afea180d9401d3b3f33207c6256e30ea8a93af21facaf57952f46cd1c4ba2607b7ac647ae2204b0ad822fc227d97d4d1a271432104b1dd625d2e886b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
13KB

MD5
b9629c61d047a11d4988ac14eeb0ae9b

SHA1
5706dcb9f7e0ef122e4f36c1d570a66d954c37dc

SHA256
7ab9dd37dc6325d585f97479faeeb9a7ff424c84d9fa0d472a233a567b517d24

SHA512
3424fc77d40093a67e920fb243c45d3ef107f89f7fcb282434b9d463425c3128aa61d32eaafb24fecd35bd91ed23aa43e4abfca3b6ef14c3a15f6a71ffceda5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
19KB

MD5
af608038daaef004fdbc0bc3e833eea1

SHA1
04732db9e59da547fe692c3dec1d428b8e8b1f50

SHA256
5626e7c87b2d67fc83703b1d8ddc29d15d02d52eecdbf29d7cd21571322d93fe

SHA512
7574fa16249185ba430f5b2a2b495692ea96c57dcdfa6af684bc4cf34164713f724b1f71e1e14e25a09ace314ab25f9983ae0a81e4c600f9988e4a7a1c819e08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
0f054e360613cc0f5cf9a145084db657

SHA1
a8f5c95c3bcb5e6c5bc6d00c49512f2a6b2faaa6

SHA256
319cb43a174f673d427194cab7ad79308a22604673a20d03bc75c6b3ec5efca8

SHA512
b0dd3db1ba215523fbfd8eef61527173ea79d94d70214e708e54f233eddfca8f9e81ddc5f448fd6187f60c3c3a630578999adef5c72bc1bb842d3497a1c56449

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
3e9a273ca861a3f7aba190f9c7125625

SHA1
4f7bb594b0d0e91aaefd432ab3131a14e0928a5e

SHA256
49ecc696d89561b271d5577dd59a1d5a534d739af92092acd079c0d9155c5a57

SHA512
c7eac45916591c3ff70b4024ad10d795edb042436758dee322134ef48a835b10aa089fb8e719c8ae0f1919f9ec38aac570e006208c2ae651c5e1055b3a571738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
5af9542ea27762445989b806ca0362bd

SHA1
d8b86f905f737fa6cf524d258dc3ac3a09d992af

SHA256
5808176d48e7a5a80531914e0f406fbeebaaff03fe93fe3455220094e1dcd2a1

SHA512
659e7b64b85c33e4d0cc2d7c7d950107f208b6fbdb7b85b87c62c37a5f333ddd446228c05d1053d8c4406cafc49cb1c4cbb83da79b3be4260d46e9f5a8e61c78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
4db20831f09b0b2e9843ca514bdb4f95

SHA1
56e3d0b8ea4fb0f5388b434b2698f74257a8610c

SHA256
a2b9b2d63b218d3b0a3991860a1af75bb7b0a4920d61368ef483b2b72702315d

SHA512
fb177b818323d74842f67c83a34d97ce6be27aa0c15ea2f38f6e29b270d4ab121edf015bcca47a5c42c858eeabc92ab99862d290093efeec7337744e163dda1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
8KB

MD5
7df23e37678b65eaed830a693ea64478

SHA1
a322b1c026d6c850e216adc94fab9bdce6158a11

SHA256
f73cb8e7435bb4590733c6d0b15b365400127a58a4b5d4d9c16c562bc44b2e67

SHA512
c92f5ba83eceb918a8da05c7f0503fdf70a4a1efb443b5200e251248642fcec2de15e5286ce0774021e8e84f9c0c5f1ead0e465d137d5e6275d9d56eb62203db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
10KB

MD5
6d2e958f0ed939ac8793359f2d36207c

SHA1
34860c2492dd930e6e099400561943ac90d34bf1

SHA256
359dfe8e79219a994d6e05d111d99ba5874c136b6de6fe0181a8319950a3e894

SHA512
a089c10ed02b7d28d794662b5e3246569d3325f15fda80e07920c6c3818a6c4da83f785d643faf965ef32b93e0650673aa49194fbd86006d448319d291c64724

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
10KB

MD5
b56a4e1ec07bb9df0b1251249271b4fd

SHA1
c9e060808e6f8ad53735bd8eeb449c2372d04ac0

SHA256
b6d4ad34dd202039b83f7a7b28a6ec94e73f699d802784248aad7041ac4902ba

SHA512
c96daba0051e38a366fd8706d9fdadc0a86b0167dfbe1c2a964fa9f4f5623aaa662c60661d7a83d67086e148b51dbacba1ed648b97e2b40bca1e0638312a93bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
10KB

MD5
91fa641a45df46f295329a9da9232359

SHA1
91059dc688155fecf7fd02d46f0bd476be68728a

SHA256
2b37045b6eec289f3e15cd0626fdfe80e577f7b276780b889ad4910b0a6bc59c

SHA512
d484fe265b441aa48916c85277dfc01a41022226953a6dc26649dce6c822251cb3be5ba062cbc487d67155a0c3eb5eaa946fb5b61e725bc9c561dd3a9f73353b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
10KB

MD5
6136ec8da88427ad5fc0df2f865ea7a3

SHA1
4d01f84dbd4c7737c1f658f467a4d89749a460f1

SHA256
a0decbb66f86931d818abd14f91a4b5d13d50cffd9ac5eeb6df4930bff8fed87

SHA512
f8451f97233bedc4daeee3e4a282a6d4ddb648353eef5bcb7390fc7fdf3fbdf5309f0601cb2fada617f7f4a40ec588b43d5d6c05bdd604169433ac5cc546199e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js
Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
5b02086641186c212970cb94bc73f563

SHA1
6f05367cb63ffbc796f0742a2444426f89d3e73f

SHA256
4bdd51af09c5dee6b647b8a77281016d70e34f8c4f05cf1e72bbb59ad9509921

SHA512
45c523ec44ac7d49f2f901d0e7e36e499b2b615f102636fb35d8ef0b22fb02d7763d1b5325d93da9ba07852ddea06cb67fec7d6e7e55055075b187e8d226fb45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
dba0c4c7e8d3c97a04a80cc4c1184c48

SHA1
8e17049421f92f631aad48d6493f892df30cc72e

SHA256
374455d9cefdffe8bf0bff34cec418801039445b9151c4f8270b71f0783286e3

SHA512
b5bfaf96cd9ac5e648932fa1e295915ba464efccf98b8fe06a2335e58106e806b465a34a7bc88ac30af3d27cd5bb7de09b28952a67d53d8cceb9c24fdec008de

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
dd07895eb47b90e9647f9ead56cfad98

SHA1
abb659ab27a7228ae477cf441a64989a145d662f

SHA256
eef40a123aa7c02f0f19808cb76fb6e36790482e446ffd14aa83c1fe5728bf87

SHA512
27bf9992cc83e0f29af3b9dad8b9364742bf9876a367a159346f5e5a44488122b9a9d4331234e6486482444300e170d3e02c2f07a9c9c68cdc5c15af025887f7

Download Submit
C:\Users\Admin\Downloads\Bon.IFimivDq.zip.part
Filesize
49.8MB

MD5
65259c11e1ff8d040f9ec58524a47f02

SHA1
2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

SHA256
755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

SHA512
37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe
Filesize
22.6MB

MD5
2c46460b0b6c89f4993db4ab214fc9ee

SHA1
0a8b0696a59d2635f2303a4f2302cd97ea6d835a

SHA256
7efd1055ea05a8fb0e8dab395b68017720d468d3ffb3ef3baeb501f809528827

SHA512
e79fc7a3bdea24e2425f56b94399b7b732436bec6dc5de3e416a0e0e43ddd8044fc83992f4a1d7a1f86397957f808ce93a40c58c1101566af77a0f62e85a7c44

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\msagent\chars\Bonzi.acs
Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs
Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
memory/644-155-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/644-133-0x0000000000480000-0x000000000065A000-memory.dmp

Filesize
1.9MB

Download
memory/644-134-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/644-163-0x0000000009180000-0x000000000918A000-memory.dmp

Filesize
40KB

Download
memory/644-149-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/644-135-0x0000000008020000-0x0000000008028000-memory.dmp

Filesize
32KB

Download
memory/644-136-0x0000000008050000-0x0000000008070000-memory.dmp

Filesize
128KB

Download
memory/644-140-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/644-154-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/644-139-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/644-138-0x0000000008F70000-0x0000000008F7E000-memory.dmp

Filesize
56KB

Download
memory/644-137-0x0000000008FB0000-0x0000000008FE8000-memory.dmp

Filesize
224KB

Download
memory/828-615-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/828-622-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/828-579-0x0000000000980000-0x0000000000988000-memory.dmp

Filesize
32KB

Download
memory/1140-646-0x0000000004D91000-0x0000000004D96000-memory.dmp

Filesize
20KB

Download
memory/1356-7899-0x00000000001E0000-0x000000000072A000-memory.dmp

Filesize
5.3MB

Download
memory/1704-550-0x0000000005710000-0x0000000005730000-memory.dmp

Filesize
128KB

Download
memory/1704-561-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/1704-555-0x0000000004E90000-0x0000000004EA0000-memory.dmp

Filesize
64KB

Download
memory/1704-619-0x0000000004E90000-0x0000000004EA0000-memory.dmp

Filesize
64KB

Download
memory/1704-623-0x0000000004E90000-0x0000000004EA0000-memory.dmp

Filesize
64KB

Download
memory/1704-624-0x000000000D650000-0x000000000D750000-memory.dmp

Filesize
1024KB

Download
memory/1704-556-0x0000000004E90000-0x0000000004EA0000-memory.dmp

Filesize
64KB

Download
memory/1704-554-0x0000000005840000-0x0000000005944000-memory.dmp

Filesize
1.0MB

Download
memory/1704-546-0x00000000055E0000-0x00000000056E2000-memory.dmp

Filesize
1.0MB

Download
memory/1704-545-0x0000000000440000-0x000000000055E000-memory.dmp

Filesize
1.1MB

Download
memory/1704-618-0x0000000004E90000-0x0000000004EA0000-memory.dmp

Filesize
64KB

Download
memory/1704-617-0x000000000D650000-0x000000000D750000-memory.dmp

Filesize
1024KB

Download
memory/1704-616-0x0000000004E90000-0x0000000004EA0000-memory.dmp

Filesize
64KB

Download
memory/1704-557-0x0000000005780000-0x00000000057C6000-memory.dmp

Filesize
280KB

Download
memory/2132-7684-0x00000000062D0000-0x00000000062D3000-memory.dmp

Filesize
12KB

Download
memory/2132-8043-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2132-9163-0x0000000000120000-0x0000000000508000-memory.dmp

Filesize
3.9MB

Download
memory/2132-9164-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2132-7682-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2132-9928-0x0000000000120000-0x0000000000508000-memory.dmp

Filesize
3.9MB

Download
memory/2132-7419-0x0000000000120000-0x0000000000508000-memory.dmp

Filesize
3.9MB

Download
memory/2132-7801-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2132-9630-0x0000000000120000-0x0000000000508000-memory.dmp

Filesize
3.9MB

Download
memory/2132-8037-0x0000000000120000-0x0000000000508000-memory.dmp

Filesize
3.9MB

Download
memory/2132-7800-0x0000000000120000-0x0000000000508000-memory.dmp

Filesize
3.9MB

Download
memory/2744-620-0x0000000004D70000-0x0000000004D80000-memory.dmp

Filesize
64KB

Download
memory/3300-5582-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/3300-6228-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/3300-6067-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/3632-625-0x0000000005140000-0x0000000005150000-memory.dmp

Filesize
64KB

Download
memory/3632-621-0x0000000005140000-0x0000000005150000-memory.dmp

Filesize
64KB

Download
memory/4656-7904-0x0000000000D00000-0x000000000124A000-memory.dmp

Filesize
5.3MB

Download
memory/5132-7898-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/5132-7847-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/5180-7926-0x00000000001E0000-0x000000000072A000-memory.dmp

Filesize
5.3MB

Download
memory/5352-7897-0x00000000001E0000-0x000000000072A000-memory.dmp

Filesize
5.3MB

Download
memory/6140-7936-0x00000000001E0000-0x000000000072A000-memory.dmp

Filesize
5.3MB

Download
memory/6736-9922-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/7488-9975-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/7488-9997-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download