13fc9c8ff624f7b62e9e8281678bc4dd4ae35112e437eff0a32f18049eaf564a

Analysis

max time kernel
1166s
max time network
1228s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
06-04-2023 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirtualBox_Windows XP_05_04_2023_20_39_32.png
Size

514KB
MD5

d5691c8c26d810e2f66e738a459dc46a
SHA1

0bb23f9615082aef142a5e53014179e2d3f9f108
SHA256

13fc9c8ff624f7b62e9e8281678bc4dd4ae35112e437eff0a32f18049eaf564a
SHA512

ec6ef3c42fa717bb9abd7c6d4d4fa0cb3f016fdec0dcbcf31cf22a0de3f1f743ff9c407c8311cdb695b622a1fc852417d39505dafa002559b2552e6f339b3b7d
SSDEEP

12288:jJsTBUcsEaUZBvNjJhl1QaAB8JhKwqtJsmOEYNZ91Lgon2RIadYq7:jJubq+BvNt1QFk5qz3YN+IoYq7

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

MSAGENT.EXEtv_enua.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NavaShield.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	NavaShield.exe

Executes dropped EXE 8 IoCs

Processes:

MSAGENT.EXEtv_enua.exeAgentSvr.exeBonziBDY_4.EXEAgentSvr.exeNavaShield.exeNavaBridge.exeNavaDebugger.exe

pid process

6008 MSAGENT.EXE
6032 tv_enua.exe
4288 AgentSvr.exe
5060 BonziBDY_4.EXE
1280 AgentSvr.exe
1660 NavaShield.exe
5116 NavaBridge.exe
4576 NavaDebugger.exe

pid	process
6008	MSAGENT.EXE
6032	tv_enua.exe
4288	AgentSvr.exe
5060	BonziBDY_4.EXE
1280	AgentSvr.exe
1660	NavaShield.exe
5116	NavaBridge.exe
4576	NavaDebugger.exe

Loads dropped DLL 49 IoCs

Processes:

BonziBuddy432.exeMSAGENT.EXEregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exetv_enua.exeregsvr32.exeregsvr32.exeBonziBDY_4.EXEAgentSvr.exeNavaShield.exeNavaBridge.exeNavaDebugger.exe

pid	process
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
4444	BonziBuddy432.exe
6008	MSAGENT.EXE
5244	regsvr32.exe
1640	regsvr32.exe
4088	regsvr32.exe
4464	regsvr32.exe
4344	regsvr32.exe
5048	regsvr32.exe
3268	regsvr32.exe
6032	tv_enua.exe
4776	regsvr32.exe
4776	regsvr32.exe
880	regsvr32.exe
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
1280	AgentSvr.exe
1280	AgentSvr.exe
1280	AgentSvr.exe
1280	AgentSvr.exe
1280	AgentSvr.exe
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
1660	NavaShield.exe
1660	NavaShield.exe
1660	NavaShield.exe
1660	NavaShield.exe
1660	NavaShield.exe
1660	NavaShield.exe
5116	NavaBridge.exe
5116	NavaBridge.exe
5116	NavaBridge.exe
5116	NavaBridge.exe
5116	NavaBridge.exe
4576	NavaDebugger.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

tv_enua.exe[email protected]

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	tv_enua.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NavaShield = "c:\\Nava Labs\\Nava Shield\\navashield.exe"	[email protected]

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

[email protected]

description ioc process

File opened for modification \??\PhysicalDrive0 [email protected]

description	ioc	process
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in System32 directory 3 IoCs

Processes:

tv_enua.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\SET853.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET853.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

Processes:

BonziBuddy432.exeBonziBDY_4.EXE

description	ioc	process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\empop3.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\s1.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\registry.reg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\speedup.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\favicon.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Uninstall.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Reg.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Uninstall.ini	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBDY_4.EXE
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif	BonziBuddy432.exe

Drops file in Windows directory 56 IoCs

Processes:

BonziBuddy432.exeMSAGENT.EXEtv_enua.exe

description	ioc	process
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETF239.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETF226.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETF26A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET6D7.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\SET821.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File created	C:\Windows\lhsp\help\SET821.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET833.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\INF\SETF28C.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET6D7.tmp	tv_enua.exe
File created	C:\Windows\fonts\SET832.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETF29D.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SET833.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETF24A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETF26A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETF238.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETF27A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETF2AD.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETF28B.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETF29D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File created	C:\Windows\msagent\SETF24A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File created	C:\Windows\INF\SETF28C.tmp	MSAGENT.EXE
File created	C:\Windows\help\SETF2AD.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SET832.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SETF2BE.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET6D8.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETF239.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SETF2BE.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File created	C:\Windows\msagent\SETF2CF.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETF227.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETF238.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETF2CF.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET6D8.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETF226.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETF227.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File created	C:\Windows\msagent\SETF27A.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETF28B.tmp	MSAGENT.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 28 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exetaskmgr.exefirefox.exefirefox.exeNavaShield.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	NavaShield.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	NavaShield.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

Processes:

BonziBuddy432.exeregsvr32.exeAgentSvr.exeBonziBDY_4.EXEregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}\TypeLib\Version = "1.1"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\DefaultIcon\ = "C:\\Windows\\msagent\\AgentDP2.dll,-201"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ProxyStubClsid32	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ = "IButtonMenus"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}\3.0\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE7-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSCommand"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1\ = "Microsoft Agent Control 1.5"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976287-3692-11D0-9B8A-0000C0F04C96}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCommand\CLSID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\ToolboxBitmap32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Control	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinItem\CLSID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\InprocServer32\ = "C:\\PROGRA~2\\BONZIB~1\\ACTIVE~1.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\ = "Internet Control URL Property Page Object"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\MiscStatus	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4F7AE600-0142-11D3-9DCF-89BE4EFB591E}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CPeriods\Clsid	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\VERSION\ = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{07D0E280-EF44-11CD-836C-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{643F1351-1D07-11CE-9E52-0000C0554C0A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976287-3692-11D0-9B8A-0000C0F04C96}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}\ = "IComMoveSize"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\BonziCheckers.ocx, 30000"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\ProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6}\ = "clsStoryReader"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinLabel.1\CLSID\ = "{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD33B25E-E99D-40C3-B5C5-7F5C3F130777}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame\CLSID\ = "{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\ = "ISSStyleSets"	BonziBuddy432.exe

NTFS ADS 3 IoCs

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\NavaShield.zip:Zone.Identifier	firefox.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

2256 regedit.exe

pid	process
2256	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exemsedge.exeNavaDebugger.exe

pid	process
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3268	msedge.exe
3268	msedge.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe
4576	NavaDebugger.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

NavaShield.exeNavaDebugger.exe

pid process

1660 NavaShield.exe
4576 NavaDebugger.exe

pid	process
1660	NavaShield.exe
4576	NavaDebugger.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

firefox.exeAgentSvr.exeAUDIODG.EXEtaskmgr.exefirefox.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	3164	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3164	AUDIODG.EXE
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: SeDebugPrivilege	3548	taskmgr.exe
Token: SeSystemProfilePrivilege	3548	taskmgr.exe
Token: SeCreateGlobalPrivilege	3548	taskmgr.exe
Token: 33	3548	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3548	taskmgr.exe
Token: SeDebugPrivilege	4612	firefox.exe
Token: SeDebugPrivilege	4612	firefox.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: SeDebugPrivilege	4612	firefox.exe
Token: SeDebugPrivilege	6108	firefox.exe
Token: SeDebugPrivilege	6108	firefox.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: SeDebugPrivilege	6108	firefox.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe
Token: 33	1280	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1280	AgentSvr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exeAgentSvr.exetaskmgr.exefirefox.exe

pid	process
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
1280	AgentSvr.exe
1280	AgentSvr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
4612	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exeAgentSvr.exetaskmgr.exefirefox.exe

pid	process
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
1280	AgentSvr.exe
1280	AgentSvr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
4612	firefox.exe
4612	firefox.exe

Suspicious use of SetWindowsHookEx 46 IoCs

Processes:

firefox.exeBonziBuddy432.exetv_enua.exeMSAGENT.EXEAgentSvr.exeBonziBDY_4.EXEfirefox.exefirefox.exe[email protected]NavaShield.exeNavaBridge.exeNavaDebugger.exe[email protected][email protected][email protected][email protected][email protected][email protected][email protected]wordpad.exeOpenWith.exehelppane.exe

pid	process
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
4444	BonziBuddy432.exe
6032	tv_enua.exe
6008	MSAGENT.EXE
4288	AgentSvr.exe
5060	BonziBDY_4.EXE
5060	BonziBDY_4.EXE
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
1376	[email protected]
1660	NavaShield.exe
5116	NavaBridge.exe
4576	NavaDebugger.exe
2032	[email protected]
5300	[email protected]
5764	[email protected]
5156	[email protected]
6000	[email protected]
5296	[email protected]
5896	[email protected]
2544	wordpad.exe
2544	wordpad.exe
2544	wordpad.exe
2544	wordpad.exe
2544	wordpad.exe
2544	wordpad.exe
2112	OpenWith.exe
2112	OpenWith.exe
2112	OpenWith.exe
2112	OpenWith.exe
2112	OpenWith.exe
5896	[email protected]
5896	[email protected]
5896	[email protected]
6996	helppane.exe
6996	helppane.exe
5896	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 4896 wrote to memory of 3956	4896	firefox.exe	firefox.exe
PID 3956 wrote to memory of 688	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 688	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4252	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4308	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4308	3956	firefox.exe	firefox.exe
PID 3956 wrote to memory of 4308	3956	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\VirtualBox_Windows XP_05_04_2023_20_39_32.png"
1⤵
PID:3340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.0.1755794001\292213616" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8573f05d-51ba-4e7f-89a2-35bd0f8fbd28} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 1944 1a0aef17158 gpu
3⤵
PID:688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.1.1864291687\1936704803" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33bdf895-3a2d-480b-81e5-1bead8647c8f} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 2332 1a0a0f70758 socket
3⤵
- Checks processor information in registry
PID:4252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.2.1828752388\422752341" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 2864 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf4e34db-ad4e-48be-869c-deda9e2d3c33} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 2868 1a0ade90258 tab
3⤵
PID:4308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.3.1648521220\1557498599" -childID 2 -isForBrowser -prefsHandle 2508 -prefMapHandle 2504 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e95c2bb-d5a2-4b38-88cf-92abe08e7586} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 1296 1a0a0f71958 tab
3⤵
PID:5108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.4.225476857\1289594604" -childID 3 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c3282c7-3e5f-494d-9d16-faff636e8e2c} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3976 1a0a0f62b58 tab
3⤵
PID:1600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.6.1755883160\862939126" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {791805d1-d225-4dd4-94ae-ffb2bf76a3dc} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5040 1a0b461bc58 tab
3⤵
PID:3672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.7.1656289552\1414559527" -childID 6 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fe92473-6825-44cb-86a4-b4fd0a0ac720} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5320 1a0b461b358 tab
3⤵
PID:5028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.5.1287136925\1606935516" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5020 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4d341cb-31dc-4b14-ae05-dfc771f7c1e7} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5032 1a0b04bee58 tab
3⤵
PID:4900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.9.1101842293\1726447295" -childID 8 -isForBrowser -prefsHandle 5912 -prefMapHandle 5916 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02f56a0f-53a1-4183-bc7b-f7040f752a0a} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5904 1a0b0e58158 tab
3⤵
PID:2352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.8.1069448256\929232233" -childID 7 -isForBrowser -prefsHandle 5776 -prefMapHandle 5772 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {701ccd7b-0ab9-4ab4-b14f-facd1e1e1581} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5784 1a0b3ccde58 tab
3⤵
PID:5100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.11.2066363259\1473052956" -childID 10 -isForBrowser -prefsHandle 6444 -prefMapHandle 6448 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32762dd6-c710-4c71-bcd2-705bb598fed8} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 6436 1a0b5f26b58 tab
3⤵
PID:2864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.10.500265711\172967017" -childID 9 -isForBrowser -prefsHandle 6316 -prefMapHandle 6312 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9a60c54-1dc4-447f-b743-c6a81af72b20} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 6324 1a0b5f26258 tab
3⤵
PID:3216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5564

C:\Users\Admin\Desktop\BonziBuddy432.exe
"C:\Users\Admin\Desktop\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4444

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
2⤵
PID:4852

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6008

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:5244

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
4⤵
- Loads dropped DLL
PID:1640

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
4⤵
- Loads dropped DLL
PID:4088

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:4464

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
4⤵
- Loads dropped DLL
PID:4344

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
4⤵
- Loads dropped DLL
PID:5048

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
4⤵
- Loads dropped DLL
PID:3268

C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4288

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:3684

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6032

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
4⤵
- Loads dropped DLL
PID:4776

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
4⤵
- Loads dropped DLL
PID:880

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:2896

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5060

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x324
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3164

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.0.671520129\830904343" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232727 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3f20acc-b3cf-4197-9ff3-95db21be3171} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 1932 197602d8b58 gpu
3⤵
PID:4664

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.1.1761217286\520438313" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2308 -prefsLen 20926 -prefMapSize 232727 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bef8772a-9261-463e-b5d1-93c646eece34} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2332 1975fbeee58 socket
3⤵
- Checks processor information in registry
PID:6060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.2.187932128\888109186" -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 2964 -prefsLen 21009 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f008fdc-aad7-4f79-82c7-e2e18338753f} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3048 197639f5258 tab
3⤵
PID:432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.3.784081848\1652785683" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 25686 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {432f2229-a8c5-408f-92aa-e8e5e8a89e33} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3488 19762760058 tab
3⤵
PID:668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.4.322202635\1984454347" -childID 3 -isForBrowser -prefsHandle 4428 -prefMapHandle 4424 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3ac1b16-0f0a-40e1-82b1-d51f27b7ff2d} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4440 19765045e58 tab
3⤵
PID:4232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.5.669078217\1935928437" -childID 4 -isForBrowser -prefsHandle 4688 -prefMapHandle 4684 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13938019-b40a-485f-bfa7-dcf96bacf5c4} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4700 19765c0c258 tab
3⤵
PID:5868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.6.1802283564\830113073" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5364 -prefsLen 26606 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65b8b799-63a1-4da0-acf1-dd44f86f6f57} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5388 1976648d358 tab
3⤵
PID:5780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.7.1637522011\1444606543" -childID 6 -isForBrowser -prefsHandle 5716 -prefMapHandle 5748 -prefsLen 26781 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6710d775-8f59-4d29-9bd0-2adac8845320} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5416 19767fb9558 tab
3⤵
PID:4504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.8.1013119383\1063917214" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5520 -prefsLen 26781 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a60289-ffec-4226-af74-3400ca65ae36} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5208 19767fef558 tab
3⤵
PID:1744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.9.1963634868\1653900418" -childID 8 -isForBrowser -prefsHandle 5904 -prefMapHandle 5892 -prefsLen 26781 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {194829dd-2947-45a1-a365-3089f09f3376} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5880 19767ca4458 tab
3⤵
PID:1444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.10.1967583116\1011558741" -childID 9 -isForBrowser -prefsHandle 6368 -prefMapHandle 6376 -prefsLen 26781 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40bcdb7-8dd7-4981-9417-a45dc15d0c88} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 6204 19760ee4158 tab
3⤵
PID:3620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.12.1039097048\2037814287" -childID 11 -isForBrowser -prefsHandle 6592 -prefMapHandle 6596 -prefsLen 26781 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3b782c-d38b-498d-8cc4-7566cee15603} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 6584 197680ea158 tab
3⤵
PID:3180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.11.1698189428\655894962" -childID 10 -isForBrowser -prefsHandle 5264 -prefMapHandle 4664 -prefsLen 26781 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {327364ea-342c-4a0c-b7c6-396e1895a104} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4440 197680ebc58 tab
3⤵
PID:4936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.13.1137661518\2053792173" -childID 12 -isForBrowser -prefsHandle 4420 -prefMapHandle 5840 -prefsLen 26860 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7da346c8-2d6f-4e5f-b108-9794e54d645e} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5456 19753330858 tab
3⤵
PID:1664

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.14.1479888036\1892871855" -parentBuildID 20221007134813 -prefsHandle 5416 -prefMapHandle 5384 -prefsLen 26877 -prefMapSize 232727 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0568a492-ad26-4820-8d89-4e035ee69bdb} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5868 19766ef7058 rdd
3⤵
PID:6040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.15.536613241\185030182" -childID 13 -isForBrowser -prefsHandle 4944 -prefMapHandle 5516 -prefsLen 26877 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5655aa19-0e91-4299-8cf8-e601a68e310a} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5504 19767b18558 tab
3⤵
PID:6076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.16.789767813\95122239" -childID 14 -isForBrowser -prefsHandle 5080 -prefMapHandle 6040 -prefsLen 27142 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab0105f7-9228-40c8-be61-bbf6287e4357} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5108 19766fae658 tab
3⤵
PID:3548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.17.1849268929\1946903686" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6892 -prefMapHandle 6896 -prefsLen 27142 -prefMapSize 232727 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23ef971c-9c67-4cd3-aeef-27acc02854b4} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 6884 19761594658 utility
3⤵
PID:5368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.18.538598252\1417744875" -childID 15 -isForBrowser -prefsHandle 7068 -prefMapHandle 7072 -prefsLen 27142 -prefMapSize 232727 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b9f640-e81b-4eef-babc-380c217cae3c} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 7108 19761510f58 tab
3⤵
PID:5576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.0.1381095364\104770941" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20890 -prefMapSize 232727 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54282337-b1a3-436a-aa3b-10600cadb33a} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 1936 20bab8dc158 gpu
3⤵
PID:1968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.1.1621878437\1167546371" -parentBuildID 20221007134813 -prefsHandle 2324 -prefMapHandle 2312 -prefsLen 20926 -prefMapSize 232727 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeba92ec-025a-4ffa-a2d6-de647bdfca7b} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 2336 20bab3e8258 socket
3⤵
- Checks processor information in registry
PID:560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.2.1395297590\2139056871" -childID 1 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 21009 -prefMapSize 232727 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1f8cea7-9a3e-4c32-a95f-cdf9103c4266} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 3588 20baf418358 tab
3⤵
PID:4040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.3.273746296\1854730207" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 2800 -prefsLen 26466 -prefMapSize 232727 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b23d4a5-0063-4ee1-827b-4ad4191053fc} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 2888 20bb0608a58 tab
3⤵
PID:5448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.6.252295316\1315115113" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c12a6b0-5f41-4900-b451-5c333cbbf6b6} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 5224 20bb25f5258 tab
3⤵
PID:556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.5.241836624\1667162914" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5de1fd35-3f8e-4d2e-9097-d6aa2fb493dd} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 5028 20bb25f4958 tab
3⤵
PID:5276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.4.694567244\1777203795" -childID 3 -isForBrowser -prefsHandle 4848 -prefMapHandle 4764 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3e38b67-8a73-4183-a9f6-65dea821d563} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 4868 20bb25f4058 tab
3⤵
PID:3940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6108.7.1491247303\1820971840" -childID 6 -isForBrowser -prefsHandle 5540 -prefMapHandle 5564 -prefsLen 26781 -prefMapSize 232727 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07e6baf3-80bb-42eb-912d-8c0c55754c82} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" 5560 20bb4130058 tab
3⤵
PID:4888

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Nava Labs\Nava Shield\NavaShield.exe
"C:\Nava Labs\Nava Shield\NavaShield.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Nava Labs\Nava Shield\NavaBridge.exe
"C:\Nava Labs\Nava Shield\NavaBridge.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5116

C:\Nava Labs\Nava Shield\NavaDebugger.exe
"C:\Nava Labs\Nava Shield\NavaDebugger.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.analsexlessons.com/
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
5⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
5⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
5⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
5⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
5⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
5⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
6⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
5⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
5⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
5⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
5⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
5⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
5⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
5⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
5⤵
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
5⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
5⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
5⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
5⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
5⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
5⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
5⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
5⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
5⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
5⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
5⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
5⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
5⤵
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
5⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
5⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
5⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
5⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
5⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
5⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
5⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
5⤵
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6980 /prefetch:2
5⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=3828 /prefetch:8
5⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
5⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
5⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
5⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
5⤵
PID:5668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
5⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
5⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
5⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
5⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
5⤵
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
5⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=7680 /prefetch:8
5⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
5⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
5⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
5⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
5⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=7608 /prefetch:8
5⤵
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
5⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
5⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
5⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
5⤵
PID:5748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
5⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
5⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
5⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
5⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
5⤵
PID:64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
5⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
5⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
5⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1
5⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
5⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
5⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
5⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
5⤵
PID:956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
5⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
5⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
5⤵
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9732 /prefetch:1
5⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
5⤵
PID:5928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
5⤵
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
5⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
5⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:1
5⤵
PID:6956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11012 /prefetch:1
5⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10636 /prefetch:1
5⤵
PID:6752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
5⤵
PID:6900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10700 /prefetch:1
5⤵
PID:6920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10922857654542858144,3855090219914049239,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
5⤵
PID:6176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.movieerotica.com/
4⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.euroextender.com/
4⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://greatsexmoms.com/
4⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://penis-enhancement-secrets.com/
4⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.movieerotica.com/
4⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.hentaixxxsex.com/
4⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.clubsapphic.com/
4⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.xlxx.com/
4⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.primotgp.com/
4⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xd4,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.analcravings.com/
4⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pervertedmilfs.com/
4⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.movieerotica.com/
4⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.wildlatinagirls.com/
4⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:6196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.thaigirls100.net/
4⤵
PID:6284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:6344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.petitebeaver.com/
4⤵
PID:6652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:6804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bigdickacademy.com/
4⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:5516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.interracialtv.com/
4⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
5⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7a9947cbh3c14h478chb27fh8d0ad14c8e97
1⤵
- Enumerates system info in registry
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
2⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,6514570121115986451,15774449073331330423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,6514570121115986451,15774449073331330423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,6514570121115986451,15774449073331330423,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2220 /prefetch:8
2⤵
PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:5300

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:5764

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:5156

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:6000

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:5296

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5896

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
3⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
3⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
3⤵
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:3104

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
4⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
3⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
3⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
3⤵
PID:6732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:6784

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
PID:6904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:5056

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
3⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
4⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
4⤵
PID:6688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
4⤵
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
4⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
4⤵
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
4⤵
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
4⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12067552153855777052,17091652333953808954,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
4⤵
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
3⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
4⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
4⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
4⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
4⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
4⤵
PID:6524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
4⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
4⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
4⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
4⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
4⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
4⤵
PID:6952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
4⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
4⤵
PID:7092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
4⤵
PID:7116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
4⤵
PID:264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
4⤵
PID:6632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1865658143647749276,1699443163529641584,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
4⤵
PID:3508

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
1⤵
PID:5952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5876

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
2⤵
- Enumerates system info in registry
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
3⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
3⤵
PID:6968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
3⤵
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
3⤵
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
3⤵
PID:7004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
3⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
3⤵
PID:6464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
3⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
3⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
3⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5216 /prefetch:8
3⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
3⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
3⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
3⤵
PID:6360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
3⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
3⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
3⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
3⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,144695794662572073,14713702135572294378,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
3⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
2⤵
PID:6932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8b0c546f8,0x7ff8b0c54708,0x7ff8b0c54718
3⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3f47855 /state1:0x41c64e6d
1⤵
PID:7092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Nava Labs\Nava Shield\NavaDebugger Libs\MD5.dll
Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger.exe
Filesize
10.0MB

MD5
47ef848562a159b2ce98d527ec968db2

SHA1
56b34310e8ede0437c422531bb89b2255a03cb3d

SHA256
7d899d2d33bde1c7f55ba0fcd4630b817e42e5cd1ceb8739511a990455275f90

SHA512
ac05354eacab4252e57151e98b8845d142b258590269ef92a724818623f2912b48341555ccc604a810e89ced3178ffc896ba116805ec3d129d9f6932296d935a

Download Submit
C:\Nava Labs\Nava Shield\NavaShield Libs\Internet Encodings.dll
Filesize
72KB

MD5
de5eefa1b686e3d32e3ae265392492bd

SHA1
7b37b0ac1061366bf1a7f267392ebc0d606bb3db

SHA256
a50e56dfb68410a7927ecd50f55044756b54868e920e462671162d1961bfe744

SHA512
c71270a5275f91214444449be4923a70243a9e2cd06afcc6fd28ab9f2cd2d930219ce8ed9ec008750b2611b62ed26b65cb57a75c6035201cd9657263d157d508

Download Submit
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
Filesize
7.8MB

MD5
c3b0a56e48bad8763e93653902fc7ccb

SHA1
d7048dcf310a293eae23932d4e865c44f6817a45

SHA256
821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb

SHA512
ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSVBVM60.DLL
Filesize
1.3MB

MD5
5343a19c618bc515ceb1695586c6c137

SHA1
4dedae8cbde066f31c8e6b52c0baa3f8b1117742

SHA256
2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce

SHA512
708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
Filesize
196B

MD5
a921dd07ab45fb890802cc9b176ca99d

SHA1
2b9e3e7cfbd5f85d95097b2a8e7c6ef6a643779f

SHA256
acc685208cbda3086ddca77f00b2ba68df843c1c31f7912b1dc4bd1764267aa9

SHA512
a5c2da6510b4a9dff740bdb416327d7e5bb561351813a402c1d9798a7b1bf8c2686c06de7bd6e6f9093a85083bfd3988538357f7190545a6b2134c6b0c54d6a2

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
Filesize
391KB

MD5
66996a076065ebdcdac85ff9637ceae0

SHA1
4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce

SHA256
16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa

SHA512
e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
Filesize
391KB

MD5
66996a076065ebdcdac85ff9637ceae0

SHA1
4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce

SHA256
16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa

SHA512
e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
Filesize
997KB

MD5
3f8f18c9c732151dcdd8e1d8fe655896

SHA1
222cc49201aa06313d4d35a62c5d494af49d1a56

SHA256
709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331

SHA512
398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
Filesize
997KB

MD5
3f8f18c9c732151dcdd8e1d8fe655896

SHA1
222cc49201aa06313d4d35a62c5d494af49d1a56

SHA256
709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331

SHA512
398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll
Filesize
1.3MB

MD5
5343a19c618bc515ceb1695586c6c137

SHA1
4dedae8cbde066f31c8e6b52c0baa3f8b1117742

SHA256
2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce

SHA512
708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4aa31bfb3e6b2ae0ecc0d8042aafb6ab

SHA1
d298eb1da391e888957bfd049a4c7af440cac865

SHA256
a597232ad5efe22f26080231f8761f0cee96ec6aa3713cf603f93af4db50c477

SHA512
7127695eb24a577d9c90e7ae0374523a0b35e1e45e7e961116751ec19b373973156d2a144ed93943c21da057fbdf99771ea187210698ed685cf83c8ace371a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
31c915c03ee50c4a6dcfe6b6bd190a0f

SHA1
a3c738cad17ec1bdd2713c289183bb9a36867957

SHA256
f9f77f63f129ee3f248efe014f4425b9a9d42132f03b28565402266493bccf81

SHA512
8021f5ea8f5ec0c5dd077f2bd398605b8e5304784e7570fe747e22991b49a9d60b173211d6bff219349d8b3797c07d6ac644d179bcfe4981064e64f1fba7e9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
75b2aaa35305093c6b15357f06824159

SHA1
56ab4361e2268e11e7533787da5e46c61634ae90

SHA256
642dcbd39bfb5151245dc56121697df6f3b945e1e8f8af52e29926d65d5535ee

SHA512
2e8a80a636cc3dd1d9760642937ee469bad16855be9d07d7d68503c30d0812e12cc1bb7c821ecca5c23299d99e43738e1ae5aa513e59f1ff0b18f6c5c76eed25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
223237b7a0e7ed6ce4cb45c2e1015d24

SHA1
d7edca756d3d74a44ead1e2bcb4628af3dc2dc87

SHA256
5ca0c580332968ae7dbd50113cd4d9b2f60d947f26e6b7750bba2c86a44bc3b2

SHA512
d521c727c22d2454df10b210f033773bd514368a590971f46d71854714ffcd4462cd45fe9d16787b307261797668d8cd591b6c6ad687836c2f9ee5fe1c5cfa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4744318e5fe32cba46b383ffea79688e

SHA1
47f7e9c4d01dd12f33aeeac674fc1e718c610e60

SHA256
fd35ea80b48e2c68ca91310e4b2f18862397955704ea44c3df70519dd70fb392

SHA512
67cc0fd71f423465c1bd5f26dd6b1758b6ce1221749aabe78df0e8b7ca8c4ed0d8a6185ce1ab608389ceeb9fe8dede2d531eab27ced2246b908782c2d308695a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1c94c0ce-c352-41c5-9df5-420ba3ac7a11.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
163KB

MD5
6bde28074427e975690733423d668367

SHA1
b8d2aa789010388c4fe6495e04e760c5fd4d7dee

SHA256
fc4c2a1d39247cbf2d2b7dbc38160277cccaa254bd8ec1a937d211170e747628

SHA512
957d12f3472901a7f3338aff80c15fec168baf60416337ccb197066487f92883dde19d45da680ac72a5b9d9d8dba1f03148ebb4dd22affd888acd67220f09594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c
Filesize
329KB

MD5
bc0f04daceda52af330733cf72b21162

SHA1
fa099e926f262a0ee416ff1ac55249e58d52c589

SHA256
f655912268656497113472d1a370c2d586677e9bf8ece23cf3b480bf86e41e8d

SHA512
8f12c110b8711f39e5d7dc1bf15a094ce002fa8810b4b9835db2eef846db194fd6e80e19c7e33c7ce3d436743b1df1d4021ee0f1fce4e54b637c48c65f507367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e
Filesize
64KB

MD5
1067041b8fa46bae06ebeac837cb67ed

SHA1
9a1e51cfe25d04692592f1dc13ce75058db813d3

SHA256
e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533

SHA512
d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
Filesize
70KB

MD5
b4fa0fd5b0872b3d6cf5a08ace4e7ffc

SHA1
ce48df1f52a8545b03d87337e1d93250ce8f89fe

SHA256
6a27b28c9707aa58be749aa55a132760cd79ed7ffb0d3e2c73e139abfef3c48f

SHA512
0ef75523e2bfbe43d957ef77b1ba2b0204929e16dcdf7cd05d1a5eda3236975fa622db4b5ffa5131cd39b1694365d23b47daf804ca93a68e1e30796aff9c5c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093
Filesize
61KB

MD5
f71b0894d35d9dffdcc3db2be42fa0df

SHA1
abfcb6ffe0b38228fcf03fcfd01e5ae7d363d9af

SHA256
bc12e3374035e04abc80bec91a6abccbc6f736c3f91ec29fcc5b715fb1b3dfd2

SHA512
bfb99588b5a33da1d78a2b79d0734029cf16cc85cba2c353361fd1187ea4fe3ad9baf250548edd96980ae07167a1026fae106c2f0fee8792d36479aa3b3350ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094
Filesize
50KB

MD5
6d81cd0d857a5d1728e08c77b9b0ae22

SHA1
3cc0e10ffa948e94df63f20a66f5190224c57d07

SHA256
703521ee76a6b56c41ea6bec08e91e25e64705acfce7abfc2ff9e75c3d92b2b4

SHA512
9d0cea67338db2e97b58f30e25c702aaeaa41ea0f480a5b2b0c8e9d2935e4ae65c10b1186507a5bcd86540c6b333b5856fe0902146e1a9ce57cd4ed0eb67d959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095
Filesize
107KB

MD5
36fe1a732c58b0925c88e9f5516a5783

SHA1
5c442ceeefb55696f32e57c79899ddf6385f5643

SHA256
257a3b8ba1825a852b21df00c49e77d09fdcbcab5a24c92f671ac004f770b0e9

SHA512
f44dfb9e71ef980dacc6e0d8a3231ffb412eafeb734502bbc11fb919ed6e3ce944f21d97918cf50c52aa049a6306c501167940d2edf941084d81be6a76216c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096
Filesize
614KB

MD5
277de866c9c8b879e012b7040febab96

SHA1
c882e8c0cfa0e82af0a744b59f109486f3e7a881

SHA256
923dfda1d6f629957586fda2f19217a36300255009433f0f87fbe85253c5a9cd

SHA512
5ebd8b2f6d78bc044a7d2a45065de4808e6ea50d1bc8e65846ce6cf5ee4abbcd6ff9e976588ebb10208dedb6746e25315b840c69768008e76bf15e25639dded7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097
Filesize
35KB

MD5
7907fff5c82145ca6492ca1e66e4a9d1

SHA1
9c156ca86348efaf4e83b406e5d8ba0bbe013a40

SHA256
09d42fdd3033d63c77451364aa11c99a2e74b5d10d0be476d4fa749c71e20bbf

SHA512
480684ad0e9c189bb03c3f19c98b0cf273c76cfc6401d694735091acde76442198c90ea649166744ba96d2b68d5f8cdc0004791d16723c79bf863a46df344fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf
Filesize
210KB

MD5
62b4da307ba31a180944b39da8937174

SHA1
efac952884d84f386afbfe1dab85c2e8a7ffde99

SHA256
ad9731384bb1b73707a5f5a9757574201095026a313d9ab19abf93a68b36ad19

SHA512
4497f11c5ac84f1211a84fb2d19e6793bf8aa4c8406fdc9b27d32aa46b1d53d4e52bf845f9fcbad5574e0fe6a039738dcd44b53cd25a387f04b14b890e752fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0
Filesize
411KB

MD5
061e897323afc51aba3ac1a8b8569049

SHA1
3b32509b130f29c0730b230deed11e5f321e428f

SHA256
f870456cd98056203be7a40a114fa42023875deb16a2b4e4279197a9b6c56ae5

SHA512
95fe46598561ca1090361cb90cc6495e5061866623136ff4ac57ac710da67d2b17c749544d982785da3d2768e7bd723d19e8e7faffc89346c34979af7eaedd9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000143
Filesize
864KB

MD5
1de4a798a53418d6aaee38e2ba1bacd8

SHA1
948a3130af9d2c8155bf331be586730f342a9699

SHA256
aa9b7b960426b03cae579d4f36c9339071a6b486eb9333879613d009792570e7

SHA512
a37f5e428a879d17215b7717b2ab4f204f8d68ba6620f3154fe2ea5070df3cc70b544bf9187b6e62441f65c26828c4bc68934277e104816d6a9d3323d4259df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000146
Filesize
125KB

MD5
4f10ece00d1aeaf1c79097c9f82e4ed8

SHA1
399273ebc9c24fbdf031af35d727baf485ed35b7

SHA256
3a406aa5fe95c04c0b52fe8af4822bff338baabbb57d3d467708700fdeb46929

SHA512
47fb23f318d9802c292d9902b8face2e4c327131f5519e947e93d83ed0092a27262b5594dfa2cd89df24478ccbda42ee6246296ca69bc70cb1c1047ae1aca954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000159
Filesize
509KB

MD5
2f89e4f5ae656594316bd3f1172b984d

SHA1
3fcabe5cd02b57957ea69106080d85bddf5e0a0c

SHA256
90d24553e7013bc5c42c09fc7429eeb7a2537baa2b22095e00a89a62681cde31

SHA512
1b86760cc410aa75ffb882f87dac1cf97e061e8695954a8b9092cc9c1e65ffc81aacd524057dda8553b43f162e00cd491d94868a63ed8317413b8a7c19fcbda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015f
Filesize
73KB

MD5
30686492c9fe3b3d93474c2ea1f8e667

SHA1
e401028343d1feb79527f9f65d6f986eeaacec18

SHA256
018a9ca0b2902d2cc37339a72ca3898434d3518dea48dff66981a9fb37b91aa1

SHA512
b80cc2b26bc95b618bc43989eb7aa2561f9679b3cc3f810ad5ef5434de5d01037a00d1e886860b032e7a1a4e8e4aa65b8c7b79ee0da3c4ae619198bdbcf71466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000161
Filesize
534KB

MD5
fc2020ec94b789df71912f9794eaa72b

SHA1
fd45247d914cd206eecd95ca1cf7aaab483a83e4

SHA256
2f6e7584bcb5f5408be42d1255df8bfb9b4b70a8ea00ab9654b0085cb7fafd43

SHA512
5772045729f5039d5bf0ffeb3e74f653b5afb734eb5de89617be6c6705bdb7f2b345bcbbe824c33363f87daea2beabc5430ab264f1b7c8347e2466918d88ae0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000162
Filesize
84KB

MD5
9c568e1aaf7d5c339c6435e58ada1012

SHA1
1033e16a272ae152945351df5a4a76b5a5071fe9

SHA256
9878225e02c9f05ca3a1315c69e105f1f4d88301e61502d72c85950592657919

SHA512
9d01057f83ba6f844086c397b708ae701df2ecc6aed195d4d4cb7cd66a7412c154f2d89a14289dcc1011262708d684ba651d150ed79669e79513cd619c9154c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000174
Filesize
1024KB

MD5
b57b0f54d0e81e8f94e0f3540e7f965b

SHA1
6109a20e8dcc110dca450745be6042082c8bef75

SHA256
44c1cf22d7b2d3c3c460f32b107fbed3cf24a064cf270104803b81690438417f

SHA512
e6824aef239dfb499a4c1e9785ce9f81123e57c1f81bee07665adc6cd39139919198fe862db8e0b66eacc66a20a772742003ecc5f0b8bc3efe9a9283828fe473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001d3
Filesize
23KB

MD5
e5851fdd598e6c7d1020e8762d4e7b4d

SHA1
5c22463a258bd2552d32e4712ebc46f137bec857

SHA256
49141a82a3df7a349d02060703082a302942679240a2559f584ddcfd669bcc2f

SHA512
d41aee21591583d38fefab4c99dd3b7af68a084f835a9ae22fa9d1aac82a46679a5bae77543651b324a0327d4c77e1dfc53f2b035576ba4020a8fca6e00adfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0002af
Filesize
24KB

MD5
4d8679111c0c14c9a357b38aa924ea6d

SHA1
1464d380253f9869bedd3fd43d853847ce4f6599

SHA256
89c363bc04c57c6a027a2a71148a9b929b4a69ece2c5d250e6ed5904fe70846b

SHA512
5ce397a65eb51a3e07aef6cd33753685990a3d70987f879501fd224ffbe42cf188fcd03c249257dbd121f4013ab51cb28dcbb25fdb10c8aace805dff9b88bac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003dd
Filesize
62KB

MD5
c75e16ebee81303c7d361cff076c69a7

SHA1
ed658ee2e5f92380ec1cddb47d9294d26980ce69

SHA256
da5719acdf85d2d237fa2afe4cee6fb0c81e42dd8f4d5e85d674932d79a23e00

SHA512
dcde0b218d0288af970d1a2a84ea3f4d203a7148fcb328ce0b6b72fdf49e7f39bfa61242e4a5ebe884daec18387be8582f59157b985265e4ba3fca78721ca381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003de
Filesize
67KB

MD5
a69d5a892093579ba2eb14e030cb887b

SHA1
1138a13f8c61e87ffa9f611345fbe1c57d836725

SHA256
7076781310ea6ad20afb3e8d4089aa877eada0cf19684b44a615d779c1427f65

SHA512
85a8327fc6ac3f7eef2a96454e3dd7a284c99fabf8f6d814382714d3ed8ea21f7f7b6d599953fce74989a64a4c9875db844bca0710b333646be1f783edf7d6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b0dd80f82db32f0_0
Filesize
281B

MD5
a23b039ba304ef748764065ccbbc8478

SHA1
0cc43862c5686568a6989c51fdfe83f3a42f1fe9

SHA256
2d07c5600aa76059bc7a8cf779037e2790277dff64d0bed255492071e17f2dd1

SHA512
95aed08bd958aa6d3ceb21b8e8f1485d1710aa90564c5d73c6a82ec0879efbacf0bf90ed8a69f615cf4d5bc9c308f000f803108f98e35b60cf4e5fef8b4a8d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46b0fdfd64580234_0
Filesize
136KB

MD5
c87c71d3df61c11369d233418d9bd497

SHA1
0d771979cfbc3910a6fb5544ae465748e3d26587

SHA256
5879f19f2b0a470bfb2ae70e2fe7150ff221618eb02f2f0b2bbdc1d943c15fde

SHA512
90502e3cd17af8f80a48a0c2997c00785d2683a388cff78b91f50475ea852ea834ada12bdc7f9cca4dbc070903973de7dc4a30e19a05bd31db679fbcd54ae0e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ccae0f086ff811_0
Filesize
388B

MD5
a70dedd162335c4cd86e61fd6efabb3e

SHA1
6b152f7bb654526a6165011c5aee1d95bdd47ef5

SHA256
8e1205d983d71bdd689cc1c16d6c974676a2be04946198a9a9651868f64fdeb7

SHA512
07ea7a061f98c0058dd928c93b667c421840ed2d4a7c92eb27451455b2e0972766dba9385baccc1307b247385fc55ee3da4c9e4c8aba713d0483307c206134d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\541338f8a4f8f153_0
Filesize
8KB

MD5
bcd9de474153080e193f3793ee22cf47

SHA1
d3952a3a5272a378533cd67e0af6e5224cdb2f7e

SHA256
db13edf54ed3e87174f2280b63023e84276a8c932d77dcba396549037c012eab

SHA512
77e224d890140406cd9fc8d6ee12a6036fffa7220a48ec1add25767cbf3c9f6f0c32d4c81ea0439f33de265542861a0c227ae581379e90c2a35b92473355a713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a8edbd5d69ddd76_0
Filesize
72KB

MD5
b17385ea715218b4d1afbbb0ac5ed99e

SHA1
08343155e47724f71873a6fa9257e8780641ae33

SHA256
7b8a38b67a34eb04ebf72109730fc14f1e3b9ff0898a964c7a331a39a8b30d7f

SHA512
7e6efd7dc857ddc0df698bbf3f22f97bfd202495b4e46eb0720724a2adf8554244a9d1eb0ffd031ce2589458e90d9cdf078eaba5db99b1fdab6b242ff91f3107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d6a50cc86ca8fcb_0
Filesize
502B

MD5
e3f6ab6ad57477e0e1f06d6ffc97962f

SHA1
2a54d7fde14fd5c0deb2e5b372d3efea55b91d98

SHA256
2854af07cf0e20fa8c4d74974929cdeb2a1a5dc6d5f8a42739b00e81448b2af6

SHA512
0baa12da8f850db3d601b7a22d65189805760b2feaf4e027e384c90e7ae70349751535aa8feca12875823624d2eee900f2bfd687afae03bdf61a19992fa7802a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b011c5c25d4f0ba_0
Filesize
413B

MD5
49a80a246fb1e2e27fc8decf75dcfecb

SHA1
9aa092ab62e7c34a9f6350998fdb89c99eefc1fd

SHA256
dca49b478b7fa03922f0caed0a4044af09105e48dbe64394b7c8601be9c755d3

SHA512
1f1ee35fb52b9e80c518fad3fbd4b7377a7557ce57b124e65a56277e535c9a150b1396a45bbd747c38facd45487b2c2a03264e6e1d3ab0af8985eb3d691898db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4cb1d7acd9dc99a_0
Filesize
205KB

MD5
bdec631cc3444aa122cb3afb08fce0f3

SHA1
aee8c801afed4777983ee4e7f8cd808e0edecd63

SHA256
de0543265210394a929f6ea941090fb2bb74ed4912fc90fc3b05b143a8ad8a88

SHA512
c0c1453595c90b39d526ee608d3db2cfb71339b55978a7040b0ea2aa0906bec10d242cafa35bed6724e11a76ef3601e4ab7f07ca7b16189aed1e5e90548fc735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c97d9f551e3bef1e_0
Filesize
59KB

MD5
0154f40ee8cbaae6abd9e0ab374af5c2

SHA1
1acc90fc6944ff4a2b80528b93e49ddde94c597f

SHA256
96ced932448aa3348fd8cb88f57ebd84f35376d5ad33419215942330d5d02432

SHA512
80d359bb8c8a0c3e11d0839d7160fe5e54fc317f2823a1f714af570b8414d0575b04f3b98bb74000fd286c8978f304620526127d11eb6ae566f5581cb658ec9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1c9e20060c14086_0
Filesize
124KB

MD5
569d49d8b9307eb0206bfb3a4d5f8624

SHA1
c0bfd6e01c932da08bbc738fd0072c87fce57723

SHA256
4a4774167d0bd1bf37ff550ccdf3e61ef7b4574073caac4f7b21e1297e9d2fa1

SHA512
9c1cc4205370e61dc9038f995b8e7d0c98be376394e144a99385ad1cdcbd9faa7429219c626b16adf449c6b4875fe3782cd1b7a4dafebb8ad0ed70cbcce8f42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d46cddc009cfcdfe_0
Filesize
1.5MB

MD5
0605e111189fbeb185494523ba0d9b27

SHA1
2536dc1df2a7b07cbeb7f0ac4c8cf71b04582cc7

SHA256
453ac64b720d63b9a2e62118b0f95402dec744afb64c311b357971024bb3e0e3

SHA512
6e9aee12b01f831261ddaf358402e2c12f04c3c497b9db273d172e3086e2bdc8759594bd40a4b222ff8408778bf8011f88b27d2f635004d3f0007e4c912a9c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e63ee7c0565abc9a_0
Filesize
286B

MD5
7f8088080f5b5e332cc12f1f7d83bf7f

SHA1
0169ae73af63e42ddb133df01519702a97a3f223

SHA256
410dc373df37beb001380932b32446750cb58569aa141fc5ed3bb975f9fbc71f

SHA512
9e66cee090e77bc0609c41443c67ae60393771cf40f011a0d71a7bfab61e31a439f80c85a94ab9b795a1a096b5cd87b575fe192708789e5385343ef701ec8fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0
Filesize
62KB

MD5
50c9a765868d4052fffebd9b9961b791

SHA1
047834cc5119a9b2226656f8a38bc8e737702c5b

SHA256
972dc21d19064dbbd43e5f2b5d8943f5bb5735426649c6937b0fc157a32cc2cc

SHA512
a5668efda371e3bee702d68368f35bed0ae78fe6f0ff142be3741a0a7f423de697009182c764b6582dec0b62d1b426de23adc93876bac6529a633162e378f880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
f18bfd6293a8af183913a81d06b0245f

SHA1
2b42be4562a276d834bcb04e2fdfcc9f5fa0c7d1

SHA256
f74845c1bb9c4090b2c4a405cd8c34dcf5a8a38aad247b3afc1c59b0735275fc

SHA512
cc36eee1b03da58a96b4a99a5de019db8f0cf930155fd1173bb6d87788a018c90c38573c2d0720d949365f9fc5fd0c28d791892b17a4b9de730772d376c42600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
7b15fe2534ede2461a02ce169b477b11

SHA1
5969a08cdd01d8bce2e643fb055fd0611919ff81

SHA256
cd824ccaa8ee68b463cf379928481fe3b179e3ed8c28a76bacc31271520e0bb0

SHA512
e2b5a5444b1536860f9f7de0ee356828b73c6096f9a1a17b15f9567c2d41ecbbde1a71366bda64c31a3ea05e0111ed51e3dbb23071ec205aa7c5e1fb3f5133d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e4f39e1d81dbea977e43c7644b9a445b

SHA1
1c3fa2fcfe8cff23d3898166beedbbe87fbaa4d0

SHA256
67936e7ded532b7e20509e5a2de8a8c79d9014972fa25b7a27f92c7c3353d8d3

SHA512
6bca89712e583294b7072445c08e08a3ad5f810d08c278e89c00e6442a840e4898f6fa07e28bd4712540b5a10f4f84f7905936784da5da0051627786fb2ab4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
a3e6ed4f01221d71428dc2212aaa1689

SHA1
eacb7a68271bb9b56d69940f2af7c9a6fad46bcf

SHA256
8bb00de6c0271a18ca512dd883a70f3e4efaf15b5784d545f9aceba92508a83f

SHA512
a78a5cb8fe7336299209a2744f4058fa8feda5f8d9d02aaecf62e2abe2e2b9165fc3f6e93eee4f8c5a9abaf5a53b555f0aec94160964a490571a27e557d022c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
564a7e0307ed76652a300cd56c2b044a

SHA1
387a50af89813db2ec69a8cbd9fe910c240f5a69

SHA256
adb1d9cd9f3468c180314d96ab96dfea6e2f441f0d1686f3ab519496362f75bf

SHA512
e1c8c24149095ea31e73be7f4153265b0a8c92ef7950e8bce466cdb5f4300147db923f5fd6e10b78b938bdb2ce704eafe71dfd19aa4b8c27c066d7d8d8453a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2907ca8328a3dc8698963ed81b79f16e

SHA1
8c8d1633dc58285a077c65b97136e63a611645fd

SHA256
d8016b35284e8549ff6fcbee7d67bfa56e3422be0b19bc74efba1f9d3650fa3d

SHA512
d49d2d2762564439f703ee4fa3ee2142a4f77e76c86af748298247f5d1fd077941bbca792951021a1d07196f37cf57c73cfa7a4e9df79268a059efb8161f0b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
ce32ac31b480669d6413a2b0631c7afd

SHA1
470b19dc6762da1b40cf1cd27f41a93fab8c36d7

SHA256
d7ed5b31058b6a26f4fb07b3e239f177a434c2cf32da1e7e5718f922c38e0580

SHA512
31b199d308ac9b6f6b4c430d1acc2976f48e2c77c54e53f92b5955416f0927c610c900245ef262dc1d94f4dfa2ca0b02b8dcf6ecb9b3779f9b22defc380d7e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2d2c0d5a9e7d9d81223f666d165b42f5

SHA1
6f89318e01a05b01f8c11047a2dab70ff5eb0e78

SHA256
40e255d09953839e2b4e8d1836e980238399e842a07cbc06167e6010ad166bfe

SHA512
dad72cd818098a3144574ff00d86010e8bbe9e3563c27fc397ca2ed3b70d97af2df79e7a2fbf6b406529c73f0db12118a5e74371cd1b5d923534d9789aeb1638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\http_www.hentaixxxsex.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
Filesize
111KB

MD5
7f085eca7730298a4f93945f929f2732

SHA1
0ce0b0a2d2a2b455e5d895b9f1e12033466c661b

SHA256
6f88ca309bcbf202c5d39ed6adbc648e65bc3b95de779ab708d595659acf5c95

SHA512
a59a5696c2a04ae0e258cdf65f85c8d39e2d043bfa4e51e13ece7e6d279552dabfc264df79e90e171539793c97dcd17b70dce2fbb953f3f8135e105329ac137b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize
391B

MD5
6fd05e963f8d185d53e7ff97e1231960

SHA1
9eb0a79e4b532855b36aec2d31ca5343cc9bdbce

SHA256
964e7c110269e06b87c73e383ea618e6d862c7b56d76b6ba9191aaa1cfa79eaa

SHA512
bdbcea8c29f63d6cbd21e659c054b2dba771bf35d5a1651a67b834cb28d3da904f88b312ef23f9d158b8005532dc9e00536829db612d41b16267224dbc772a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize
394B

MD5
23efe6dda6e1576bf9520157acccd247

SHA1
3b622b3e89f24d2ee06cc5c80b745e670e0941e6

SHA256
e815d7d1eea2a0a0d4483f6ab9705085fa6028221a79134cdb534a6769d88616

SHA512
010c72414fcb356bfa85b8c2f6ec019c867e8be6fbc2be481a8ed52feb8878c8260a91a3d93f6af249eb8df83e840456136d2327be1544ae45132056c7655c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe668f66.TMP
Filesize
351B

MD5
88133d937af164d587cc53fc6fd4045d

SHA1
2ba6b396d79080436ed334a9a50db34023655fad

SHA256
034065b6789d4bf3f005189115dab2b936fd220f145152b9d4a5f63f980bb1df

SHA512
098d2d6a61a547630669348747ba2ba3ec9c72ef305c87a3ba27f855ad7a62cb0f29a0a33d684f77651ab48410e5e10a92a0cf19db36376679d5d4ff3aa13468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\31be46aa-5965-416e-b2d7-1063dfa2669d.tmp
Filesize
25KB

MD5
e0485c0d743883df435265f51f5934ef

SHA1
2be1dca331fcbce9e08f7c58abc23a49988590bf

SHA256
cc284f9755742791d39cfcaf4435a39c727fd8469bbaa647809f3b710cda3cd3

SHA512
b518d0774e6ce8cab200d741be0cda0cb3905fece843bd769e0b64c437a903e204b5dc0fc6544b425d86861969a58f7f2aa589eea8584ab60b056183c1b551ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
cce0a46b3ce2c950cbfe2f1d58fc37df

SHA1
2b65f7a43708949694c33cd5e5801942545b769b

SHA256
71b2943314b974cfc144011f9727204b526a03828de42e72aca841b934c16a62

SHA512
c8fb6069c1c34422b64ad72062653912d4d8eba601295dafb3f87661621ee635ba0cdd3b9dc5f5d5239789098ee2033bcf7e03bc89bd0cd1d1f9bb596cd37b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
505c99d50651c03fc9f834bbac175316

SHA1
21b5fe1796b5e49dbf15f0611b0e9659c18cc52b

SHA256
8062f0613605688b009888246da05b35f25bcf77dfd4dff1b95dff9f61057cac

SHA512
56a897396891f746ad9790f03a43aebde68127c2e0ea7db8d5b871abce3acf5bd7e93acbd5e0e22b116051c61de9a141f74985712cc1e1a191d9c46b430a0cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
1affbc140444f67af2e0bcda9d2731d1

SHA1
d090df1fb69a3322d87617d9b61f3273cd462c82

SHA256
3575032ba80e591e82d1e9e5bdfc92f179f27debc7d5b12f0d88752d1d957504

SHA512
ba31533ae5ab8dfa420428e62ff024febc0876277bdc00db7247f28bd2aa81e3c786a372cd493cf64af8c9437840cf1d1456a5ab57c2eb72edff630054517a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
13KB

MD5
36b239338e157dce4ffa98f2602c2b05

SHA1
2c783eb53810912f3a092868cdc9a6b0a469553e

SHA256
88907f4f0ab41776671b1cd7b52a67d06b3534bfa0a5e1a42084aba649bcadfe

SHA512
4231524349462115f5a62d7d3fd2c527aea15b0d1f02a418a927c954a5d61d58fa74eeab4005756eda94f3697e69b534201b40d8205857a92ec513f2d01d154c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
8KB

MD5
05b3ea0a2010a73c15d606c95b4d88e7

SHA1
c3323589c9940b3697086aff0a34b6169aa8e4b1

SHA256
b34768a9ebaf978cc17307ac456e469bf1224ee20c93f3047715a36306cce142

SHA512
b53a0f23673f17a9b65a422496206f32e9d0593748cb4e828cd3111f6fb20f426a160fa4c838a64c303efdb42c821936b70eea7b3037db030d7d4a4708467e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
16KB

MD5
b776a200522fe17afa1570585b46b17d

SHA1
b31acf875012fd2d23dcd5f5c502f71e6ee3fc29

SHA256
679fae207ce475b6afe3708ed8f14a526ac2d5d1211588948b7b6b5ea5f92265

SHA512
f5718072237fb602232042449a67781c098fb7f6f77b8fbe55db0ec9cc9ca614e5d4711c56fb825b1145604734b92c8b2144d0c4424c0103cd12928beb43e33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
18KB

MD5
d11dce7217ab16bce0765f57a4cecb2b

SHA1
2aa3188dd3d0e35865884890261c7f0b0cb89518

SHA256
27e4073a77414b9d44a4f674ddf3dc8936780d113ebff052cfec65ba6d594567

SHA512
953075350d67c6befe632ee834fc5f4b1e69510c6cc03114553de2531c50c5e520e98689b47ad6352d8efdc9ef5bcee0375239a451f6783cf864d6500985262d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0dd155eaad8e57a7ffede8911153d2f0

SHA1
d7bdbb78036ac4e86fd3ce8aebdbf27e4d0092ef

SHA256
67c64e0e0b3460943ea032c7fd8998332a8f886fe8ae797c4495067b5be37653

SHA512
a9f07f3faf4b89f7bd4facf619bb7197b26b9e59316e18f18101b873f60a967d9c2849c4c23337bcc3c355e120f683e95499acdaee8a877205f1a974c0dc0f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3008c59bc2f1517b71e33563b0c3dd09

SHA1
758827af5b6add63975821474c5e7c4888cbb6e6

SHA256
31eba599ebfc431bb1732818fec69987e04f722cb97950c933f2623d32361fd5

SHA512
1186caa5c752a6d01ad72ab334ed15c2bbf1af601eff09092310adac7b0d1c8d962e99feb8505613219f87694cfab174aae2b8ab3f5e22c267ab8e8812314638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
10a239f82ad0e36c995a24738a564cb7

SHA1
1f46a978db4a91a5bb452326291441d42afc84c6

SHA256
5b7d1b65588648ef523cb0f7f7e59fbfd8b944bf7b6d0de0403e20968458460d

SHA512
5504bcd05dfb8543f7d8209cdbf85732abcdd155673ed09371380500fcc0d0ef884b68ab3f234bf7c8e83ad6ca6f95e5a28be5956a4e57a8107e5ddf2ebed971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
f24b8df58b4e852e3e117cd957a38344

SHA1
203b12d102716425f39f056ee2edf5ce4e81a239

SHA256
70233c782a09fd683435017e910063c6d37d71f7e3fa60019286f19408a57a96

SHA512
2d776d3f4d3a4bb155eb63e4461372afd0bd50a040bcb84e3535c8b66c0a4e1434a2294a823c347a8701f6c986a2a6f516a2d58ea9b29d3dc9e3b50310491bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
b65512c0ac1d26f1c6c03e279bb85c3d

SHA1
8db2cdf1c5d84fa70c447209e9d9837674d056bd

SHA256
5ce6272af7013d985be7ef8945857db8b2eeb592f55cad5dbaedf5205274d4ee

SHA512
29bd63f4539ab91c5e5bc753bcf9dcf35dd6d66b30e07c89b737d5b744f89338cdf694949c15eecc2d61648e37f7cc730b49cc12d3934a5241de5aee01026624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
9d4d201487b8dfdc4318707360d432a9

SHA1
df191b9f6071f67f5d33da88455989b9138c0302

SHA256
76eabce34b58438c5277b46e890877c938241b3112f3db24b7ef551f2887a70f

SHA512
3a196cf18c0af0354268899980c8866b9e37e2f628ae6600832e51785053510ca005b563f9175558deffef1cdc780ada74a628545f8466efcb79c71d592dcc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
07968afe6ad2727e5dcd2a336587dbe2

SHA1
2ac78fe80442451ff619946c5c190881cae69bdc

SHA256
a8e568620311ab476027bacb73c09c5f7c6037858734ee3760b002016a86eab4

SHA512
cc09bc5ac14b857b7e8055c8b2f722f44cfbb17b432d317c3df68ebf12b9f3508c28eecca96abc1bfb351e53c46f3bf469c17937fe2b0a516e81a817e403fd9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
b2a9911f4de54d97bce31186e9ff3b18

SHA1
2c830797a9fe82f2eb903ed3f1c596bcfd05385b

SHA256
8d2c49b3ee2f36f029554ec6440a32b30aa3e0f34f0ed147dd91353ab9c98aab

SHA512
d790857976a64b01f7c86abd78dcb079cd480726ccf02a322e7f3cf5ad3ab333920e76821ee8458e89f1b8d49ed819cff994107df2ff74820664145f356fbef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
38e96c7b2adc21ddad44b0e121f2eafe

SHA1
7362fab649164591791deb93cdd39880ff90fb2e

SHA256
d09b8d3cac9e42427cd7a00c6efaee186265a4fb803626882c3276941cae01a8

SHA512
3e6bed690c74accc1807bd949e57d34758fc10772de57bb5fc9272aa7afc771ade1f2facfc710fb53fc88717d8e31b9b7a74bd7a726a70b438b7ffcb473a5441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
9fa96a084bfd7f9e15e1cb5cbe97ca95

SHA1
464cb3715c19b42086cd1d812cd231684f439e56

SHA256
58a2af06292d4311c881f7bc46cecd2bc9afac22d5cb8cf8a4719318396c4ae9

SHA512
d1814635d697677f3b94423256eb362be3c625fb0e5c8a8764eeb552a282924fe44b42116bee4c71e1cf195d553e85952b3affc0295d666134e1e640650f6204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
aaa599d73aec6d56e1509fe46fc486b7

SHA1
010d8fe4c8cc838245c8ae04dea339fe677684f4

SHA256
ffc737c54db5f7c7e592b7134e831ee3882a8f5fb6fed0a64f4dbe3cc7141a63

SHA512
c138eee119904381162ce363fc2e5d467b76de0b3bca663b401bf5259b09f470539ad3ba3c8b0326053eb432bd4f3da003ce10d56d325a07faf169900cd95acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
eec880ed1afd86c3bbee8a7c3ee0c102

SHA1
3bc32eb043471807557759878405e92a7ac466cb

SHA256
cf685f6511b9a6ca2551cc22b847078e959dcdda765534cdc8ddfed806ed3f21

SHA512
e2a5f21cd5f5c3453d5e16d21bff15423599dc79960d4f43c4c51773721ebd731f5b58f06a3e7fced0377fa084ddf159ccb731f8116e1676e571b9104c46832d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
e04f7daac2388b47ed772eadcafeec51

SHA1
dbe1e47df0cbeba70841e61f870b313e353ea137

SHA256
73c6702f83a2cf4b49a9bc67ad8591005249b6141aa09e44c64d8d237ab81286

SHA512
6cffc37cd11ad5b69e6693f45e8d50dcfc737e4c434bda8203291ff6dcadc9d0a4dae6ac8eaf673a6dd7aa66947c21fae2529822cb165ef9928c886b17ee1558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
20KB

MD5
acc8b2b7516e1c195c51e8546833cfc2

SHA1
7f908c74ad30d6dc05ec2297d022e0085e9e71f5

SHA256
960b16d2acd3293d98ee35ed7292e74f15d6ee74f5ae706ec9e9f543f6a35660

SHA512
0e20e24fa673f0c8dc2aeb4ce6c394c5e4082fb83965cbb53dd3a79dd2d4697c43cedd8774957a8567760f2b4c558ef0e12924121b1fdb4d39b3620196995e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
21KB

MD5
e4b220b0ba58b2c21794ec2ebf7c199c

SHA1
09f09cbcaa4edcb8b2403267a02b25db6a71a918

SHA256
2f9fdaed57252c5f02ffbef150db7dfd09f8caa0731800e82cb66ef6a1c84fb5

SHA512
51ad1c375f80b8e8702adc9869b4d03c1c3d0504076c090b92805d0e49b202aae02cd303c587ff5280b13e8ff60888d31cbb9b9dd9eb24ceed0f1d628bf5e4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
21KB

MD5
57f13a11a337b12cc4402baf4333b7b0

SHA1
dbb0c3b868410f6ad71830663ac5394f0b290274

SHA256
12413dafe909174a4e414afc3dc3413a69f518a9ab9ec6cd70e02ddadc3b1b74

SHA512
16f637d5c85f09fbdd9936624fd7dac5045f9dcb0fa72f67c648c3c63ad87e02eea8a6f0bdaa22c0feff52582f9f62d7fd6f386fc8af3193d93b4daa685aede8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
cbfcc67a67d7b029d4a9ee1e1d55e5d2

SHA1
a58b7a15da6e7764105a8f4287da92a0cde76554

SHA256
d6ccf9d29467e78408088d7e986e7f5a13790cdfc47d8fc9494461cc709ca0fc

SHA512
63b941d10815f386957b651c223dc0963fe5111f877ecaa23fd079ee8274dad9e2d3bc4666e980a86f1eafeeb15e6f6b1d113ffca8daf621df7e0ba3d9bad035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7521dde69dcb950db3917f4999d437ce

SHA1
5aa8651b35682492c76f36f519a0ca081b6004a5

SHA256
0f0cc94c626a952bea5f0e5013f254136390694278490c0d1420c286041506d0

SHA512
28506b6394b90d42dbdca52a613f972e3fabf30e55e134b10133ab0e0d00684714a993f77501e0d268be999ffc8ccc8c97abf2031aca9944ad43d04181df8626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c76d17c709ebf587beae3cc5a3562523

SHA1
833462b56889b43dcd7baed353aeed340ec48c0e

SHA256
b9e824e2f44cedc66c17ddc271152abfc9fb6d6a59750f63238d50e3913b2df9

SHA512
26f75a218c84e26970a87352f7676570f3dfa3e1b1d7f1ed24e35ce9cbc3bef92b5d634151ad484d1969017462319c5d38a0df5f6c3000a8515ac3eb450b5d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
1333d635d57fea92bb45325b9d84925b

SHA1
a26d3962f8ddb4951641a71ddefc276df97401df

SHA256
db76cc55a91eea310138ff1074518d4227817ad61e31a3c32a504debb53c9fc2

SHA512
9f508f70c9cee345e7e3348d65146af3e09cd3bb84e469405e71996efdcb69c700c1efba3c653c0435a68b8ea5bdc07bba726437df46bda689ed45f3f5bd174f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
9df926b842123fbf05c14f27a191cd82

SHA1
d4273006a26deb9daaf66a2fc73235d7aa249a7d

SHA256
13e48ee758cd23187753143383a55b9b92a55361a6064ce0b37e718e75a31c47

SHA512
f194c9f9658b6ccf76075bb571f092584e570e67012f12e7d5ac3ca1a12c93b2d939224eaacff65799c565c8baa3970eca22bfdb3a638f38d637c695c2d7e351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
a4f0d9244f33cd0efcd78f21c393166d

SHA1
cda5f42a39f0c59e56483564257c43a22a5934bc

SHA256
cb14f75769e7755f9d1ed309c48e5bcb5b7627c4967a7bedd10d2252d01fefdc

SHA512
f328c74e372f3e7e3c1a1eee5fa950450c0a8a183b0d901e95daff5e63135552839721a2ac4e7fbecec3d12d5a475ecbef8636c44421c89cdbabdf526e1e2f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
c3c57aaa343d2d8cbc39e5cda2cdeade

SHA1
866410dda36aab151c082cc7945dac1a1bb0b7ca

SHA256
5e208e743e8108becfd1a8b9d1794e7941cf9dc84c6297662889030eca2aba6e

SHA512
bb484b831604349e99e84d49113e7739d1daabfcfc7bd4f03c290043428d2ec9d7b69724b6222896ac4789071f37aeed77609fefc743c0daad76e2df33638ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
bdd56218cc2b6b59262e9e6785e386b5

SHA1
8d5406a01f88e5c3efdaf3614de8216dc8e04ae1

SHA256
6705952b5b8d1454740056017e481dad1a86bd95c8c2143ce6e3b26505a8757b

SHA512
def66dd78b1c1403578907f1c8f9c3a132cc9cd85d259d341b3ead9b0bd72511b7d8ea274888232e0b814fbe3bac798312645eb8cc3d753f94c7e82b0799ab50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
20KB

MD5
85df8a0bdb52f6c170c77955e14aa157

SHA1
2052467342fa6e3d33153ce764906edc22b5a281

SHA256
9ff1e98ed1b945630387a5ad78d9ef97182214239811f68f8eea0c30e69c16a6

SHA512
f4dbeabf342fbe75620d0446bc45e37883d2e68ccbc474523741795c3f4d3d472101a9334d0809d3326eda2b53bb9ba47390edfabd8e2f81ebdb32acd41322b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
21KB

MD5
07a24a6d4632827a55f0e5c109067725

SHA1
f49dcfc1239e999024e78308202b788c1a6b4ce0

SHA256
42cd7c409a97da0e9b41d828715881b8c601c09697084c71057727bca4e41dc7

SHA512
736481ee26f81d32eb15b1a10a6aef25fdb799a6868d98d48c0dc36de2cafe8714c3ea95170026bbd93e9859701038273729ed571b70e9e2ab7d4646545db1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
caed30186d2350a458dc78cabe196db5

SHA1
92a3361897d9604f1c84d0cd4b26a1ca4c6f5b39

SHA256
ff18850557a91a95e614ca1649ebb89344bec6e67a76bbeab6e9cfa9ae22f30a

SHA512
e66fbc438a1db8294b23fc82722239803e4737c9a455cead7ec9480e74975cb8bc141ef3b10c8c6459ce07f7694cc0e85e16c902687308734ece8ea9ce9235da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
8d9bb72ef93dd07fa670108739ab8fca

SHA1
c14ed17245a9d4d658cd62c7562f1c4aa2a6f9a1

SHA256
74848a410245a93932cf93d822753c9ec8d2c40ede3469dc4a1ab1f085c9b2fa

SHA512
12d28ca1aa3df28d569925caecbfdf0dd2cfdcab99638f519ace2f83d63fb35544d8912506e4259ba92318e792036d98909dbd795ac09c7736e3de171109dd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
17KB

MD5
04d108f1d7d8f2a993cb7b7158dad93e

SHA1
cc51cec189aa0ad8bb3860794ebf405a81b32f70

SHA256
33913bfa8edac3a06b3a7c60fcfa8fcf1ea29bc3849212a48968ee74ad4e8a38

SHA512
f3206a8d430cfabf7ab6572bba153db2da28ddbb7273ec4388574519fc7c994aa5be9f668c233c2762e8011fd4eb9fc0cd915ce2dfdad86937f7b0ef894f8e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cadbce2cfe18f30dd0caef912148f7b4f34ac24\index.txt
Filesize
162B

MD5
4ab1f71395400a968a9842138eabca93

SHA1
16f5516ba3ac45fe9e37e00ba22a54052f0e0d8e

SHA256
bb1b11ce0197b282910f69fd9ef43ea80196c4a87947a3d2dcd4179568fb941c

SHA512
8644dec3da2b279f52b96aafd6a6ab2adb6f99f2d98a0cc3fdeef2f4edf87946e0632e11ac2837df9a724cd1f8122a47eebba92b2fcc9565ed2378c0e392e7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cadbce2cfe18f30dd0caef912148f7b4f34ac24\index.txt
Filesize
155B

MD5
eb6002cbcf2bb29c5b4b88f9fe6de088

SHA1
5865949b62f18832492ab0b84f437e2d3af0f0f4

SHA256
91a095ef490be8401c87e08550cd14d6b4c9af06b847927d6126bdcc1adbf8ee

SHA512
b6c8dc5fece453e82ecf5eb7c0bf82547002c57083223534eb4fd776bf9112ebd6af4db56a5e2fabe7a0a71e6c63ede05552b7c23dbfda87d579a35938fdf85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cadbce2cfe18f30dd0caef912148f7b4f34ac24\index.txt~RFe675527.TMP
Filesize
96B

MD5
4b4bdb2f212171f19f586bdd88b2f8b9

SHA1
98da5c34779ddf43dde32c245da1ce4b76fec6b8

SHA256
de711c3dc5540782c22a26254c9012eb003c8d687dd31eaa9f0ab7e484de60a4

SHA512
716b0e261861479f36b6776d753274fc04e87475f3da6057694ea3eebfdaf95e9d3b6cf625edd74303f834a69db066c8df27db1503eace6100259377e62c47bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
6622c8fb81f0377837673fc1bb90da6e

SHA1
ff0357cfe402936d5d283140c28a08d562e653a2

SHA256
884917ae3cc7763672a383527156e595a7c8a56bbbf6a2e6ac806d3962d670bd

SHA512
97b6c77763d25ac95804fc8195b066c11a2469582c7e39d9012d63957a34e9377a32123ffb0efd71c07c136209bcd61df9b6e750724cb347de81b4aa8f3435d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
e485fba8ab832fc6da411cc35522f79f

SHA1
0441d82734a096fb91b68cb767d35beb4bf05afa

SHA256
014bd4601c325516fa84b40ae992384c1cc57c27facd4d36b5c2acd0dea5ce83

SHA512
4c777438453e8e25fbb32ecdb2eef6e8c90b2d641fc94ac2fb6c405058fe5f010add98c54f078e444f67b69b8c47347edf3c38b69b36f9ae01194d098cf40488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
8f6a6ded14f56509827d421db6b77d3e

SHA1
08b664ca8790c09b3c9965215b37eadd30ef591b

SHA256
e293e79c21bb999b2e398d38c466dafa1ef1187c3e30809195b5121bfc165454

SHA512
63663b376fe83fde4df82c9f09ff0481c4d8d1075f325a3e8e62d55172d7efa02e78405cd14cff2f1e69ed575da6994a38e09fc98b289d1a3250593eb72e5737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
599f1425a11d435e5299c96af94bf0b2

SHA1
d08dba9c34fe8103df4420566160350a7121b7f0

SHA256
3767b7a59c4c967df4dc80a6dddbd7b4d36fe612233aa54f81264ab6a95cc084

SHA512
ade054489904c95ca6d276c71787cca5759c5233de56b86e3567dcf16424292bcc4132f96f805f71f7369174d37ca4de1b63d20f594e9d364b3211702e93f5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
62fe6ebdd5fba7e29979982084d8baf7

SHA1
2e63b895f1697a2798b2bcde76fbc75d296e8b20

SHA256
efdcf0c4431fc39c6bb7c338df744395977fd3d0c5b23200eca44017421d9d33

SHA512
b056eccdfcf83d75cae8e5352e3ecb0aa19fd82b3dcf778ca72f1008aacfbc965db38cb20885f6de1f4907bd2b0f1612c4045b349e37b138f4f9a982500fc95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
Filesize
90B

MD5
e3f46d11810bcb0e4e5d3cf23c9f0f32

SHA1
a6817c197d159633038313ed518b6dfe0a2df358

SHA256
d23cdf1a45448c2dedf90b56fb17117a0c854546dd3bc69b7afeec67c4a0a107

SHA512
a5f7c7ebb5780cb0abf7e97f859ec0f6ab5741ae6a60f8234b0da76530010e9c2030e9594f07e2b5e5559e278a0b150109605d6e241eaf18c519f46f3813fdb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
Filesize
90B

MD5
27015cc193c6bba6ee85f26320e56e41

SHA1
16f1312276df7198b72ee2eed20df9473e2ac83d

SHA256
7bb9311883c9e03a436ce2afba253e9a37a9375c152055bca4d72c7bc9198b28

SHA512
3bbb3b19053f91572352b193811c5e04eeeb88a0df076e16f024561e6e1da34d737884e3d5cbfe4dc2b6a8983a7426e0727a79099f05ad3b74ebf3e6511078e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
26eb7652b88d94c00f97cff5cf95b597

SHA1
4280bff3b1f552d4c4e26f914bd6292bafbe551d

SHA256
c44e31421e87e84d3ffd98fd53e8f213ea716906d50c0a0c8d7e9aa2d72ccf4e

SHA512
0ff8730b8aec4d86342607a1c444b054060f29b7914430b978d8a84de4503f19ce9ba3e9c02945df7c6ef6a89925154c84975f92b4d1e869719302c5c959d628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6692c1.TMP
Filesize
48B

MD5
928e8961ad6fab1b69b94e9ed730e044

SHA1
44edfc03bd23c66055947e485d48cd4d26698930

SHA256
b21702f27310cc64db659f0f820e939363da5569c8903122a690539421340b0b

SHA512
582c92c31c21fcaa6da46f7b9b2be31275ffe60b1e881ae14b3a42471bbd9051b87a0349d0cfdec833e1f473b4364b09975a5f65be57106586bccc20974ba8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
60d6429e527b2b2c17542b7441835c6a

SHA1
8d9ffa830bba0c1b44bf69fb472f1c29bb5df917

SHA256
a55e7263e21dccd6837fe58bb8795fc2785bca07c6aa4cb475358b6a4e8f3744

SHA512
d34a982816baf95f1727e11321d6dcd2cfcb327471bff69a62f3cdab4ade646bd7365e4dd45c436b244a89792f554b47b4c46fb5257a835a745b89e43de743ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
db89e0fbb8ac42f4741e539d5093884f

SHA1
4291e4aa5affcb43797ce9ef25af1369faf786e8

SHA256
b78ae1d4545bd82c4d89368a5e7025301339e9b7f8389aabf283fd1430382419

SHA512
53841f1dbe9273d12086c7db3e9c94085bea79f09485967e717571cff20b1a81b47753530ffd073621c28cbe85b5bb6b0d23d2ed28f7e5de8920cad7c2bcb7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
f95af20dab637925381012439cb24d62

SHA1
2e9b566e15c741ab3c30a57478f69f3c8a1cf006

SHA256
a0147d766678d1785b786046a39da2ef9200ba9b68ffcf97162af3d2f5dc7036

SHA512
b29d604384439b61244359e3c0fdc9c3e2c3ef69ce978e2172d17213c204ca5c450781d1688e969830787aa7401ab900d222969cd22238d6a1166c17d8950cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
cc0d005641ec6a7c1d7e06a55acb6f9c

SHA1
f8336e4b37b2f8e6072e947e2373905742456d86

SHA256
89d628bf90f646df17fbfa66f99dd2eea231e900535d3ee13216a8ca40ba6324

SHA512
76c8a0683f47cad39fa92c8782493aefb8587d0f0677c67ef88a29421655034c54c8c6b537755a607db74ee095c2a4b9cbffe06d7823fabfa417d88cceacae3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
9a9380aea33a647b49a26a706a99a9af

SHA1
dd01ccb840e7ad6f399621595811c5f6614f7f06

SHA256
faa022c0f715ff412b63ee9a90663a11686ec5ae83e9d6a9a31ab1407affceed

SHA512
468e2c30289939f766cd54ae5faefd0ba0f931a7035da8b133beccdf2ee7fb6da72ba635bb6c3a2188236b6b1846d1725daae4a01887624b577cade5f9794f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
ccfa1e880d8200e698b001e4966a2c63

SHA1
4a2898037cec613d38a5f57ae7b0d59df305db69

SHA256
38820a17537511a7b25cf8a4f427a511a746cabf2366fbb250192adbfd2586b1

SHA512
a3577e2995e6dd16e5e79aaef0d094a72d0027d232ba6719c4bcd513e00dfe5ebc0416d09d9bb6d6382efed70569335bc51e0d5ef74dc4f09560ec33fae74e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
9c799c9a20ff8a25495abd582a54de8c

SHA1
b3e6006266b139506249f10c6f4be93ae4d22f92

SHA256
c4604f639d05e4981f51ce97df8ccb947c0e3450f143885098c187f1f44f1fc3

SHA512
cf9a5aa2bbba51f8804405b7a2b0e8daa090a38456e2b4a79641cc7ac9011e9cb06f1bc9232e7916bad925970213af3f65539d40c3e5e397ba574fc23f2b81f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
9KB

MD5
8d4c314d042fe0c3dc82044a22273c39

SHA1
babf7ca59930e48a4ace02ffb81fe37c1de9e5ad

SHA256
bff901cc2b566bcfad388e2882b949880ae82ab95c5f5a86a58077249f0c96f8

SHA512
4590d043cf988ad88c84baffe1a85ff1526e24e6fec315f30e6404315bb7a2ad03626d8fdfd5816da5e25312745fbec4738d2ae6bc6b2f0ad8bcb8816d87330e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
96705952fa8423510ed534f8a69abcb9

SHA1
6118904b8eb6b5f707df0d166ac484228929b757

SHA256
ee7989405972144a1f0034a0b8b77297f54598eac32f7843995d67af7afec345

SHA512
05e37d01ee05355f3e19f6da8dd6853c5de36db67a54d99ca73c42f0d7189402f4d0cb8630141d8592300e454685f6472c6ee88a60e9ee2de851d12bd3ac0a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
1a11cd2fb85f48b0d49f7af2e4a7ca9d

SHA1
4ba8706958c89bb07b9a270a2356dda2e6a33a01

SHA256
ee7fff660fa8c784f1264d136c89428c684c637302577d94f1cfc3b56563e506

SHA512
8724dd366987bd1eafde192e64349b99a0b37e10651b013edb0d915e30cde60c24e8c35e44107947cc05501aa3f5c3d4e2ec0d7177c4581c9ba409c15f148cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
928552175b6d1343d1202e8c61cf97dd

SHA1
8aab8b73c85ab8bd71d3557dec1770b90867f7ec

SHA256
9039c29b6898512b588859d232bb13d1f592c779ab3d7b9f8c5c63633737012a

SHA512
da34b25c158191574b662face54691e5d2644bd39e318deaf4c7af5bd8d698c842c6bbef04ae8d3ad6025dcdafa5344fe59cf770d47d8103bdb37040fe5dff71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
a7d894b6f68c86ed379435c9cef31298

SHA1
f0648172d06c79c541ffbcc1de79a2c516081268

SHA256
5e2200e5df3df0147cc674ed16f26bf1870a49e60e4b415bdfe5ada4604fe6be

SHA512
0812dec3f291a0568a89e3b6328758c418026b7e44cfec89d1c99df1b57ac6c179275cca63b2d5109811b0c31921f78aa8887e63497c21122773fd5c103f4f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
cdc96108e92380acf147af5aa8433d6b

SHA1
0dc61c24cfe22f2254350cde172dad47cb50cef8

SHA256
5f9f9b0d3fe60f67034d2451f4f6c75c1a780302ad4e7c016f41e16ec3bc182e

SHA512
b0c17f81bbbde17c2cf0972bca9b079e6c95caf53b87ad462cf96b3ec19889cd3b76f6394737005475b3e3b67a6d8cf7cb34a8ac52119166f884934defbee9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
29f49d96e19a428dc58931f36ea913d1

SHA1
43cf708ed69a255cefe9e9089fb33cc8f970b821

SHA256
23d8f5603b4faf84bd7e8ef709fa12fb590cddacd10a08f50591a026dc525c32

SHA512
8b879039af0f4f0da8cdd1ce6dc19301169e635eca57d1047ef3d58d4b28d2c0b4afa95c648e122750b9ed1dc733c20fa14182d1af53fa0b8e749e46d2d0e908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
3d0773872d82737207e51d05ebdaf169

SHA1
b050e2f62c735c424a918c4d107acfbf34beb260

SHA256
238ed8f88fd8bcee9ac71f1c1a6fb34d1f11d9ba9d4846095c7b5054acb08dd4

SHA512
65fbad5a3306abd47a2fac11442f58953aa263357a09535df60d4f302d603e56be74a41d23286c604ed887f013e70e1321e6b7266fc344fc0e64483a185caef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
5da8b7898dda19a4668b21017d99d148

SHA1
4c0ffb15cfa160528265295c2a44657c44f244e2

SHA256
d30a62fb292e5a2d7a014f2fe9c791fdbebd5ac8277142e8f8bd923b70d1215d

SHA512
a8f4859418b29f2a64a8f32efacb6e7c6ede95e97116a6eea46ce8808467855c4ba1ae92cb815075f5b9dbaf3e54edb06fa9333d8fe6df31421abfe0c0147477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a8c996418cecdb7a91f486c07ddf6be8

SHA1
fd548582e96a1115c628e89468b034eef48d65a3

SHA256
01b09479ddaa013d21907cc3cac352ea0653df7632fd5c7e030b4fc1242438a3

SHA512
9614e5f8a03d7696fb22b7086f519baa62d641ddb4d28f985212970118dff587cf82c3ee2498b66b46403b1fb321b67256cc80734d3de1c08a11647263351c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
3b183536ad6e547bc2671ff8ef14920f

SHA1
40a974881b8b26ade318516db3a51d439137feca

SHA256
563e67fbaa62086300bdc4db8a470c4ec6868d6b722946c5218920d19240d5c3

SHA512
0d0368c7368c2321443698ca90f179ab795e0d22735e52b6b0c9dbb2ead8853bd4829fe4f88d870fe9248ecb094f9dfc17a4c8a5c8be74fa31fe9cb7bf8ee472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe639967.TMP
Filesize
1KB

MD5
60d208574c05c6e4cab07b9db9b75082

SHA1
54305532c9a0b9266bf815ea2cf307c958adff29

SHA256
fa589c21e2499a17ded586fa6865af4ab5379ef8a02fcc16cb4166e32f3f6fee

SHA512
8be190fef12d4536bba023e6522223653275927cb65225b9708a04e9b7f5ce6d60bb52e6d4414e50b8cb909a47d4783f1601638462ef6a3b288ed979296f4f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0313b09-cc71-4c2e-a9aa-cfa108f50e5e.tmp
Filesize
10KB

MD5
ec73a4f85efb33df7613cb0daca425a4

SHA1
64551fb712b596081e2074cf458a045ad2e1e475

SHA256
a19e5cd3602be2133360efbffbf5c81d6e6769775d783ff9dd0f03b34fbd6396

SHA512
a5123916b1b4b68d06c5c404949559d705eaab477a4acff453c366d5d28333ef02f36448600447a39f19c8abd10604d0ffa4906903ef5ed0a7727f67ad2d45a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d854bbb8-4079-415c-91d5-37fb1f329411.tmp
Filesize
18KB

MD5
b51073b467d0ec8f699a381e2c8f4a8d

SHA1
3a373b8161977b55aeb900f11352cfeb33fbe4dd

SHA256
290e6cb2e13f75f346bce20a1622cd571685ff14d47d52f9769a0d332c7acb27

SHA512
89dc7dce685c16e4da0dffb5fbf8e90fec756f7de3400318d91f606f496b17ef77c1125187c1c79c1200969c3fb2ac42b12cfc7038c0a4829b537dbbfbc7d258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
03869994e9ee9cbc9ac0b748944e7d50

SHA1
53ed5478b150c2a407204f3c275aa1e9040087f0

SHA256
49f0c007030dd25913840b9d6a64ef2a00692ce487b888ef3289dfd3eb909200

SHA512
9bfa9e77da1ecd26f8f5a88cd353c071bc151f842f0d5fa5316456692bd9757969a216257fc6c8f60cf710375219a512e881df3429ba31b29d8189f483960d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
c048369171d77c02cc73029be0711423

SHA1
c55e8427bc83096f6c21c89d711cb5c66b2c4872

SHA256
bcec3bdd0736ce1d41c9cb4d626d22a18b956029ea5560f1eb21ed8ffe8d6f31

SHA512
65a9138e94a3252a7a162f79b5ea69c77229f88190671b6f87941cd0c8471f3676976da0a3ee7082511e917c9fdd67e970371cd6bf6096c948632ac717cbf311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
d5626c72d554f5335dca95e77f57b3c0

SHA1
fd4e0cee4ba1ff45f597d0aeed43d51a2b98362f

SHA256
a0f2c698fac956842b69b7c1b1c773d58a9e35c40964f46fd51269c943f7a46d

SHA512
4170e88370d2dd28086e6d266a8c6030a30c0b913fcec018cb85ffabcacd14ffc53cf3644656af755915c41c6b749f9a5e5eb7bec33dfe4b7e870ed0d46dab6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
514438c86c7d184da77d664026daf24d

SHA1
0a90a47c2b32d5cf17495fb3dc64cb79ef54db17

SHA256
704dde59abe97d07e007a4eded86271791709e88617d97480d8a3b58f1ba40c6

SHA512
8623b017841d28eb08235995aa527fd2c8e9e9b1d6160beec4b0292a80b4ebee8138e8a75f7ec3dfcd6b9e50216255841f5a842eb4e658e8566d28f0ba8272c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
71e85c45aa318f01a887fd0f4a20d678

SHA1
e084054c84b4fbb5b89fd4cb9d6dd888cd915dc8

SHA256
ad2fd37492b4c09b3397d976ff1c8e0fdfd4a8c150fbf97e20ef287962628092

SHA512
3bc9d988dc3a4c741a0d1b91cd05a7570eaab6e1fdaa7e2ed16ec4cbcf80c91beb1cf50e810b4840be9b066a962b34b772f9f42f2e9ff59b11158b24caedd8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
fd673c244f1dad54baa8ad6ae41dc047

SHA1
5cf8efd704606c564da5f6729a60c7350346e31b

SHA256
1705a1f6e622b7e248f0df40c96a8ba002415d5446c8e91c3db9a8b5a002eb7a

SHA512
8439596b05c10fe21e952e566378c72fe5d1450b67dd4f616ad1abfd6056151eda7c3c47b44b5bd49338745ea26f118ac2f9bbbc2e900fe0d16028c984508a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
3fc2d683d3cdd894d60afbd5296d1345

SHA1
f1c9b7ee5e06454e7ca277642cabe652be634683

SHA256
34b1f8a80814262cd6dc7842984b7143eee5eaa3d9ad714edab9b8c316e2f608

SHA512
66eb16d3f9c3bb7fe09b8f0c605f20478ce31ddab0a56b1b130a9ecd1fcc5de4721be03741b9a787ac7eb30e7885c25c4ff4bba6a1ee62c8627a7fcec6fd2311

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
Filesize
136KB

MD5
cc01e86fe22eb3266715f8e8649a55ee

SHA1
508af0102ebcd87e7c9a774b38e791abeab786dc

SHA256
a61646d526b37a2ff0f4cb025863a2ae2478a1125fec79b2c38acc8da3314ee3

SHA512
72c2fa898ec07c40314f9c2f1e8d78fd2ed5cc24b64e57662f030f9c8a5689e11b916b7aca041391fd678115affd3494d872996a431207e158c54dc438362a33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\1088
Filesize
51KB

MD5
682575bae3576c5ce4f804fa7f26997c

SHA1
390a85e58412cce91bce5ce2b40112f6036771d2

SHA256
d47b5c8ea7e15cbaa53a646a7d035bb7ac3f3fe09bab0880f009f9ac9ac2cc1f

SHA512
89ae631d31fbed708fd92249164aaa330aa647a80137ba34937d523c17dfc5b30728c785909e8823fab0e1567ca9cb9ae361c1890fece49e90a58695721bc115

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\28795
Filesize
51KB

MD5
9141bdf3377909255483bdbdb9b521dc

SHA1
9abf56d305a086d6beacdfe66406a74d6bda6892

SHA256
daeac07439acce34d38d173cb2eb07701748e56d19a1a4a0bfe3610cde9054a7

SHA512
40adf715944c4e446891e9dbf397e3ef489f95e9198280ec20eef17c4f1b9fdf8c51046a3df205f0e8b0c7cc44b3ef6ac599782d4acc20ef4d8badc63f925bc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\28929
Filesize
23.0MB

MD5
3ade1377fe26fa1f1246abf3ca665e1b

SHA1
4639a17950fa9446e9bb511ca6cb00f838cf80b0

SHA256
63a0d4a22dbe91ee77008ff97d05c1908ed09f85354581fd03ba94ad2c9f5b87

SHA512
9bfe7bb398c4746a38d9bdc42933a5396b882c5d092a37c30f9b230d998c8a061ec7cf413e6142ef4fe2aa470f70e80d0f5e489ffdebbc8d447a3a597bc1c999

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\393
Filesize
37KB

MD5
b67c403a30a1608de2846f928deba53a

SHA1
fd5206e5a4a3b84352d0d19b99eb052cfa024309

SHA256
30cdf5867aa940dd717e7e6762658b1ef42e8bfb9b96480f18a9d9773dd52eda

SHA512
c9fc840ef5cd4b9aad15395615ccfa8e283a7a4fa2e53b0f73d0be748449a3c7bad19023069a309efa7f78718767b242f94846013b5d0f1cccbda4eea5807f94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\8505
Filesize
35KB

MD5
0c0b9cf866ff608343ee5d732f43441f

SHA1
65d8964eb9871cfcc21623b6bdf311b65e8bc83c

SHA256
37392e1ff1efcd50278ef8967bd43efa534ed7e51220849c9c9cd9f8d7e7e738

SHA512
f21402bd163e069dd9fbb75a3946b56bf86b4452a702bd478e3ea981d69fc8d96da911426d5046e7529e949a3413adcd7c53961431d11efba0b6e28256c3186d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\8857
Filesize
8KB

MD5
737355f10a34483a9cc98abcb9b90fd9

SHA1
0540152a0a1aa20a940ede863ee29ae227bef4bf

SHA256
b1e370b24dfb576d6c374b5fdc7a9e8df1a8c7d22bc347921892b77aaadf09f7

SHA512
6355b063e24b71b81011f299cee22aa3383e4c35aa001e2383f12e4593a25e0bbd66ad84c1bc902c52fccc60a79621d760331b7b2c2882dca55534bac81f530e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\025F31A23A7E339465148FB76F85C61B93799023
Filesize
77KB

MD5
2dd3222cedb47c99ec287a1935813213

SHA1
42a40c16a605f94a362edc9e2e1a2b4b5be33944

SHA256
15aff450ce20e7345e54b08cfebaddfcf07ab204bd5d9d669f3b947ca14dff68

SHA512
43cf8a663047cae13d034184f0094aef55f83d47f4546d2533a2bd1602747949754cbdaebf74623a9d948be3727f1088cb1fed517abbd2ced264230dd5642182

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\08AD576AFF3646AE0A4E484AB42E9E77A14A5944
Filesize
86KB

MD5
d4ddddf70bf5f9f880acce246b003431

SHA1
7e8f76ebf1ebcf7edb62b5222295edbc31c31b73

SHA256
27924499c1ea74dc9dcda23cd5317340121f79d8a2de507a3039f7bbfaf34191

SHA512
1511a8bbb52f92ef5ba67b831108694e4c54c01547ba68d003858b6a4bc6b01f8cb6b473189ffcc1f64c435b2de7f874b1c04597c4ec8397a5ef3e2d3c7d41b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\190E00289F077B82BFA11F32C0DED352A07BBA33
Filesize
808KB

MD5
7204ceb74ff1830badd5553074b79b08

SHA1
9fbe37afbcad05fc3b17bf151c1b7926b75cf30c

SHA256
3cb821ed549a49f00f9c051c211223c1711699e9eb678ff2a4d0f2ea2c4bdfa9

SHA512
e9c2ff882906f7cb8474e0e2693e8147366885539bbc330f391cf8ddae1ce6d07ce86dc35e6ddf60e4158a09eff1a33a1470edb77ddcdf2a4a5b311167dc13ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\19B4FDF81CF6C35245876FD65893B1C1CA413D93
Filesize
98KB

MD5
6488f18d373200b0b3dfbdfcc11db5ee

SHA1
eab83ae3c490d357067078f00943ae2e380fcb68

SHA256
465e2c5828ae675bff7389b392c85d75b97d834b268091685c00f740820a4446

SHA512
bfb46c99f038456962ea072771d0797ab19f11c76ecb7e3b03c46ccc643b54b2193ba5fbbe18a182742134b781655ad39a2668120137e1752bcd0c6bdbb2910e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\1F5608B34A0FA586C2D2CFC7ECD1F323C407A246
Filesize
113KB

MD5
496e4cee235df5fda25d9e3cc85370da

SHA1
253d44e20739da9b90f3b88c0a1103b2e6bec6cc

SHA256
373f9d2c6802873472d3389c2305893712ea065eb2d00a7dbbf7f24217081a37

SHA512
1ec6a57b0fd0d7eedd88ec33cc02362d1628d6781bbddfa813672506c7bf8b7214b22e706fe8d0c1d2e180a0c7c43079b85f76d2de110e3667e42fa0e00e909c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\313A6FF3C3C7A3FE7444D4A3BA92FC60AB2356F0
Filesize
186KB

MD5
bbcb1bd93cfddeaae646329f312ac880

SHA1
6961b613f6185a8cb7541a6d2e7c528b9038c226

SHA256
9e224444d60cf0977a2fc051200eb76f9eb363a5a86d9a719bf7fed4aa98df3a

SHA512
243e0d605c151056e41b709d730e8e70d6ebd22bbb1c2dc35554c9cadea8f1f529671b5a47d81e82d846e24201381991709e1eeccc70d1f00023ca47fda9b16d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\40191C17B097B0EACBCAC498FDD42AE4825FEF53
Filesize
78KB

MD5
a1965fb48659664af7be8cc1866a3fc2

SHA1
646b72c6c9e9ed81f38a81179b54be0eea66ad2c

SHA256
f5aeb29856a2ca8054e0ae146f019eca2ecc23ca56fa099816f520cf525192b3

SHA512
00e6477287de6939aebffd031f0d6deba66fd34261f4811fea6d62473e4810f7a5dbaad1569407ed342f3f54f8031eb0853eb7e61995aeffc4313bf212f17db0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\427D10728B33CFB176CEB3C8BC7ABA94F027D11A
Filesize
85KB

MD5
42e791cf2f387098f55569af165b58de

SHA1
3693e290e45f99cac7e44a1217ff4293e0709e4e

SHA256
05d131655c0d3e813cad680d8430992a8ae303f4cac3b0b2392792f73fae54d0

SHA512
85a9c8598c40aebcee824c21d8f0449920da64ac10346e54ba881f36a66457c98b57bf7dcaea979018eb53cd331c34c711931f0c68cfa14316a8b52b475cad5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\5C0A7965D65F233979CED699F328E27205361338
Filesize
76KB

MD5
9900793c699888cafeaa8f643d057020

SHA1
0e22f404e4dc7352b2917f2a971e8ef7ad4a64f8

SHA256
f7ffa128ccf1d26c13c2ac217c5d3285800779df5fc3f47f8f61b1a6553e3850

SHA512
a9da77feadfe767ba4403a89cd26453b2b1221f110e740255182762c4b2403e3eba8a55581ee5138b09d513e9905a4c83185502d057b1c7ce92e089ec4b9ddfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\5D48C5B4FE8DEAACB50E2003AAEB1B261519B415
Filesize
18KB

MD5
f05fb5ad0eadc267d9bb5d82506c65be

SHA1
0bc1e44a9c7c6338a74f91385c5edef8a6a506eb

SHA256
226845f0fc902958eb480bb873d6ceffc33ccd24f8f00fbb89c280ab3c66ed55

SHA512
5749376136b9087f1a9caa59a614053ee7c8129131f29aab423d1d057a918a595ba88f5270f66f7777bd36ada0fb4132b57cbd61bb9ea918a9629e3622843923

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\5E1C13A16370C0593A65F2304F211CB53772E518
Filesize
282KB

MD5
8803afd6bfbc0f374f1696d009dc412b

SHA1
8c5d1b11a5d12d7132801777c2b0da93935ca096

SHA256
38959340d16597f2a46709f4fa579272d3695a9da590f2702be493db89282bd9

SHA512
36fe2bac6c90e2d6e45cec2f26ac69c6706de9ea12ee7cde5b9ce5ff11140399953c9a1833035465c85d71406da9c50bfe2a287f5e0fc1381b015d65df0a7ca8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\5F8933BE53591900E093A2E6B90ED8B004E02092
Filesize
73KB

MD5
1aecdd4830582a5bffd17ae138a67fb3

SHA1
273c438dbee76d91644071410f74b5451bcd0846

SHA256
8389daeaecdb326cb1e7d4c344507bda9922621196327adcccb0feb9a448f1e1

SHA512
0dd46a1727cbf30ccf42546b699ce0dd62acf898426e775c0e4c1036c85139b077512711eae7a2f3c76852a9f389acf2fab04059d434149fafc349add30b1d8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\6974F56574072FBA6566085B5F4F0F6386FA874F
Filesize
92KB

MD5
204f3c7c7c314755182e9e0d0dbeb830

SHA1
41205b0f34b52e5e601a73fc52cf7a66cd3df8fd

SHA256
bd795595a04516c7bcc0d5edb5581f3aacb7244bfb625b430b17b76acf9534f2

SHA512
4a41b403b778904b3a2d845a030490e573ee21617e5fbedb6e1336df3e12bb714bb2945c6f1f61b8adcb26fd727ea20bf0e4b13110be4aea5b296c40554b9da0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\6D1C7F458D4BC3772BA08DC6FE1CFDF358FD6795
Filesize
368KB

MD5
8b99d3c6c43ec505321bce0a24d7feb0

SHA1
dcb99f029c1811b980fb8480cd18d0b78a12c812

SHA256
c9248ab31797e8a3275402b2d1c6eb92fd0d6299e5ebbca48f46393da009f08f

SHA512
9cf319475ef4776eec47fb9d632d2079c38d9aa5f3a26ba745e32d859c8f103d203ebe14e1b98d12d821b195c3f1fc2dd157e59ec4abc2f5cce770b34932eae0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\75839E193169A917C05D68EA42472809F45B4106
Filesize
179KB

MD5
7de47976a539a77c01849438c00254cd

SHA1
d34f96fa000d98478e57e16c8b9f5e945e9cd63d

SHA256
2f42adb1aba9deffbcbd13f58588f9fca75aaf9d6c5e269863dfbcabc8366ea0

SHA512
5d8f676bc781607e58fbcb8701010aec8c72a65b2d5c939ff2297ed9dd5f32539c4f5de20f25242d355d64e12c01806873a29f52f4ec5beebc2ad206ac6f49ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\7DF24467B7D788A178D0887FC514E28167572B45
Filesize
77KB

MD5
3b7586b185b9ea19e12ca987b5bcc19c

SHA1
379ab27dc8b998f556c72845826ff15fe932c6da

SHA256
8373bc76eff79ac6fc9a7864747cbf743e69712760950038f7d00fddef4a28ce

SHA512
001273a34c8772b676fbbd805cf488d17c4ead68dd7496b668b7f5824c7491104cf0c2700f6dd069da688ab474154b5754244a790f2ee9ef5bf8df880c9609cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\86AA8249B41D9899D306E53E61CC6C6286A5717C
Filesize
91KB

MD5
9ee324d456bdff0417e567a149cd9f65

SHA1
db313b925c89c6f3bd70fa5c9dfff25b25a211b5

SHA256
86e7afe19838be567b9027b7dbca1aefb904cf2d883d455fbf38b0c6128132cb

SHA512
7cd4d1096979567af942d4399947be7986f8980b05009e041d47b144ce5d6d8598d3cea58fab04a06c22190d4fa9708d7431f968cf036ad43c3820b9f151af17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\8CE588B90A6F46073DF8CB88F3C28D7E70B1F1C5
Filesize
38KB

MD5
e352cf2cdc9374b9e56500b910e8bb20

SHA1
bda8c2946806d10285151f4ceaf925aa0fd6a031

SHA256
2b460ee4358931d079bc365432dbccc681563d619327c01387d42a00d32d7c22

SHA512
3134a60041641cee276c76d682ee7115b993c0905808eb53b95682e548ccde9d018ff86fa693954eed339924b0a8ba9da7fc7cf737f7391226f260aa4961dc56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\A4BC0C99327D7691FF360F07D11373B5791EB30C
Filesize
14KB

MD5
335247bb94fd5e33eb0dc5b36692f93e

SHA1
31bfa01202c1d859ab199024e40871ddcfcdf6d3

SHA256
e1eaa0fdfe10af43ebec3fd947cefd1e7d93e8dcd16f497016d94e157f79be0c

SHA512
0d4ea9b29dafdbbb435d5fcc5972f68c098fee1bfd0d1a022d3ddb9b0d2019203f279dc000917048871c6190717015c823af580a63c4eedcde453fd4666d7a1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55
Filesize
40KB

MD5
7f330d20fba64e5ab50b335fdf28abd5

SHA1
22fda7c8fd68ba7c16f5f38c7ac91f256ff1e9f3

SHA256
bbb50cc2ce83ff2b73548e7c44c832b7aaad6b47fbb84c34584ac604d8b05d43

SHA512
9d81bcfb75f27a1e8fceb164acd8ee81375603eccaaf66784a1eb00301b94bdb3577406b162bece080acbfa8683b334118c6f963c15266ff14e59b06a6cb0123

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\B09A4CC66686DFC356259B24A61A1DA0A4F4C113
Filesize
1002KB

MD5
2fc06b229bac0d99988722024ebf59cb

SHA1
3196b242f01e0c41d270299b21b2849338fb4eb7

SHA256
f7697f31c51d19f9c66e024d3c1d35f685ad04a15dfa9f53f4d47dde704e12b9

SHA512
7540e1b3dc983f7dcc5d00d44d3e9e6f00dd3539d364c954f4b2b2d4f3c89b7dac0859b3afa1fa8c60272831e8f638f6bfdb38bad42d486e8789c52890061942

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\BB4284FF71CBD01E8C3683FE72CB13178A41F3BC
Filesize
33KB

MD5
c60a4e4625e71dc459032d65dadb0426

SHA1
25881719e9584735a03c488c705bde31c68b4567

SHA256
f410543e8f6daf9d027c519f070188d3f4291be9a1ca821f9b8809165b516228

SHA512
8f305b70882fb0ad3921590b4eef482690fa47480317b1ffaa57b9833b10af854c8e9588f7468f14c71d9a42a1d1975424c7bff3bbf8f8033403b10e045a185b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\C37E9D35EACC32A8EF99C44AFD45BC55D864BDF1
Filesize
150KB

MD5
369afb1df82af66e2b48a55286ed660f

SHA1
b0780fc405147781f6df37c9f7bda447d721370c

SHA256
f0b21d52cd1032204fc9115c0c6b945fd91189da4b33f2008e9825ecbe8d0d54

SHA512
94c9bd5ef4ec10afba5feeb5ccc71d592ed25215af278528c948ce8b9698c1fc35cccbd54dba826fe919869704bd8cba9dc337a824b466225d9dda2847b70249

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\C51586296FE3710C4FD26381E08CD99BEE4B012E
Filesize
16KB

MD5
3ebc82c2041cfe3b12f68e80311ee473

SHA1
d042b3326bd607bbb6bad324f5f5bbd8b5762893

SHA256
5a86d163a26cdf950e33d02df7baa1dcdb2dd9ac83255480c81eba64a331310b

SHA512
6b250ae6da0d7c8c3e5ce710139f08dc7aa96e905c16171914e3503ad2a9f479c7871117b6b93004c7df5cfbb46962a886017943fe8806144d7024e7b302f96b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\C553181DAA75F69CA03670B97B53EC9F778452DF
Filesize
149KB

MD5
2b68623898758cf9d40ab7c2f166cc26

SHA1
9691ef6c4f81ce50ea5863032eabc6c7c51f3a68

SHA256
46e6b15a665075d9a5575ffe389780999b096f9d4aee0bff46d164c6b28b5762

SHA512
965967055b6bd5ad27ccd4725dbd7e355fa640fb15ae3d287d1fc5ea9d72aa770803364695de6ec93f3b5ee8497a9886e62cf747b645ca005176624efdf0fd95

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\CAD788D957BDDFCFF63595A5E09CE8046837CF58
Filesize
115KB

MD5
265912dcc78ec6dbf442bc551775c301

SHA1
28ab3000d40e077c1cb9af5296bad36df8b12e99

SHA256
fbaf20adaa5104aa4b991c5d140fa5b4931d9d14956559301373c2e80d4411c4

SHA512
a969893cb17e472d96248c02caeb35803d7448fe5fc601da39e47487cb0126ff4ead36cfc9ea421a2271c3acde26f73e79e89954658e645813f0c22fc47d5d83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\F9B1C63BAB0FFE5BDA3B41341B852FB94C1763A0
Filesize
65KB

MD5
c270e34af4829e9562cf76e7ec653424

SHA1
7dcfefafd182e17ea9d77eaf39c876cc80205b9e

SHA256
853f8c0410a61a8370c5ad9136580442e75448febebc533dcb9788bfca89811a

SHA512
12b355abf8533924cef251aae69a5ece2465d856833c535c4aaedd112ce65d67fb9601ec73c3fd6304d60ca739b17764971c01e2b39c0d508c130b20e3800419

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\thumbnails\20d86160eaf9f52082ef2a71d382f295.png
Filesize
36KB

MD5
7d0dc7acfe0cf601397e6b2b69a70153

SHA1
cce008ce7908cf87c53653a2987e115bf70fef05

SHA256
0aac2a4bf9b455a201d275918ce691005f805da3765f4127cb9dee592d0aee22

SHA512
36dbbb7b5370e4774fd810aa4e592a733fab1275eceffa04947c0d92096d556640df3631f9ced93e7b9859dbb798b0c07f72380147fdcaec2cc7daaece505b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
Filesize
1.2MB

MD5
f96faa6ec671eaabc66ef44d5a715db2

SHA1
71b08ba07e5cea3490daeb4b75b4262b1e8a9821

SHA256
6beae61ac55708892f869336fbf24f5987b433d3abe54f00bb69a098715caa1f

SHA512
ab02f785eb412004de71337a016861e790c643bffb7b1ff87d3c7f62e9ebe139fb13b04c4605ff8f069e9e0eb032427e864a6d98af5b8e25fef770bb84272838

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
8KB

MD5
6e9496b485f629391efe17893e171a20

SHA1
f60630ea0188f0c439748a8c66e4fc2ce0433f56

SHA256
c13bb69f2414ba5ff03b193881825729f96fbc15e431b166da6f85c0d1909061

SHA512
cfefc53e77a25f3d73f34241747844e9f40013f37e46690efd22f7552aa0e027f4255783bd617d158b2de25a3a094543a615d4486157cd7fe49c1c2f08cee57c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
cd81379cd3a75c87e46c6599f19ff2e0

SHA1
f3166a0dc3ab3e5ba44f893ff18839cba337a0e3

SHA256
16fef1be638ab6330f65dea515f510af0aa22c781333016cb5eae7512ae82d4b

SHA512
43c611dbda19373e2121d2f1a1edbac778975e0ceb9e1d517b841c9e44106d0b8bdf1cb358920278f438407cd72c2feeec0e72f9da84df85f6f42abcd00c4081

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
ce1c1ba53260f36252515fc76e570707

SHA1
4e502982bfd8f30f8fc62104859b02036976bf2a

SHA256
d8a03817dd5d08d3db524c1bb60ad5ec6330c27efd6be00e712ff8a70b681f02

SHA512
3dbcddaf413f35ed4b318fd9c390c97d5ee4097978bff1ec9e3eea75f75d19008818a89f0f3aed11a07546b4635297a082ac12968d38f79c4debd965c04659b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
616a2edbec9214707ab5d5280b9fbc6f

SHA1
62c6d8034037736b6e83a2118e381333d5a21deb

SHA256
aba597a8aa5fa3880eaea4f7489441debbabc7536e321ede0194bd2634270fcf

SHA512
9894d139e97673df1ccf90bd2f1d4c7d754ba750568362aaba98ec312ffb882be17745bb59222687b9440f54c48874a69489a8aca2ae98a163a1a8921f8e386d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
c7cce254799accb117a85342217f3eab

SHA1
016188b01a254c54df5180e5d478f5737650eddc

SHA256
069261d32e02844474d14a4dd209ca3b3d20bfc6ed180094dd77bea174a4fc2d

SHA512
b86b5780db5736ff77dc291982ab98a279c9c5172ed2bd0f7a436f777e87d0428d1c0430897495a9ffb3e18bf6620b558f17e63751201fb08e13c3ed7a4d467b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
d86d6a3a097798ad5b4695257152a184

SHA1
5426d58b24573e12b37961e586b921eb5c5f1d08

SHA256
5f6eb38f18e647f6d74623d6f69b56ce01149252b7956ba9c7c95031bafe342d

SHA512
7cd39a1cb63d4ccc60fe1695cfa9197972ab9d567df383ac133f0ac9c0779d3c2897b7114d6e2acc25170cbbd229af094d401ec20080d0d6ebb8eeea04b27b8a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
f8bff5f32727011a05bc95d24b27ef51

SHA1
738b1c98c8eeff88bda31f2b5cea4e34538b4b09

SHA256
8a1415646a302a945a180a28b667c6eed57dc7a1061d0812418f97dad140078e

SHA512
a6fbe9b2c1f2baa004e4df42c27fd682dd640aadf41bef467069f20a4eeff7a24e5ccd0d680c2deb51e54c082e929a03302235f9ebe5c3692f9a1d763f0d237c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
8df4f89ddd0bc9bbfcfbf226e28cb2eb

SHA1
cfbb52e59ee23a53b06a0a5daa6ebe40db5f46c4

SHA256
05083155fc3da74f9d310af3450d1c220f3ee650ecb2a65542e982139c607372

SHA512
452426b9b3cfdeea379860e44c6e4ef938ea7fd9ce7981adf542149a85e50ba00ab8b6e40efd64fe1eb44f4b81cab17aa45be75f6abecd55d1f31ab790d718fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
4e3096b671695fbc57d6b75fdab08ae8

SHA1
b07d8731f8d0008e0e9cb7cea3611030af4f8192

SHA256
5f4c0b9941dc094c360116b55f386fc43c3d33ff56bb830bae1583ac54603a0f

SHA512
04e9ae9756f2b77ef5f69173cfe3a019c73d2ae53855263f9a96d27cd5ffe830e167b39fe23dd9409ea016c616c5e00a86da3076c6b0eab2a1489d45f51a59e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
c70bf3efd59afb5eb046af33c05477fc

SHA1
8816e13d0fa5ff5212d20374d155fe4026d35d66

SHA256
62108701ca96b3d50f81b5445697e9c107ec87670dac414c367aa9d3fa3ab4dd

SHA512
21381ea11fcd92b0a4debfc92963d18e9c6e619ef0451593dd8ebc7b3a4dd4c2b84c5dc424116c215e953f596f83352c8f6f6ca642b94243b2e04b37f058a2fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
df30574182eaaf4a508a62b53d22cf1d

SHA1
11aa135aa2c6f3875b78d3496bc229eaa2943190

SHA256
37b994c939757f398e3bdf15631dcb79bd776aa4faf6eb6e1375ae4a9c8b3cbf

SHA512
01101b11a57154d563df9c2a92ad1c07a625d3871ce46b43408d4ef2801af83c3412042fc49e592612c5b970740007926aa877d7ea340928ad1f153715ea4dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
380ac8bce6f22dec24dfaf15d28f63ed

SHA1
60f20c951a192fe4f643f03cb12dd089c9fbb918

SHA256
2d6f7ee6c5e27d96011145401091b884a9024870278ef898eec3f7b1885bd8c2

SHA512
81eb1f783348f635d7ff6e03236f74fb56ce666cefb07882f952f801501411655795890fe297310588f9a3c91ef11a44175f2008b118493e75dc155100ced16e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
28a332d3c3dbd081bb2ced834fa74742

SHA1
6d63a194a2d8ca590e06ab209f30e7ac3ddde2ba

SHA256
79771426fd00aa8a14ac4f4b6436e55be21ed7fbb28263ebec4f34fae7eec759

SHA512
e56f94588171c2e1ca4fc41aadde7631bf0b7ac9b61764764a7e5c3b3b716e8c415af14e28b7726536813e37c719ebf7830c1e55b482bd35820cff99319f5189

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
4faff1b6b0d1a84d5b1af698d0c745a6

SHA1
a5ada2572f943f5ad7c4ef4406b189c42c2b2fc2

SHA256
168bb75c5379b48e23ab38e58f4f3c0309a29aad7dc081d7d7fd89fa703ab25d

SHA512
f3b32bb15f674570213a7c0c686d0ef9331ba9cb041eb1c971c859f17891c47b67a39308c64de624434460bbd4b67cb04ab6dedfec07a58f3f0811a4ed1f9802

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
f4430f4af020193c5c304dbe537930c5

SHA1
f61223448661b35237e84bcc4190c7b0c67a4ca5

SHA256
5692963310cbc5378f6f0d85e9dec7a040b73a26e471563d80d445cd4850212d

SHA512
38e0f8ab92650c94b5d74a293226ed6ffdebefd228e92440888df07460fa6b9840ffd7a9de5bb1a9d9268405fa69f64fe4e6f1c68648e759cafa19bbd4b25815

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\places.sqlite
Filesize
5.0MB

MD5
85b777b0cc133aa5914a5349b8bf5056

SHA1
3885b36f307b7a3e991c9d7787d378d19b9ad92c

SHA256
f7b019f0d3f2ca7fd5dc25720f167592c821b12855c6c45e928f1024d9d38556

SHA512
df046d47c1992e44c4563a46e8b7c564153b7ef94631e8f44e9feb0187f87647931826257fc6c8a95cef793effb80991e11e8934d3df8955d400e281588c2ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
7KB

MD5
e4c793d39fee36959b6c642e1a354d02

SHA1
8fc13155880efaffad550d3753fd4d70f7512b60

SHA256
1654150d765bf3d171005d752f7521f2d8d33c29d4337d25763929f5f18365b7

SHA512
32d83a1690f941ea888cffeb8441c536beac418cbd49fdaaa2d2b0ae732edcb9b593f261a0bbe305d4bdbb406a716025707f0f09c898e76e6ef967dfe652fd7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
db2c135734ee5ecb18ae009a0837741f

SHA1
a800adcc8787e1a132ff0427655153f1e06afb19

SHA256
84e1abfe91710e981ed12b74411463c3c1f2438f55f0031a667ef045f3492488

SHA512
dd74f597c51feec71feb9986465acbd028df015748406a760fcfe062cdfc564327852a59839f833e08ddc0ee438b8a34088dc210a301449f9509035e397fba23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
300467f4cd799628155da3b839b52564

SHA1
d7295978741e6d2a537c0f43e251b7b7504dc7b2

SHA256
ad13ab8ab7609ec84b96bb768e15c42ab28b479652c24d8937784e3e6f03fa31

SHA512
a45d33a8ec4a91eab83c96747ed020953f83c14b4e89a2ba9b6c347ff7b672659e164550329eb17510a011525f59a42d250a1c807f84a599498c624642d72c7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
8aa930bfe09533af21c133c902db5501

SHA1
b9a53a334b25cb40153f9500dd28477fb5128d2c

SHA256
38d055bd1d5eecf707ecc488e49e336b52291b2d0a46f1459aef7680c7c38ee7

SHA512
fff98be78fc545c46856e40ebb37195af7841a80dbc15088c39b90de660dc78d885c4129f2809bfb12e878ca8b70c89d0432c3eb0a61bfc3cf0246e12434206a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
48e824e56bf95748556409aa4f108e0b

SHA1
986ecc3fb098d82cc955be42ca56c916b932d451

SHA256
beb722ea9967c40e9a1a6927f7b0104cef17930428a25522437e500dfb4f6c8e

SHA512
965986f49560337cba493c4fbc66e60af30a7d8dabe8b93efe073dfe39652315b98e5c7156b098e17d6c4583b1e12a41b7afc9c88d52a7f8e85116ecada83118

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
0e620bb113c7c7feb25381a4057e4379

SHA1
38ca356e018dc0b710804cda8d495b51d6c3c247

SHA256
5689fb8405c5eef052dbdf6643149fe5e296d46f327905b9f4dbc40e47a8d1a0

SHA512
5bcc58c1db7a67b3685ae70a29b197af6008e79d7d4e3d66504b4d35b9d23a6bb1eeac5454c7f3223cb68bf6062aef1efa4537a337b611f750112830ae2fb145

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
7KB

MD5
caa20eadbc090d0cbad8182f2d7e707d

SHA1
2e6a60dcf162e88797e3b4f4f4d790befd740c0e

SHA256
d80277cb5f7c3953e1ac43203286a6031721ae77c83253d40ed1ac62cb70a831

SHA512
aa9bce4f344bdce1f62d62a1f204e5f7154b7acb42b22221962b840b81933617f1eb1297ee11fc20a127bdd7141a8766a8b44da34e944e0629e1cff4a1e89c39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
7KB

MD5
43eae323579d1e03b6fcae30e5568020

SHA1
fd07494317d4cecfd93a59c67b657312c3c68938

SHA256
8d9c738eb85528dfc84177229a726c4b78c926accc695afa7fff78e0b6bc289a

SHA512
eba7fc58c6f3d376d84a43d7f4b326b4858209dccd2b539b79ce016176fd22769b42ef86b93e86c2680643eb3dbd012329ac70f2304a09f2b4074898ba631c15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
b704d62d17ae30a97805021b8cfc4b77

SHA1
bdb7c2cba19bd7582fd2058824b02bbe17770c66

SHA256
c24d50a58371d2fe3d346664651db481e902a4cd5fdd8231043c84236858634c

SHA512
715219e30618cc15329c8fdfc934bfafd6ccac0b610935e4ebd1f1710485fc25041958cd415fcf10a219ba463e0fde14e0f9b2e3a3e89a23aac71778650638bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
6ee3c81c29c3a523659182958de55e1d

SHA1
9cd0c0a407b63abd1aab8d5e58fb70cdd07f3d25

SHA256
9182980502209c0e5ea911faa2a580bdc31f517b1f73ff737905d189d334b934

SHA512
ba27e44c32f497877162266a0a368beff020026863cb264f13724b59fb6be75dafc4215146af5cecf07f9a8d1b14dee593652bb900acd68a3ba327b5d1b18b87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
a63303ee7ac4f8b1e4ade54a1840d64e

SHA1
19bc9ed5fbf3f2d7c54f4dc7c47f40ae511ab61c

SHA256
6222059e32345e85ec203b400906bbb9853e17b1fee62739259a6133a61b023c

SHA512
072e8206f4efbdf985fdf24bc0d7cee7229057da2e9969f609974139ab2de2a3382e809248f3400f870385f2d65ac8e3f63d854c2618a0854a8161058b24bd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
7KB

MD5
171a32583c09f6c7ed68e998c1079d5a

SHA1
9aa5e5e1a37ae313235aae203bae1d26b3054ee7

SHA256
88db2a3f4e709fb7302251fc1de36baa1f3e1a47a4a47cdeef162270318d0cd5

SHA512
b46256e3e3c8769fab8944c91e4d1be93ea4ec1401fef3d50ebc6ca6f2ac07db21c93589b3de817f44ce004cfb4ee9c585c056fb80304aa2db02b11bb3a5cd7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
9b8b2957358a1bfa106379c037d22e17

SHA1
13304f1f80059d6499ee40577e170d1509add230

SHA256
c060557c19a7e3839d76a5ba01a739b7936ad20812ad9b38a63de2895b073b19

SHA512
159afafdac98e1f135c2173a4db135beddb68958f3d6f9013b6deaad59bde0fb50337fe7f1919eacd0eacf7979c8882b6d530fd77030135f00e7d00fd80dac11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
3b21c983d09e3226be039c26d7a4f45a

SHA1
e1767a6af9a0eab1850685a776e3c02a67820a66

SHA256
a3a1ca7d38bce6135b2317019324e74f89464f7dd3977e51f02d8a9f23e98ab2

SHA512
ec586484783eeba8cba8809df9ff47614f94f14ed45f9001d6b660d94642c05d343f43618c9c90547516b300220b559429a9b280768b2c238d53a091e4298e8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
35014e746f9fe2f2151f97b6da4cf828

SHA1
2dc8187f9aa9629bb10e858171a1ca718e320a77

SHA256
3df41950c856b078848d90e14b3aab6fb9e2cad7d9f1b3fd391e2704ddad3dd2

SHA512
b7636cbec2accebb0c3f6848790c87b11eaab9ec3439655a4cedd10002ba0bb8ce582b2d5af8e26400c472bd8efe01bab2150aebd7265bc0695bc47148646e5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
31931735a1e24186088d23fb16cd2654

SHA1
2c601e65b8c7ba968caca61f946301b26ded5b70

SHA256
630eb6b2845a86375a4d6e80fed890678c7d12193a1441216be777e586b18bdd

SHA512
7db367760df13a670cacd475b51d515713791a8e74aaca78c6f4e4681e82c9687a191082fb2d61791face692a1b045c8f873fd03a883d0b1e78378f9e2fbad35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
bf2aeb952997a52050ecd70f64421c02

SHA1
0862906ebdfef8c955b40815e2e5a2fd94b8ea33

SHA256
0ac1cc276f839d62a82cfc03364e961350bf39b87e13e61eacab3eb0c58bda07

SHA512
8bacae8855af995af0ae1c009b3e2d970072a6ce199e647540258a3f1a61acf6f7720b5ab85726247f9b3349c6249226ddc7c715375ba7a265745305483beb22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
11KB

MD5
61539859f64035db1b479cdb7ddecc06

SHA1
d7a2f0826d8e2bdcd47a229e27b206a4ca8c0663

SHA256
eb52b485ad56d508e2c8878fb4507a4c0a1501a937c527b53764c394091b936f

SHA512
3cd3502f452fd5395079e9a318f7e726e1a39e333a602b0c81e0526cf72bc3fce156da3765c3ed6c708555f61b94978d702cbffa891603f8a1111ae5bee83a50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
11KB

MD5
2556ae57ff949c1a4825c1935dd37671

SHA1
544d20c02e272f39ea27914e04899fa7cf3c6a2a

SHA256
542459019c6f9b1706e85365474177724034a3975911dac6f4866ec2fda65bf4

SHA512
dbb28df1bcc1a600d25a3e46fc57d92f2ea6b5536e8758397588eb8430d4cc465aeba89776656b8a4e4fbc961e5ee37a91379c543843011bf38d72c64f549234

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4
Filesize
992B

MD5
c8c885da3a6d78b8011075b30a338f6e

SHA1
c1f18980d2a464c6a5bcca8abe6fe47ad3d8c8a8

SHA256
318490316c93fb1a7a8601915556367823976bfc53c6bbd4ee382d9da3a331c1

SHA512
839ee9771c356ba80414c226d9624b906d4ade05aecb0865134867d2e2a053834b1f0330f0ffd3eb73b32051ccad193eb8b2fa9c83294f3ca658974d131e4089

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4
Filesize
12KB

MD5
58f49f9bf4a7d8d67a42f7d582a6d628

SHA1
56e8ba92f4b9ec99dd0c1c63446519d6e3450178

SHA256
d8cadc9af92d83b7579e9c12dccd7d2a2bdf7d646ce38eb5ed1c91ad4032db54

SHA512
37150873f86b643e324ce39ce1319d8320f3d2bb1e79fbf415316a139e95a70763413412284f6a698e57e1b9059c7a91aed29ac8707af1f5c44e7d3545e1c855

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
6262318a132fe15266e414699d4ca45d

SHA1
2c128fd41e90f133ddd90009a1e682c16e144f89

SHA256
278690e2f9dec5c32fd051c57891e4bc57ab91daa1ba55c1d0da8b032f3def42

SHA512
16aea883e97cb9ee57bc320b10a47d48b4f0a22af15ac1941685b5c8dbaa07fa5c88cfad077b5b995f66a6eabb9743cc388b689356f3face0af9a477408f19de

Download Submit
C:\Users\Admin\Downloads\NavaShield.62U0XcYy.zip.part
Filesize
319KB

MD5
23b38fe53374040ceac53432ff84e053

SHA1
d5d57349d3008dc600352ceccacd55dff2bf1c5a

SHA256
128f61e50846c7f4fca43078661806c0ee18cad283948a0e0b7effb42708c820

SHA512
849b81b1182b3bc42556711f293b54eb07a430026c94adbcf5aac98ee65d0ae4adb8badbbbae9c05c418586c71e05434bbe1cfc03b529b99f97679ef005daa00

Download Submit
C:\Users\Admin\Downloads\UQg8P03v.zip.part
Filesize
8KB

MD5
69977a5d1c648976d47b69ea3aa8fcaa

SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a

SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

Download Submit
C:\Windows\SysWOW64\MSVCP50.dll
Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Windows\SysWOW64\msvcp50.dll
Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Windows\SysWOW64\msvcp50.dll
Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Windows\lhsp\tv\tv_enua.dll
Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Windows\lhsp\tv\tv_enua.dll
Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Windows\lhsp\tv\tv_enua.dll
Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Windows\lhsp\tv\tvenuax.dll
Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Windows\lhsp\tv\tvenuax.dll
Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Windows\msagent\AgentCtl.dll
Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Windows\msagent\AgentCtl.dll
Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Windows\msagent\AgentCtl.dll
Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Windows\msagent\AgentDP2.dll
Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Windows\msagent\AgentDPv.dll
Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Windows\msagent\AgentDPv.dll
Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Windows\msagent\AgentDp2.dll
Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Windows\msagent\AgentDp2.dll
Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Windows\msagent\AgentMPx.dll
Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Windows\msagent\AgentMPx.dll
Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Windows\msagent\AgentMPx.dll
Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Windows\msagent\AgentMPx.dll
Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Windows\msagent\AgentPsh.dll
Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Windows\msagent\AgentPsh.dll
Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Windows\msagent\AgentSR.dll
Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Windows\msagent\AgentSR.dll
Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Windows\msagent\AgentSR.dll
Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Windows\msagent\AgentSvr.exe
Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Windows\msagent\AgentSvr.exe
Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Windows\msagent\AgentSvr.exe
Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Windows\msagent\chars\Bonzi.acs
Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Bonzi.acs
Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs
Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
C:\Windows\msagent\intl\agt0409.dll
Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Windows\msagent\mslwvtts.dll
Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Windows\msagent\mslwvtts.dll
Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
memory/1376-4033-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1376-4034-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1660-4030-0x0000000002620000-0x000000000293B000-memory.dmp

Filesize
3.1MB

Download
memory/1660-4045-0x0000000069F80000-0x0000000069F88000-memory.dmp

Filesize
32KB

Download
memory/1660-4026-0x00000000023A0000-0x00000000023BA000-memory.dmp

Filesize
104KB

Download
memory/1660-4025-0x0000000002370000-0x0000000002382000-memory.dmp

Filesize
72KB

Download
memory/3548-1881-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1882-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1880-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1887-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1888-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1890-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1891-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1892-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1886-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/3548-1889-0x000001A0C76A0000-0x000001A0C76A1000-memory.dmp

Filesize
4KB

Download
memory/4444-780-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4444-1049-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4444-1833-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4444-1644-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4576-4044-0x00000000025B0000-0x0000000002737000-memory.dmp

Filesize
1.5MB

Download
memory/5116-4042-0x0000000000D20000-0x0000000000D3A000-memory.dmp

Filesize
104KB

Download
memory/5116-4041-0x0000000000CF0000-0x0000000000D02000-memory.dmp

Filesize
72KB

Download
memory/5116-4043-0x0000000002780000-0x000000000290B000-memory.dmp

Filesize
1.5MB

Download