hxxp://google[.]com

Analysis

max time kernel
706s
max time network
2674s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2384	butterflyondesktop.exe
5016	butterflyondesktop.tmp
5312	ButterflyOnDesktop.exe
3688	MSAGENT.EXE
5768	tv_enua.exe

Loads dropped DLL 11 IoCs

pid	Process
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Windows\CurrentVersion\Run	butterflyondesktop.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop	butterflyondesktop.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Butterfly on Desktop\unins000.dat	butterflyondesktop.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230413161120.pma	setup.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Reg.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\speedup.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSINET.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\Butterfly on Desktop\is-GHG2E.tmp	butterflyondesktop.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Uninstall.ini	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\fix.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\empop3.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BBReader.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sites.nbd	BonziBuddy432.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	BonziBuddy432.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	BonziBuddy432.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	BonziBuddy432.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	BonziBuddy432.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BonziBuddy432.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinSource.1	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D46-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\VersionIndependentProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{972DE6C3-8B09-11D2-B652-A1FD6CC34260}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{1D06B600-3AE3-11CF-87B9-00AA006C8166}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Version\ = "3.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA478DA1-3920-11D3-9DD0-8067E4A06603}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ = "DMSWinsockControlEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\ToolboxBitmap32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinStorage\CLSID\ = "{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CFC9BA3-FE87-11D2-9DCF-ED29FAFE371D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CLSID\ = "{8E3867A3-8586-11D1-B16A-00C0F0283628}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB52CF7D-3917-11CE-80FB-0000C0C14E92}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F55ED2E0-6E13-11CE-918C-0000C0554C0A}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\ProgID\ = "RegistryControl.RegiCon"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AA1F9B0-F64C-11CD-95A8-0000C04D4C0A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F55ED2E0-6E13-11CE-918C-0000C0554C0A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0A45DB48-BD0D-11D2-8D14-00104B9E072A}\2.0\0	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDateComboCtrl.1	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Version\ = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Control	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD33B25E-E99D-40C3-B5C5-7F5C3F130777}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CLSID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\ProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\ = "ImageListEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\MiscStatus\1	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4B-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0"	BonziBuddy432.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 751177.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 268758.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2368	powershell.exe
2368	powershell.exe
4636	msedge.exe
4636	msedge.exe
1444	msedge.exe
1444	msedge.exe
4280	identity_helper.exe
4280	identity_helper.exe
6056	msedge.exe
6056	msedge.exe
5492	msedge.exe
5492	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
2972	msedge.exe
2972	msedge.exe
5868	msedge.exe
5868	msedge.exe
4064	msedge.exe
4064	msedge.exe
3904	msedge.exe
3904	msedge.exe
4860	identity_helper.exe
4860	identity_helper.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5728	GooseDesktop.exe
3432	OpenWith.exe
5692	GooseDesktop.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2368	powershell.exe
Token: 33	380	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	380	AUDIODG.EXE
Token: SeDebugPrivilege	548	BonziBuddy432.exe
Token: SeDebugPrivilege	548	BonziBuddy432.exe
Token: SeDebugPrivilege	548	BonziBuddy432.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
5692	GooseDesktop.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
548	BonziBuddy432.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
5312	ButterflyOnDesktop.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5816	OpenWith.exe
2200	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe
3432	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 4904	1444	msedge.exe	86
PID 1444 wrote to memory of 4904	1444	msedge.exe	86
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4404	1444	msedge.exe	87
PID 1444 wrote to memory of 4636	1444	msedge.exe	88
PID 1444 wrote to memory of 4636	1444	msedge.exe	88
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89
PID 1444 wrote to memory of 5060	1444	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://google.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xdc,0x104,0x7ffd840d46f8,0x7ffd840d4708,0x7ffd840d4718
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:532
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7f9275460,0x7ff7f9275470,0x7ff7f9275480
    3⤵
    PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1212 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8152 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3832 /prefetch:8
  2⤵
  PID:508
- C:\Users\Admin\Downloads\butterflyondesktop.exe
  "C:\Users\Admin\Downloads\butterflyondesktop.exe"
  2⤵
  - Executes dropped EXE
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\is-LB8SE.tmp\butterflyondesktop.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-LB8SE.tmp\butterflyondesktop.tmp" /SL5="$160170,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in Program Files directory
    PID:5016
  - - C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
      "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SendNotifyMessage
      PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
      4⤵
      PID:5328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd840d46f8,0x7ffd840d4708,0x7ffd840d4718
        5⤵
        
        PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16961154478488564534,6939279172069557125,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:1672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5272

C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5692

C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3432
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Untitled Project (5).rar"
  2⤵
  PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Untitled Project (5).rar"
    3⤵
    PID:548
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="548.0.234219498\809039933" -parentBuildID 20221007134813 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b77557bb-7ee4-4e25-aec9-fbe60fafadb0} 548 "\\.\pipe\gecko-crash-server-pipe.548" 1932 20119b19b58 gpu
      4⤵
      PID:5604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="548.1.94987041\1578807857" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d130e040-c705-4f48-b7ec-321ec62e1c81} 548 "\\.\pipe\gecko-crash-server-pipe.548" 2360 20104873558 socket
      4⤵
      Checks processor information in registry
      PID:5808
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="548.2.1424662352\1565970138" -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 3192 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd5fd35-5071-49d8-9208-50e6e72aeeaf} 548 "\\.\pipe\gecko-crash-server-pipe.548" 3280 2011c804758 tab
      4⤵
      PID:4836
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="548.3.364059726\1003224765" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3508 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7e69276-9057-4e0d-8e56-3f7df7a6a923} 548 "\\.\pipe\gecko-crash-server-pipe.548" 3460 2011d48e658 tab
      4⤵
      PID:5672
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="548.6.908134507\1480272768" -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5528 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {472cb5d5-180d-4e80-8734-81129e741281} 548 "\\.\pipe\gecko-crash-server-pipe.548" 5540 2011fa9ee58 tab
      4⤵
      PID:3828
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="548.5.1320351195\1746691824" -childID 4 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce50dd02-6af5-46a0-87ac-4ea8cfa484d1} 548 "\\.\pipe\gecko-crash-server-pipe.548" 5248 2011f0ede58 tab
      4⤵
      PID:5556
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="548.4.315119840\1511065645" -childID 3 -isForBrowser -prefsHandle 5088 -prefMapHandle 5084 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2de62a3-e203-4ae5-b10b-2a1a8c59b73c} 548 "\\.\pipe\gecko-crash-server-pipe.548" 5112 2011f0ed558 tab
      4⤵
      PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd840d46f8,0x7ffd840d4708,0x7ffd840d4718
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 /prefetch:2
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14110061934306046511,12098966054204116843,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:5996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5764

C:\Windows\system32\compattelrunner.exe
C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW
1⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  PID:1592
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Executes dropped EXE
    PID:3688
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      PID:920
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      PID:5452
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      PID:384
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      PID:4672
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      PID:1604
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      PID:5104
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      PID:1800
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      PID:5404
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:6088
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Executes dropped EXE
    PID:5768
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      PID:504
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      PID:4112
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
  2⤵
  PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffd840d46f8,0x7ffd840d4708,0x7ffd840d4718
    3⤵
    PID:5356

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2724

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
1⤵
PID:5184

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
PID:6120

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:2212

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
PID:4436
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4436 CREDAT:17410 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4436 CREDAT:82948 /prefetch:2
  2⤵
  PID:1340

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
PID:2824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0
  2⤵
  PID:4656
- - C:\Windows\system32\RunDll32.exe
    C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0
    3⤵
    PID:3808

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:5260

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:1460

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:5876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
99B

MD5
4de674e08ea9abd1273dde18b1197621

SHA1
7592a51cf654f0438f8947b5a2362c7053689fd8

SHA256
56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63

SHA512
976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
068ace391e3c5399b26cb9edfa9af12f

SHA1
568482d214acf16e2f5522662b7b813679dcd4c7

SHA256
2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485

SHA512
0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

Filesize
3.0MB

MD5
81aab57e0ef37ddff02d0106ced6b91e

SHA1
6e3895b350ef1545902bd23e7162dfce4c64e029

SHA256
a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

SHA512
a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8d45e8a0b2854791af37877d701cdd1

SHA1
8c309d7173c43e06d3123aaf8dbfaf064fe09f7d

SHA256
b0ca03718ef4e4568853c1e47cb4294b127c7e40c6ad49b648e7347f7855831b

SHA512
250baa928ff3ce347304434604b76dc8e7e487a71f81a69f679446868660c8c3012f69aa9dcea24c4f54e53e2e8363e5f3a310b72215cb233f88c1b7a74a5b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccc1f7c30a9c6181b31670830fbc6a94

SHA1
989de2c6ccf8fa4c774868fc0f42ba946580acd2

SHA256
315b183ffa95355b70878dc64b9d17849c8d87720309a3df1d4f7605d150d293

SHA512
e57ff50323af83d238bd619bac57339713237f7d1ad3e6f58522c15e5af9f67bf83c979f59f68b995c5f28fc3031a37f188b5284500a836744bb4ebaf92f9882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e33b8bc51b4efab41ae88c6634e2d927

SHA1
b5f06ccf8d8cc58230676f0378ba66eea14ddf2b

SHA256
69f02647a25c661aa1e2fae8c02d52e669f2bf7e93ea24e183701de0d8245f35

SHA512
b374558b18100f8ebb5da8f10907ad9ce2ded89f05326bf36b1a74687c3037b0d28a059cb289babe31f3f9f33f1abcb188b4cdda5e0f4fc9bd46bddccc216fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\05605817-08f2-440f-9b4a-5c3e89b49cd0.tmp

Filesize
17KB

MD5
f88d91c1b4448852c09fde57b6187fa6

SHA1
c92a057b2ceb2dc0df657f97ac1956a64eea6e23

SHA256
80889a9455273611c66ca640891f9b69e8af7cb65cc75ad5f143f09fa02bcbc6

SHA512
d972702fa17980e2670d91bfce79ebbad5bcbfd6d5f0a15639ef011e276b6005b10019511dfb97ec7bbdb52fc431a55da95b58f2823f1b036479e564a69a5787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
67KB

MD5
c9389ff6d79f00929167e86d94179cb8

SHA1
b6e823153c057862a3a74cfabfabd18f2a4c7cf5

SHA256
fecb5956c58223de433b74014e619273315976357495cce4b5adddcc46d73ecb

SHA512
cc836895114300b244308636a2d5069f9d1aca0b77eeded381960207c000e583dbc3a3de0a3f428e5fc331696fc6a780a6d404c61676a79d73608fe95e8ec421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
38KB

MD5
e4c780a544249a7967b82f07268ef432

SHA1
64b38d103f06b8de4241c62835f67b28a96d286c

SHA256
4d2dc675ba41d56f2aa6cc1286f3f127590c9748f7b4e0bf4c79b0b4bd620a9a

SHA512
74b9135f09dffd7a081889235d2f4c7a343291a4c4458ac69754cdd5790b455b9b98a128561d516202549e83671de13cc4e4b9cfb3ff195dc3d23b42885edf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
34KB

MD5
475028300cc8c44e7a4db97079bfca2b

SHA1
09b8d7346324c456fcea95fa4826fc94686ce52c

SHA256
45c8123c99a15aef1762667d2fbc2de1937449d20610023a21e47b313e3b7ee4

SHA512
70b390e79c71bb04197aa386482e210eb5e6aae9f6b42396851a0c8a7ac3a5d8d566856722e1f5748694172930dfc0a5dca36fcbdb25338b5803bb7f32e31c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
30KB

MD5
f139839a0b2291e7e31f2589454e470f

SHA1
754ac75088a1b1c586acbe6751e52a1835a4e428

SHA256
a8b226c9281cae3e162006c9d509f5bfc649724876ca81a95a48e7f1fa9886ef

SHA512
c14675807567ae8c4ca6a96e3edfdccfca99f6d9b882e5ded6f0f915b1c60b830b53e64a3c37ead2967012f8fb2907e968f2e7ecdc94929f8ff4c5b867a2f7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
23KB

MD5
1eb089bc02718406772cb599d62a0fe0

SHA1
ee6372c7be0c7cd4d5071da68c9475e4dde618bb

SHA256
d6b3ba9d8328f4c7c57f25b4d08047f1bf05cfbc0f50783c99cb6ecd377c7439

SHA512
109bba3c5faa1307fe5e349a80ba89e5230f58b9523552c52cc73407ad10c390ee3f9c99f52127845b76823b4e8ab6311cb403bdd83b48385af77a6abd7c8477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
50KB

MD5
8ef8a0a15de5ceefcfff9f289001a6e8

SHA1
410d2fe5f4de1c8552e4a3e4c0dfa6d9790d6395

SHA256
403be72015dd12ebc6aa50d74033427e6364a43fe776713cce6bfdd9f3678b29

SHA512
427c94a8a52bad2eaab941d7af10b569e5373987a0c0f7f4a205c820e31dbd352d426ef4895e6673f7b96498a235640c5b365500ca48cae05de8af41e62941ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
619KB

MD5
1dcfe390680c3d16b44191cf8ad6aa7f

SHA1
41510e6e22e8e6d8a377c6a3a027949736075400

SHA256
39632e2b75837086d42c0b477667182de20acf6840dc61b73351f468ccf8c02b

SHA512
0375bf02c52e96315d1cbd47903214bba73c0db808764d04ba2b91a90e7bf1b8e6eb9ec950b025acdeef590eee1707c8f888501f8e5b6186a3befdf4d0ab4fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
35KB

MD5
3ecbf8ad3a5a88461fd3993960fd1570

SHA1
c65af29279dda7178b3bff0affe120cc781dc3a7

SHA256
0269eabb2c1a4d81e3ffe27b15b24a4682c02556b4147423a0b207b9206a992d

SHA512
48744215c96cdf75a791fa393ee790765666636e26d07f44bd852b9f7ea584eaece41788ea0bdc778822fa5d0aeac2f2d15a28f99a6147c9091e095f9b1e3251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
19KB

MD5
a58a93d786be5a019fa95669f382af8f

SHA1
a0e0704a4487cf5cbb347e2a381cb2725119cbf5

SHA256
14fec32c04d460e676d11a71814f38d8402663bf9004753ac9b06159defeb567

SHA512
631ca2fa9571c73984e0564fbffa0c5bc58381983f1bb9f29cf10380cf46c6e6f891a3e51de2ba76d0d56800387316f19ab979b7605b207a3f98610c60b18ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
116KB

MD5
924ff32395b6869156822f28805419ba

SHA1
57441488860e5baed6014cef69f39559fbb56039

SHA256
bf1fb5d77de464e4c5088b2ecaace4cb0dc2b61dec6963ec8f568888bd4b1613

SHA512
666b00ae2f287623f0b773cab1eb78985efc73591d27ba8ffed5bb26c3dc22e2815574a45d356ed1949a1f7934bd4594d81030fabf25a23b6c4ff5f44ba57c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
48KB

MD5
d4a02a4690dc0a2c58584efd3972a5a0

SHA1
420f64c8b7e2b78dd1df6da6fb76e0de988b1c49

SHA256
94fbb30a0ca48c246676f55e55de5e15a4ff0dbd72a5026fb69d16b2545f5f92

SHA512
aa8f1a75fe2b1e14825c83c365f4701d878d4147383fe5129d97306c3bb87f11bb5fa0ff6805d1033d4dc85743823822c7a58a922484f7f4b573585171d8396b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bb

Filesize
3.7MB

MD5
18bc238bf7ca4f9dad610604b857180a

SHA1
c4a46c5883762368c24d3e944f409aad54c3bf31

SHA256
e7c2536efb15b2137c4f4c07a94ebe37d396cee2fff0dffe14bdbe4f8254e9db

SHA512
b56853230ebf2123085648a65b27a510977302cdc6af18538ee39c0b71d93f3ec5901b56e5a0481e97f7138faf01f31cc7076c7ee91a75f4d177d79f4d3f65d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c4

Filesize
18KB

MD5
d76d30e706b219e2db4eda7bd5bf46ab

SHA1
8aec5a68166127e97ebf7d977a1096de23d1ec8c

SHA256
96ed9dcba86127473f5bd34f07fa7cbc85ce93cdf6c4bb496341db7c3098ac2f

SHA512
670a7ea14ce1dbafb04885310091348028b24ecf9b87be7215c67faf3dba3b09b27c09bc8fba61a431903761ff05b4755001206dc30510085e7cac6be693f206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
8ab4f85980dbdc026a3de13e4151e30b

SHA1
3098fa720ec334362440b8369933339d0f5741fb

SHA256
c259cc2a752f011e66ad9c81fe382d32ad60987730e570e6218d695f9f685b7e

SHA512
7182ccc1f100e6ae5a135d7bf8d93784ee6c22c916a6c085d4a7b3a43900e9e6421101eca1a8802da61d3e64bfcde239b92fcf9fa660e861f8fc2828c7cfabdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6a347dda2c3776ad130c7eabab5300cf

SHA1
2dea919237146c822473201563b4d512faa7d241

SHA256
f1b38e78470c429d3965182de95ae9dcb69db48f1bc4bb99aadbcb234af7cf18

SHA512
a81a4ee73756032968e0d4b0b24fcb53fc419dedbca2cf271746ad22616a4a706ac3c6c6162715216dc1210423a4d468b2d911cac804b26a12fcbe85874ad50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
33b43f30276ca4baad94d63ee646832e

SHA1
d09cf19c954a4d72bc80c11cd814f9852011bb31

SHA256
9f6a45a85b704d606094a8ad7b041a03957b43aaa28bb64e6fbed38edc2f125b

SHA512
1617d1215329e4d3b49083d53e6dab491024864677fc27c27455d1a54df4bd2cb9e8385ee3e0fe555e8ea39c8f31bd4cf2d583a6e43ead1539ce5ee39282f992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c5eec4bbc9a088325ae8b96f339a067a

SHA1
d2908a7bdef0e2ebaf311edf8c80454787148d8a

SHA256
c045d145affe75181a184a5a22169a110ea93f2ac0d0b8e453f6142327c0d28f

SHA512
e5b3179a5c726f21cc4627543722739ada30183a96a117d1f94618c3030404d72faeda610e8733e15eee4e0edf26c4b8d0b89119016e29585c49f786ee9576bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
818958d00ffdbb151b94784082823ce6

SHA1
2ff2977427350319d5efeb2a8103ee72151cf233

SHA256
79a052624a0fb9720c1eac8fcdb7bbcb20217b08ab8697b3d75d7b7bd674c443

SHA512
e813f53b0bdefb1169523997d93eaee51f2d512d5744a5ecb668d11c099bae76219fbf1f0cddce89405458878847ad3f0a5bdec4ff7dceda1dd9dac78d4d9935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e25cebf9a665fb48c7650845caea97e0

SHA1
3abae71e4b1a72a5d042e2ca8127938748e662fc

SHA256
7ca19ad0069cb4a347d9ef277fbc267094d1d19263bd7c57e619fbb155acb1f4

SHA512
8ca08a9334ff1d548c167e6a677c94a42f77cca0441b141b07d38baf57e32699df216f18264f779a3361a40d132caecdcebf564500a22bafc1766e7f0ccb1de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
736e73e34f9398dbdb12dd93f8b7e0d2

SHA1
78fefd9d01e67bf20155fcfc0d622ff492003e73

SHA256
4c84ebed017bcee00f36036bf69388c3771fa914e83bab3eb999cc02a7b07ae7

SHA512
882f680915758aa82c1466e29ec1e6907d526b01464571153a4c1a43f2fabf54421188e8abce93cc812757b38da8290e74285a0c9ca54a2d7c38d7b989a0425e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
25da23aa733e884657caea94eb05e07f

SHA1
d34dc04f483cb6ac5ccb2ca304eb113e386c11b6

SHA256
f99ac9ea6f40726a7c47388ffb3ec9b4a036e165d835ba284ca5d174afbe8562

SHA512
55a054858295cf2997e77e29f3be204eef7afa8fa1e81c6a95ff9d4584adf8f8aeff09d08924fd9a482309af3bc7ac9e2c2258914bbd207bdb620eec2a8e9bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
41be6e20950c778f12f0e30021d5fc1c

SHA1
ce71fc5fdbeb719dbe5a50111d71ed9423b96949

SHA256
f55bf05f862698613aec52cd17da42a1085b3ff477f4aee628dfdf668db1ef69

SHA512
bc8a831b5ef9d5ab277f6e9d8bd50970db30d9bc37746b270f2a476133fbb47f2fa4ba91e7e4699e8869a66d7883c6673b15f072951bfd1503c1eca4dfea795c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
82792650eaabdd00871b135870a07f92

SHA1
986bba52224cba3a9ccca41fa82cba0b1f71c7e9

SHA256
8f794297afb381297f815c18de9eb18a9a202a83193ebae9f9836416fd4c08d9

SHA512
093e818d09c9cc570a12029b8563144b2bf2e564c9552c41eeb9d66f8cd97ca3ed069a6989dcef0afff7fe6275755fa867aed1a0bb416499596e6a56bfff0a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
678dea1a784dbf87c116444425ebc072

SHA1
77c1fb1ae53203da4fa10809787dc79a36517a00

SHA256
a22a65b9724df7c25d7163351942d493f56cba11d8b43a06042088c7e2347ec4

SHA512
52517094304d66b7447b27e25c76d57b33ca3461a25b221ac46469b07db2aa6c3e6990f223dba458ac81c5c6eb5409f10c6c1b1ae1043867700f684315a991f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
7782094ffa85bd751345a87c8a1782a2

SHA1
17b8bd5e5ecc1eece5a6aca1ed6c82509f82f826

SHA256
ff41952b7fbffff7552225d8cbc48d413419a7c1e11c24093fc75cea0f999058

SHA512
71c1dc6cb47c87195e3605c94f60ab056c8bca72e84cec16fc46e7c86df9cfb53e892108817237fa40158be35502cc92afb14c4fdf017820f90a5a4578b081e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8d840e02232ae84c5aa0f3f909b344bb

SHA1
f1e3c90f83b2188645cf98ef548fdceb13ee0ce1

SHA256
9d15d824ba2e3cd28ce849fb459a4babaf2b443af967bb85110e6b5e6d164083

SHA512
6b86500da026863dec2923afad7add2851d708dcb31be7b5dd2af038cab5d8b65406f97c51a410a21f05cad7297fda39295e294274501c37a2f91a645bcf6d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
40e1b8461966a77e5ec435ea40a7231a

SHA1
85ebff9f529f95379f6b1b5bc62b9fda666987e9

SHA256
64b12fb1db3950b33696ee2e346f497573330c528f6de6af0b6fa9dcdcb86aac

SHA512
f8d28ab5299c0dd2e9db35381e7ac381c376c5302dbd3a21c254d87fab379d357e92bc5759154075ed94accc804088b95f88b2ae757befceb777ff5834a0eefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
97df98594dce226fd7331eb2f33bd09e

SHA1
a5610fb69544a97cce5acb7004c775644b29af08

SHA256
48e9fb3cbcd6cbcaa2fea1543e5c7b38387a438ee67ef89d027eb63ae5be8f8e

SHA512
da88ee2ac883e6f8d717ebf32027bb5b86aba787d554759a4cd9c4c2c42f4582be913da86373d95250c1dc2578908a6cdd112363feefef50b824504fea3110dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
8380cd2e9ed7bc00fbea8357391746a1

SHA1
40639fd8f3d39d539cbf503f3e70e124c8c3b034

SHA256
43ac4d039f10adc569f62277bae43e4e9ee67ca1589e9564b6b24e7c94e59ca2

SHA512
f6dcf68feb9d66f16539049881e3601e7f60c1bdb1cb92e487905dca0e61b3970e75a733c7a1fb7dd725688081914806f10374f387ea912d4f5a71c702fbc2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
09f7a02ec68de5d3b3effa90cb70a956

SHA1
abba60ab7e6f0fa9a8a83005c9a2a5ddc301c0ff

SHA256
c70e7a584aa0b9e50406cd2ecba4b4692f672beffda09fecab042edc66323b83

SHA512
55d6cb1497bcf7e69be571a5463e136bfebd7847c43b2c62ec454a4927f8cfa7b76270afe7b3e1e40fd4e9e8f547c2381efbef1e78f32a1db577c5ba7e258bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
df7a2ba8dc72fdb931a898b8e6e15272

SHA1
a6a94171a6160787fb29069ce0591fd75010469e

SHA256
02eb7c474e301683503b0e839e3ca5c54a023f738f845c8973ecec9b00be443e

SHA512
e338cd82245f8287f5764f4bed70d610ae54cb88a40abe18365c2b39aa0eb1eb84eccd68481e07bb62efd5387b26b62a4c011e781a7578c32d21558b2d7d72b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
11b56136d2f95d9ff8a888afe6349133

SHA1
c5c483c7cb693999066bd0c81b83f0058bae60e7

SHA256
7904698889b9054f80dff9708a0f9f11bf2b1d8249a506c3d5fba811eb6dbe89

SHA512
988ed63ae95d8159b22531cc35f94218c815ee835afd984d149709f624b843e73d2dd7e6f720e59e19525824a8dabdc31d3647e5fe1331a4879450a1bd2e86a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
0057b6e4f31f9c87188ce15dcaab21d6

SHA1
aea5c67431a625dd7d38c671ab9819760ce81dfe

SHA256
0e937c4c6a46f9c828a28582e17082873deea1920015ffad920029a1eaf640cf

SHA512
5609caefa56d014d268fd57e82502d863e4eaf830f56af5110cf7b4b2488d0362b14c7f3df6effeec24b0fccd1a2906c37361ba191b6fbed7333c3c4e463f9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
3adfe33a0875636040c8f3f406aff675

SHA1
d48efe7f0eeceb6889d6145280a9aa60ec131437

SHA256
3e6a48274a9be3d652e703e2ef21f460e5125a78596fcb4176e8c65c75e19326

SHA512
305a4ca4ce7302859e65cd78096892023f50c59c8e22653410f5d14e8fe1bf90b6b2dcf39d2bc12f9e355a742930a5c157f7abfadf8aab1a8b8ea653b58766e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
a5e4eda914213951ef6637c7035c4c41

SHA1
2f454450f14afe3f065b7c62b54c83f44efc7c3d

SHA256
4e83f270f15539cfd045858aa310ccbddae8cda0f5d56c5ea8a8a94f34747980

SHA512
74809f04bfcb93d95c99720e5f826fd52493b521ca235cc253357ca528d1d0bc38804f18dbfdfd1c1a9c370f03b793903254e0cfe99f89c0ed7c6f1b16c98512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be279f94effa8c30c738a59a30e7b236

SHA1
c5076219d02a8e2c1b7f1c6e67eb3220d1effd36

SHA256
6c8d2fa25028ab461ff7a1a4c750b2a4b9e02da6865a270a1f2e54f6ce3cad50

SHA512
7478ff51079a8710ef7603120c889cb854fa0eb22e48c95e655ded6f07e04edc40d5c385d6902cd746af1f093249a290f7281550a6cfc9961bf73c7d0752f8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f0cc417c926b32e54894d386fca25e8

SHA1
aff5f421dbf1c2f6d9fa0df2033d21ed76813eca

SHA256
b9c7884af393da490a5a845967d4053ed427b340cbcbf1467de30606a3a0117f

SHA512
5d670e8437f25c482fe145f251fba108f755bc7ea7e94f3d9c80156395cbc135b60e7d1873781258d2289d241e49161257de94a0675b0cf5f5b83bff5d5f70a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
70c7f73f2a5b33b94bdc8b781d18c6d5

SHA1
82c7c680d4582435a421dc525f9905c10ca32512

SHA256
136fcf54cff4da8e452eef006b6ad60d45913156d17307a20d53f2179968b1cf

SHA512
0b3dbdb56aeb1395b099eeceb6648bd72675c67eb9891697708f702b76c894fdff3ed60c756fa4a4352181924c57a3fd26bbe196e3c364e4f5f4f9efcb61acd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7a7bc9e220b6dbfcfadcc8978206439a

SHA1
60cbdb5198540f56acc78f85af21fa2570c1cbb6

SHA256
be6515cb7e774029ca4a39b039c7f068d1de931a15851059a7f45483ab3b6f77

SHA512
b2c3feb17357165b318d882e380d778851e2348d6e2c17cf3bd8f26824550c825beacdfff5ecca021a5adc30aab372c45e7bf5fcb7a5a4f029d6d2900360142e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f5beadf5e524fb02a1c3f9ee3c47272c

SHA1
194b41777cb971039843002ebff0f8e0fb5efb8a

SHA256
0c6014cc0b2818b036b4ccb52808cfefc445a201b8e78ec6fa104d9a4dadd1b4

SHA512
e7ac40ec37ad3f5f0ad872239ae6789771c7535c8f05a044419323144f62b288e0b651e454d602a51f38b316c0cf5c91fbeb82cbe35d5e58999bc7c82bbe33cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
457337a995da7fddd7e20b652f062016

SHA1
31852fca25291b5f1801131f740345c8278feabc

SHA256
6d953622696374e195ee6e2184231db1c18ec58d671d027898d8f1f2c854bd75

SHA512
0e8df6ca7f4e5ea37024efcf0680747dcc6fc13099adc8dcb68031f6958ec3d66724f0ccf47672a9d9356b1ed18ceedfcbb4c3128df14a9d2289ebee6ae23af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
19bf5830eb1efa5baecbac7a49259fa9

SHA1
9568ac3ba2ce1f27235ae044388798e0b05b8412

SHA256
37c67ca05c1fcf44fbeedfb6912d40a3a858f28ecf46edfd0619b12b13190f78

SHA512
82b05b78f068dacf62aab666915a430ab6efec62dd80a3fc2b0854be8825bbde248cadca67599306f0bd150abccd2521b8debb4195143d4a225a286c514ce1b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
f68feff25968a35d94a23305ada8e3df

SHA1
6507dbe363f3db88b6c36c9a354017b85e0747dc

SHA256
7abc72c6ad121be3eda07ab3506c48521b8c849402e6436b6ae0ff28221f0faa

SHA512
bda6b119573e99d560d66d99e64a800bcd0be2dd89cb2ae494668959b5a7a3ca98520f49e48f8a2374003248389d38cf207ed152c6b090194b467583bd213835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b49d21a8bd7046a0eb3a27601265094d

SHA1
ecaec0d3b826ccc6cc90841c623ba3f48b4c2229

SHA256
a0a775720223455ef06362a5f3b6a19638547d29c7bb2b3bbc6939a1d52e8cbd

SHA512
3fa55fd74f8fb9044c1afab137bf0252dc6307553fc1bedfca6756f49b5e1a0cfb219318847be65ef860429c57a45d875740561ac1738178710c6bf6416fd977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8a9d708494e85f8ad452f9892da4aece

SHA1
880410d579e94361a50d916cbb0f538bbf8da86a

SHA256
bc963b80f4a442368790f5cd23b1e84f0e9d23e48a1ccf774c775f0af9f761de

SHA512
3fe105dcf7ec2b6d28fb7eb9e3660d3914675dfeb7077cfa1da2d5ad684c9f07888d9d649e7ae8847904cd27470653a2f7030edbe2829b66a3438671e90572d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c1bd5fab7307306e80a098af8e965952

SHA1
ca4325aeb6baf2cee5ae83369413b84cfb800a52

SHA256
01c811b73635b7a90fe17a476f09284242ae7273903ea222ee38a4ac8fadb826

SHA512
421beae505ff25bbea0ab4d6e710005cd723a6d1d36fdcfdab3b4bded8e1ff3264f3d9f74d4135df18be5f0d2524952a92b908acaeb8ce71f3e0b2b6eb6cf42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0ba0d9219479adf2f1d8d9a1c0f3d31c

SHA1
8fc647920d031be2343fefc32b067ac998939a7c

SHA256
d75f043d9273bc18aa0721be65fac77634fd5dead881d66cfd373f16d0d30fb9

SHA512
a10b9bead472b23544be267126a55c591cae291003d2e323d88d8a0376f5deb8dc9d78eee8b172858ab47e54c8cdf15408daedc6946cafbd1d57edc60fc65584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
bae55940effc6fd075a61d80304efeab

SHA1
93678e1811e43af0852cb9179a940faa6ee97d28

SHA256
1a4ba84a82bbf5c8708af608cbf10a1a2ecff90c693d17933d0e4d4d77a642fd

SHA512
f8f4e233cf3f964758bd090b1c647a7d8f694b7e0277db726255d67510380d4ee7bcbf9115c1d26185004aec6f938aeb9aee1154243f32f8b5e3e5b2b095a3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a75762292d865706528e82ad8b6dffc4

SHA1
5944487705943966fdfd15404436e9ce30c57e7c

SHA256
8e97ef0cce6da7d71ece106424eacd803c8d5dec9f7548a223b2300ed808fad2

SHA512
6e696ce040e9fa33507c8ed3bf3d92b592ac368ff492e40dc7de7cd898687c53fe1b1043ecb2bad226880a5d464cd9b4659039715afe57e2c19c5db5412b32d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
8019e720c37205f29e2390be2740aad0

SHA1
f9120070a803cdb493e9e585b37b6aae944b903b

SHA256
7cd0ff66840d94ea4ba6f1900d806cfb84d863775b2a822eccb1169a06324dd6

SHA512
c198e524a718b4e62192a900c4df0cbdacf900a36a5f57a51157b82735f40fb73eafdcb86537a212a72d1b21a4b051a26eaee233455e1f153f24a87e49243782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e7422d6439dcb0288b85331211cf3aa9

SHA1
55faec812620ece75314c5ca08628cf916c1dfaf

SHA256
aa34b904b6e8d0d17299bf6ceffcdb5d39029b3a150ac694dfc4a4c3df725951

SHA512
4589988ce4f5b9e69ec1342b5afe5eafb910db632f8a14cea2930e83cd32e08f6dc27919876d983f7daab0fc10fbfa4d672cad8f55c41f8af41d89b8207f22c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
94074f001419fd9e277861029b1c6cb3

SHA1
5e808d77f40890b9bfb2a7e619b48941d3ee4074

SHA256
e9362fb5e759bf27f8b94d9dbffe130e2ef6da553070b46366e1d8ede1b73c70

SHA512
5d75f2b25b30db5e4b1ae1ee7bbdfc2a7375cfecfdb42e36cae554ae30bd39a8551f56c498f933e66b98bb7c3ba0764e8654342700ec8fb0f3d3e59f84c3d834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
e92baf04a8cd002d22d33aca7d78ca22

SHA1
fd5ab9bec7aca5ddd09e89d465ef6f51b1b35d7f

SHA256
73a3c2cdcff7df4d09b20dcf438b7b569d7e891af76c92a1013a4c3e1cd1e7d2

SHA512
47f439a54b50abc1368055d56321f3360b010b19f6db47657648b08c06d41924a16c8acb33aef126139317528724eb8f4e76371c38156638593ae12bfac59b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
ccd46d51e0e14e91127fdab82ac00081

SHA1
947173a8b1e385eb6aa3c0f33813bea2ce86aca9

SHA256
170524171eab5b35bac0021ae8310d8baebcef91d2fd9b5685b5b835eb74033b

SHA512
5bb423c946222865f17dd874e28ac03b6cdf55e3e1d70253c563487f6fd83a3f2b23b9df4c7ae4113893857c5f86e18053c9c3b9e9d5088ef46da5371b513ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\73b173c0-c02e-40e7-ad5f-5d76e0fe1fb0\index-dir\the-real-index

Filesize
624B

MD5
1c6c27c15bd7f63761520ae6680239d3

SHA1
4e0f79cabe156cd62131f6d91b7d66bffe7c85e3

SHA256
432b79d83d83a002760e0e100a048682e98a807e337fab625c3792debaee3c32

SHA512
a0c4c9f6499edad7e653716daaec6fa06a107b2a7e6649229956a529e4f2569e3279d78489aad9b2b062ba0b38eef66f30483ae214b1356f4cc2e9369dda9339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\73b173c0-c02e-40e7-ad5f-5d76e0fe1fb0\index-dir\the-real-index~RFe5bafb5.TMP

Filesize
48B

MD5
db455370eb487f58800e36cb433e6b74

SHA1
90d0767e901618bec89a945b8d33a5740d85c413

SHA256
0a57021cbeaf1197807d2f2a0993ca3d4d198689f9aa4f2d10f1d76756afcf6a

SHA512
6e14403f576129523042ad357108021e4bc8fce6a3c49868038d5fc2da6ee8299e045cdedd8a5390dc9f67d504e5276a67e47608c46a98d98a783c6c08cd84e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
99B

MD5
efea7d29f15e0e68e3f6a58ade742ef4

SHA1
e3cb6453f71789d661f1ae5246473828259abc05

SHA256
9b1c27b3edf0ba2f7f5ca8610a670461cbfd9bce6402ce4797f966574503a276

SHA512
3c617fb69d312cf62762e690986b6753f6a11a0b3d3b13f816bae938533f908e17fa4f01debe4bcdbc051bfaaedc47d3cf497f3b2270408568c9bedc635a9cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
159B

MD5
512c3eb16c434dd8ea1aec168596c86f

SHA1
7542529a16cddf4045d371c2f2b8e4b3be19ff15

SHA256
962e40952cc01539520cff94b217ef444caf9fb9f45f68a379e6c7264f16e042

SHA512
39d438455c873b9b875ac6f34bab74bc1fa03da3e6c300cd294cb96b19e809aa1a1e390427192084d09f6ea705ceecbe24135e18f4e01b531b6cee2a3d635bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
95B

MD5
10c3f840548451a04b289781148d2d99

SHA1
e50bf6116dabc083fb3fdb38b1d90e389fdfe0f7

SHA256
c6fdab165be7a2d0b18ac4cad04834b3a50e5ace037d22c9c416b819efa18a60

SHA512
15e54fbb3bf4786e88f84a8efcc6c3df3682ccc8183d586b6167f70f3b256f8398b233fee559e36b2da185ebc9f742a8d639b81901ab76e6f1ac49a4795c9b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b3eea.TMP

Filesize
90B

MD5
fbfbd516c7c17110690eb3827641b165

SHA1
dec8ec8158a0355d9940a107206e9e02c36b67b8

SHA256
1e7a4e641f068034af3b2c2159acadeb4331f90100b350551cf953a4c928064a

SHA512
7cc74a741201bd4b9330bfd0fe1c214b925de8597c62926c39017ca1259a5c7cf122bb0022923282c85f6b8f7b78a07fe0115627a97fb89cf827d36b13e67e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
14KB

MD5
8e79fb2f3eac520459f43057a89babf6

SHA1
9b370597709efcb1625d80ad245b152df4172470

SHA256
879986f9ca8185e9a9aac9bf04f271887e313746be4ef56096d0e5fce1bdfcb0

SHA512
0a25399e3544af6bacfd337c63bbd979157c562b718ca1578f4897e4ae37a1e3be99d46e3592bcd0d139e2249933aa896f89573716e1e0e0f67b8e269824451e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
137KB

MD5
41d942bb9f0867c87f8b45f4536ca93a

SHA1
9fdb7e410bb2f0d62ec0d4a58f56ce797e975899

SHA256
527649af51689eb39725a2935d3e3cf4dba6c6ad35109a2f2e94ba6633f48695

SHA512
460c185de2dd4f9408cd05216edff4c703a4d4638bd6e7cc512e787b7b06bee034df6a23be861440f067c91600463bf8a977c5ca0083ffa561aaafc26c71e00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8044735ce6b21b7b13431d78cb05406f

SHA1
d33a74c60826252afc6ddcdf4399fa4f189eeb84

SHA256
0585f18334ae5867590bdbd6ece15865cd9efa86d35c126e9cb5c0b5e383acce

SHA512
20f7e4283ee991040e59f536981341ed84dfc9e6da625ada30cf5156fb40d4026a4f6e23a4804a3c0bb95711bb551c2b948f4eb40132de790e3b0a179c03700a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b91dc.TMP

Filesize
48B

MD5
b884f54ef0f34d0f23878dc63dda3161

SHA1
da4ea3173288b237c9bfcf617577626c1cc6ab79

SHA256
7659fc69b547f2497cbafe50f4b8f400487ee245ac9fa8d320c36d99b47d7364

SHA512
6d10e556ef28e3a8a2dd038366910269d607db2afab0a4e08bd0b4858e2bd04b42cdc0554845a1b361d0b7270919bc9547377e0bbdaec5a0e0da5caeb1f4e8f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
437e0997d8177516693e57c96ebc1557

SHA1
ab8d9cc7b3932ca9baee52fcc83289fcbe904270

SHA256
0202c5ed90a0b77a4c8252bd8319c917ff2489698972f61c50ed14dc5a8c8f46

SHA512
19948e8e78bf3574df8aed0cf112a8c32897e0a8edd8e9f4b242a6988c27f0b9c122fba390dfd2ff6478c3f33656d42146a018ba5e7e52804ae28f3d5e18d330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
945633dca214a32201650a69b3c10af5

SHA1
e6760d2978e79506c669bf75f4e3879a38c241a0

SHA256
4af5adbd9896bed788dca74dde62ff9f712d94dea9a9f190ecebeb0c0f5450c4

SHA512
c3e5c6617a8c860234d655f79d97745487aff9403ea30fb4282f773b1fe54106a092c72cfd3197af6c828d1f38797ca2ef2ed35c6d8b63e0d23c602a1db253cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
147f4f9d18642cdffb94e192a6816842

SHA1
4dd2b042bbe4e364524cacf6181fac2f07073b8f

SHA256
75c24b22fe0f753ae16834e6581639d963a5b620967574b16ef9a075563e6da3

SHA512
658d5afbc504164db1e993eb36c5f4a4e77f66997f9784a730e719b82c2feaebd542efbdd2ed7b90579e5d6225ac209697b909ce87082be9e77419ac0fe88c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
eac50a5503f9db748369d6124cd7aa86

SHA1
e3a0dc7b20ec4a28123107539720fc2fe14155e5

SHA256
b50461b6434b72f8ad2778f35bcf85210a53287b9b77fa327ee59b1c50ce5844

SHA512
5c0b35e27de0c77d58a8ab13295a4e2a8c3e98fe48504e244604d8fd3580ec931ebf0088e8ccf8b86a4c62233803978de946d1cc626bf1d31d9f5369711df060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
00a6a6c17be76bea3a82ccdd147739d7

SHA1
231d96d4f1cb0ed810c62b820dbdcfcaeef17a4a

SHA256
f77a13ee3ba65f0d83abec32675bc5dd58b51f29d2a647a0400b7b043a51686b

SHA512
e697b44f35acb473741316b7d767781f28c0cc3edc2cf6c5c9bd3b785b5705fd7e2b8d34f5611ba8397f6b274a472427534d551528ef32c5a978de24020c6e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
77888d94b5457155d6d3d41a26a546c8

SHA1
026d8950836838bcbde321f1505a73617e8753de

SHA256
1f1af72e8c2a9a165f9efda9a04f73e5dc92ffbdd9c8650d7d08a809f02800d1

SHA512
32eac9be0e9b16703eab9974ec30c5b9a24afe3a235c600312893024054fd500afc269e51d00dd9517501c99e0b9ee8b8506a588460bb6bdd216004e2ec85038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9a349dac4ea4589dc245613dcde34092

SHA1
e5360595135cb8ba9a2222697155314df7c8adbc

SHA256
f06062462d1793ff5062707fbe3d83fb38762002e6bda5ccea8f08342b544135

SHA512
0c6d25749cd8bfa1febe7cc40d3cd4e7cd1cffca4be3cae723dcebace1ff4879b46647b5baa24f87f347dd3112c83d1fc1db2d1c6af55bc352530d3e87678325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d9037ea06cba4a8c7d01961707aa793b

SHA1
46ad2ffd0103ec5b0d4b013d8abf47d7b51832cc

SHA256
f50821e42e9eae1bb31d70df658fcf642f4508f95ae95df3c9b580f06eb2dff6

SHA512
e9949921350b7022466f3ab22be5c7798607b1b24a40e03625baa3789f50ecff3d01b3cbc71e3cf2979ecad587856c8c6cc60b0400e75f7b03d9721efa3b7591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c0c1bae30a22fdea4fb056bdac40b2d2

SHA1
964bead83cb4f9d7863486c70f5b734db893c3fb

SHA256
11889e53516abf8c85eed83a387ce1b6599b675f547c0564d0fd26c9b4246207

SHA512
015a723e8f98b966ccdec743d908bf87247c579f176bde7def5e0ded966b294157fd2162a273a8c0ded023d737625c2c04332a05f31d8fa153a9fdc13b86e1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9c30b427212884a799880b3279dd3f92

SHA1
037878928aa129f027dbd7b377d192055f13c2bc

SHA256
937a2d085aaecc856700fc2576bd450055e16bbf6156e3b8eb784d2846bd4046

SHA512
73c63e3aa162ece0750b41019905cb28e406fb5dd1cef6270697154eba174b1cf424f810a566a91e7bb20cf6b9f5717ad2ebc724edeef3eb8eb3774c926a729c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bce14841cb5454e6271bd1466630f771

SHA1
df27be6af205fc6e7a744984b7aecec0960f727c

SHA256
5af9dafc64f01ceb5056294c13972681ca634d3a52e29ae8052d8d41cceee603

SHA512
681bcfa937d93af2125bbf63cc6b587a767b6e1b97f19d3d5db9cd0945ae06a777b5a34f2878745a5a381a7c2c36f4ea5f77d455117d0b02c0c7fe0f7f85adcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e5f431b47619d066154e62e462815edb

SHA1
76c6e5c0afe4060a36743dc6ba12e3439674c0c9

SHA256
b0487a216237315fbd8006ce688444856ab32c1c7e99cba6d841b31833a0d5c0

SHA512
bc78cf9823ab36c2ea1f8426f2f028d4e7a28a0eb4e87d631b7073356bd723727d8c6ec0a41d72162891e3207f83d0482fff8e63af8c5b5fb52fc11407fa0e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
06af6bf02d0bd122e69da0bd1da669e3

SHA1
b4d5b834bce4c230408ce6a51a3025ef9eacf173

SHA256
851bda80f379d2b067e6fc0942ae0ff458d5c6ea114c8df0ff43c4dc13534d37

SHA512
5ab1c76e85b6f12d98ce91b49e1628e77dabd192712f18fd36eab458fa62c9bd389faf3f05dd748482cb341e74aa3729895902c585407fccb8b17254995267a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
92b0bd27f1ba36693f2526486bc2f6cd

SHA1
071ab8f3c4e1cfe11f60cbb1b66437de397d9bbc

SHA256
113c5248e3bad94e95ade0eab512f59105b8d3a509ae9c30142fc1742e594f70

SHA512
c90ecd95024bbe1f26a773fbae6ce4e5a3fb801d7e281b1944faf1c5f9c488045cb76b68f780a00e8425f9520ad9be8b256cbc86e596245825248876881257e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56f92a.TMP

Filesize
370B

MD5
2b8e0d91a171e9e903d1a6924b0c5bb7

SHA1
4b411f1557aad2d5d358c23d8e0e8c9d0c715c3c

SHA256
653b0af532d9af2d3bfcce64a79651e9fbf8bb82b703e1b210efa8127ca35723

SHA512
22a2fdd51444b340ddd49960bc060eef78188e7741676e091ac44d3e2ea06b8e0351b7b50f151484ddf25762dec273cfffa61a5b873ec4e6b61f04056e5c38f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a62d9ab4-eb3b-4250-bd52-1f2cf0646203.tmp

Filesize
5KB

MD5
957685b6dfad8250afccc20921acc469

SHA1
3ee43fc5d1d79b82feefb1aa3823fce296b794a9

SHA256
cb0eb94e89d6e7d3d37ef14f25bf24f1b50d7fa8e0b97c0b101f99d30615bd15

SHA512
5b61d5b5af7c58a2980251f0e183b2f986b5aace102915c4beee6f31eb1ea35d47c00b03d992718b15bec033e7aac95a69a1d1b493ac5b687e62eee79271c8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e1997eb1-6d9a-4bb5-9b0e-a185d367f143.tmp

Filesize
12KB

MD5
c70d36d5b5af859132403712dcb87840

SHA1
4c12ad363ee313f748d6a4a76fd7cd5292a2d8a6

SHA256
b52e55d96ba6d310b5a9958a79328e6d35c9f45ff46ea20d74ca65b27dcf3f7d

SHA512
1125dd3a666d765f5c670c35d30f5688704835c5103b53f45a62e1e2a7475e61d852ec90abf7c406934db0fb17b5fea484940cbaf7ef076d7570c8db46431f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f59eb2a4-6ca4-4778-b199-7fbd0e4ae765.tmp

Filesize
3KB

MD5
dfcd2459cbe419ffff36a74d1181027a

SHA1
a4e804945c3eb9b6814bea7a6776f397dcdae4e5

SHA256
77938b6880e8121b2997904b596ef029ad998c002588e67f862a2836719b133b

SHA512
da5df652709cec2bdee992e19b64120578e2aab08c928f9d3fffc4efc4415ada229484e9c50730358db67f39e8592f303b732ce202ed1bab7f90ec77e09896e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6aee1e6aa36fbee80b74e510daa65329

SHA1
99de314ffb20a3099a50aa51fa2fc285f2ab0209

SHA256
e112c3b107467a7c4bdffe5ee977dd5bb3f89154d6a03b8f0ee3fe628ffdef2c

SHA512
b13567a019fbccbd0e2c92cf84bd397dd2dc50cc831bf157261f812467acfd4da67d685a1b203020651175ae7ba78bbbf9b931dec9fd72695ef4ad3b34197404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
1b5bff8521b31f1f9f4ee3b74c9b7f0e

SHA1
312d38e276620abde9f73ea9b93a85fd6e565b0b

SHA256
bae477adfaedca38bde613843943bc7249d1593f2e80486cca1f0ac45a2bd434

SHA512
3fe579af3d5a5b2ba93c75ed2a4e983eb2d14c1b8e1fed7dee465c77cd09a243671236d1a00f3412dde57fa4b018d8fea1832684e5656054ce7cc057f8fe73c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
604a1072de368451d63455b54c729a07

SHA1
dedab1ead9f6e503d7208d8805fc18714b266d7e

SHA256
644827fa2372a94aaf0bcfa78c1081028d3cf38f0ef4b8002e0f4eba6b3cd19c

SHA512
51993e0a77133510a5eb188ef73213c8d648264374f585f9a2feb290477ccc47c247cb5d7f9688e5c74a6c993fa9a000d17909ef7b945e9aad51be5cff14693d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
7db64d33ef281f053892d3c3a5aeebb6

SHA1
62d6a4f10989052a1eeef79ca1b88a57ed2a16f6

SHA256
ec6be7a725183f4d444ca974bf023796a4ed78fdfe6a6b64146d845d9e2115bf

SHA512
6eb67093983763209ab5e03d51b202090a7b1189404a45ff1ffe51f7695cd3010dad5cf3ac5003e44ebe33d2239509de87eba8e18a9b9b282d881faf9eb8d8ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
fe9b62dcf4413f03a09fe7947d4e6b75

SHA1
97f72a407d2539c0e557348345f0deaaa7f5e237

SHA256
1dc6aa6977ff10e4d3dfd87e0de38e484b1f22d543be6285c810300ee0388735

SHA512
2a5d1154a2e6aad2b0fc084457356012337c4c6061dd8af8dc6c0b1754cd17438ad2f0bce1a5092defa62a22eabdd254b90c02614efc4e431f664acb53788d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
b508dd08d7857b57345a99f932b67979

SHA1
7fff3c1e44b4a89519c5027598289faee5f9d778

SHA256
7412abada0400ad4e4ede744e69bb83f2eb9b150d587cf42bc1ff8de7b0fd709

SHA512
630a7b16bf794e8556133243c564a1ae81e5e715f6bc1cb54736fe57ce2c781d598621b46b50739423f78f0461d3fd1eab277b7c0185087625e6a4253737b6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
f14bcce6d778cb371dbb390c3563a76d

SHA1
45fac3bf018f4755a5a96ee1206f99364d3a65be

SHA256
a2d2529523162537cb24c6696fbdae982f1245739c2d2778ffebce4abe57548e

SHA512
d0987af4044043fb559be091f31e86afc26d7d3e4f8fae95f3bdbef298e88a2d3767421992c77251c24956aa0fe57b05b7ea0fe0687b82ea46832ba881431f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
a6120cb3bbb2c5f798199b888b431ad8

SHA1
9cacdecd60b69f535ab75f4a7af394214330f2ac

SHA256
ffb9f487208ebaf391304044a48ef9ba2b4314cdb1cc74ae7850ca2b78585524

SHA512
fbc8a1e6910792de7dbfc0abd803d51afcac0b7479d93167edd0874ca8792edfa9f629172b291688aa6141f43d14b7d98af4b64b87b1f8abbebb78a7be88aaf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
16KB

MD5
bf8fa8f3b2ee466f2d0b29258b84a498

SHA1
695289f95ba77903bf59e42aa2fe0301c14adeef

SHA256
6864599899ff6c4d576993b4f106e6c8e7e7743c449c43a01476c174278dbab9

SHA512
8ddaadb4842a206829adcd554c05045866db2abd952b42e311e3231bbfa2b86cf03ccde9af0931bb0aabb52c04f482ff028950f24f9e161eef57075c1047b499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
13efc2850be0dc64ed1ee3425f0cfb31

SHA1
571d16d6782b30e485cc3a035eff533573859d0f

SHA256
2b3e69c20befabdbb0444d15b656cb7f5fdf045e0d2518935b076e6c8d887acf

SHA512
831dcd6510f56315473b09333546d27a693ea4afb6dc7534ea9b00d63f8020d40e1657f7e261526a55983ed823b5988e598667ba4ed78e03f473d3bfe2667212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
5b0c7be716b54bb857105cbac86b99f8

SHA1
f7bfab19e0de75cc1f4815dc1ef0392ddf60caee

SHA256
409ab2533c649893586a982bf4c89041e0eb12370b1082274ca5ec0cb184e472

SHA512
18eaf1d736d8f05fb94d86112fd978f80e9245aa82b0badca09dba1de3c4ebbe2f5d2761e8479a15ad73db27f8d1221178631e202f7a454bd496f374910ee291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
16KB

MD5
236831d99462d6f7e8f87088677b8861

SHA1
2707efe35efbbca81195904f42c591bcfdbe3b3e

SHA256
e71772753276a4dc8de0082ce117b9158b06453912a3c04d5a324f8d74b20b00

SHA512
8412545713eccdad4a1c2aa09a003de2f40f7c75013efa8fe7207621a1f57ec375ea81cf2d9e695124455c06a42555d77987cba25dd61bae677818ec15de54c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
307e16a82686778509ba3ef4637243ea

SHA1
b9f4fbcef4942b7707f1a7bbdb5ffcd8ffa519f1

SHA256
573d051f08d86a8cea4c5b42835a06cd8a694c81491dcf4375a58ea19926540c

SHA512
b7d0c7108acc521811aba7fa458a654a0cfdb7b049ed1fa8d53150d3519d91afdd40cb845e918100720c5dfed7351a58a4130037e68fe09c72b1e8c0875645f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\12793-e91006c906c45143[1].js

Filesize
12KB

MD5
06a058e4df4b44f8731d9122ee8d2cce

SHA1
eb074a3be13eb7af0213444963e272d8cb8b0a09

SHA256
dcca312250cede6d49f09c6e955e380fc281d4e09b95d3c34b2107c3e4f5da6e

SHA512
f3d17b78676bd189796a42ffd8a234cd657d1f48677524f94381079fb6a028359dbc5254f3fa1428491559fdfee6e04d7d21c0c831a099346e50d62daaa65aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\15838-a3d873bf0aba40d3[1].js

Filesize
134KB

MD5
c552937ee0a76c9974628d234ae71300

SHA1
ac7637b07c0eef9624f37f611fe843257f697c7a

SHA256
3599f939ce90232caa17e86a8fa6ea53bb4c956cbd413e82edc26ba237c3f07e

SHA512
1face95f614949671dfe26e5f2dc5c4a74baea1d7cbccca66353f5edeed3ad40efaf1b75e21d2a16121c78424a48f76ef180749b07f1a3aecc5ef630227e1ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\24079-d3116dcc96a52130[1].js

Filesize
146KB

MD5
ee8447bd1d3bf0f1481d77bacbebd3d4

SHA1
c54589ee55d3e6e48f9abbb899075e55884e0bd7

SHA256
f0e418298547df1ab0a933e907a37bdfb1c26dc58f9a220742914855158cb266

SHA512
cffce77d6558b8dfec59c0f5905f6d51ae02dcfd5fadd16067595e55e6d11ef92f2ec8ce437d77f8fb34b06569bd81ce089e79fef71a6822b4120375630b3340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\28787-ac31ae1fcab86832[1].js

Filesize
68KB

MD5
cba1b61667c2a01d87f072a29dc97274

SHA1
fbec5adc7accc56087ecbf86123b47accd21be4f

SHA256
e42db463479e6f58cda85c59d7ce82137c9020286925c38566f0f0a0dab82922

SHA512
ad3d42c3e31c7c7ebb69462adacdafa17ea7026467a142ed2cc08f3a48277f89e88c78a3d5d2dab4ba5035d138929dcf4a90d70095c833a51484b4d93c863882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\29483-cb61b0b4f4b5b215[1].js

Filesize
35KB

MD5
561266de50a68f06838f60100afb131e

SHA1
38f1753221feb93131a372a39612bed87101ba95

SHA256
f4209da3399885b427741f24200721a35cceed4843adf369437fe3f193108aa4

SHA512
cf7f048ec621e48988a2a40d5a00cdbecbc06806a3c0db964563860c164321a1ecc25c8b51cb8e126f4153911a359316a3301d8aed985945fb5309e059f41281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\3143e8a8-80a1c40993de99bc[1].js

Filesize
295KB

MD5
c775aa739bb65b2a5d9d0eec9ee46966

SHA1
b1af5fec0f5ffe494debd6c7b1fb9ec6fc8c10ce

SHA256
50bd4eb079798be56852c81a57b766b1969aa6840c5e5f0549cdd119ee455fee

SHA512
82a618322b4d3315859c65d4fe90046793bb08ffb5c0dfc9fbd0a4a0aad93b1488f0952e506063ce46f7eb4e7fb2a880c13d6d9d71450551df0907ace003275b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\33501-94a9117c85857fe4[1].js

Filesize
36KB

MD5
b080755e968552fa7b1d5925421518ea

SHA1
6f28fded14161816a5bbb1008d3896a09124e797

SHA256
3e6ef9adbdaa604019c5b146e53c8faf9a6f11a6ff3d0db5dd83c1ae88186ea4

SHA512
71994d5008b2375f65f85dbea4fa621525ca53b458b4d90f4e7f6046cfd9f6383549576509eca6c6e32f33830fe7f7d1e12c3a4fc3b999e67919ec2c770bc671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\35330-371284600e3be669[1].js

Filesize
8KB

MD5
1c087bcbfc20b8da8031b241d434a99c

SHA1
b949cf66148e4f54c214d9d346a3ca5a463e58a6

SHA256
a73dce6f622303a93379b198ddc53d067eefc6d97c3ba2bc03350ec4d939dd2b

SHA512
741e6813c1900d265db76fcf5deb2cebe077f2f82ed93028e82ac0f0f8e9f19d0ab51b6a5d8395ae0e3b0faadb551dbaf44ae474853fd4910655ad375aff0d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\3637-cb779e63acfb8118[1].js

Filesize
55KB

MD5
3887ae84beb74a8bdfd3e3ab8addbe96

SHA1
07e293dfacfffb1eb5ccdf7e8ca4891d605d5ee6

SHA256
e53a061bd17ceca8aa1a5a0f2396b0ff24e67cb9b30a729c1e9e1c13296eccfd

SHA512
286f61a16fc241524c2f81200a98a261e945f6e11b9e6662f2d4545e1b6a6687b52a2d5434643b5be47f49c2c94d7e81972d7b785721c63cbad32bd098964e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\36422-b2f90c876cf8cbdf[1].js

Filesize
22KB

MD5
aa6fbd1adec518ad3d3380ca90c46a62

SHA1
017f2044eb87eea6459cd314d29980099799e0ac

SHA256
ae469d53a6f698fbb1c03a60ed588fd525b25b24d60aedb2c1c3d030915378ef

SHA512
c4caadfe35515425b1f2d11f9d542a8db5135f84809c00fba11995fb3e6c8a8b97766710a6946cbb8995c0130d911f636fd0f29ddc0fcf613a2d1d263542627a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\37346-980ddafb3885871d[1].js

Filesize
317KB

MD5
021ea508f5688799a120552f9a4e9f92

SHA1
c54df7a57943b1d60456605de687f94985eb37a6

SHA256
21ba394f2b55cdb36372ea46a467a26a387949a17677c45716c61bf854de1814

SHA512
48a015faa0ce4b7dbb8d57fb09f15fd74ce756afba335ca89f37d55cb2bf013d0cda55571097530be88d99e076c927c8ae394801c6d2407a8f5b8eda8c712992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\37367-2f79d5c86a74857b[1].js

Filesize
6KB

MD5
c69d41370e7666f10a1b755af553e618

SHA1
5a7d94e6d6cef8694c23b35a383bdaface1dc46a

SHA256
a075ea54cb9c947b7bf0f1813d72d1582f9e4598e0977904f9440a450766c918

SHA512
648e2511134ad4838cb74b1ff9dd99f6fc39b4fc5742c85a5d54bfee52be6f3e52597cd13a0d46c845fca078a786b4680b8c5b213d15c4adbbb600e6c0fbdebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\38714-c9b1b22d52fae7cc[1].js

Filesize
71KB

MD5
64bea9fa1a06961993d673b4d0155674

SHA1
738473eac7e03b46225674633603d21260bda272

SHA256
bae541c76b4b2a9b9b346ab8f01c6d3285ba6145b558fad7bdfaee25ad4661d7

SHA512
3c00d93fac310fed3b479079264a15a59fa50d589ee4556fb2e9728a6b78e397f3978fff31eb6916ad680571565eeae13d23b6fa2f621153592151c91c6cd7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\39078-a16ba5ec3a7c2fd5[1].js

Filesize
100KB

MD5
a1671d5e6a0e2c9948d8370ab892ab8a

SHA1
851313033ddd50eb355cbd3d74ea8cdd8f3c3a62

SHA256
b3a70d3ae01ca1a4a3f0ca40af59a515c19c22cc6e467b8265a7aea362b4bf85

SHA512
49a2d6b7da1343a19b4a187eb93ed83e38a64d1fea3782a6f1daf70f38c81ac332829951b86327e0a528ed182b740d7984d29cea17ca9cae966eaae2717d750b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\41125-3d89304a3d5573f3[1].js

Filesize
37KB

MD5
342e00aa010e35446527b1cd35bc0215

SHA1
b572c762e4623bebe9cb9d1d3d650c333ec1dd54

SHA256
3c243644b9cee28c07322b4d67642e68f3b870c24aadb93767e0fda21bef8d59

SHA512
91a0ec71ec44d62604d7f67e8291203e0effd3e0914e4cb4d5c6de7d9204a96b1e00ad688e51936287f408e43cd0779f24f8d27c91de82912f678a190ad117d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\44010-32ee5d36095d89e8[1].js

Filesize
91KB

MD5
c1b37627e1f85ffc0dce8fdcdc09a120

SHA1
ed6d35579948b124cee734b0939975bf9224734d

SHA256
7131e14c1b83b82b4e2a538064ab0bb3087430d71db9462fab78d2160455443e

SHA512
325371fa8c3784828206124a44ad768f33becc5af3d923db2b1480e301c67559c95699a7f4f2d54b2d980a2cff25aebc8e9a6ddd2d054c8ea5b7d7ce15eeffed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\45497-c274da291fae6c4b[1].js

Filesize
49KB

MD5
350e45e8f4c3538090ec0d0ebcadb3de

SHA1
0fbc2148be9e3d83569351c3c4c53bb313a5b769

SHA256
30a27f4fa462a1e06287591a62acec28a41b1e674fb78c8205fca3ef694ffa58

SHA512
72fd9fb7910ae6de5c8292d2b9fe9a2abc63d1e70ecb78e4e8aaf07b840fd0cfa9681c36c79f1b8a505b5e7d832c3c7e0036656dad93ed8198a5e0d3f26c7056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\46065-6c40b50a66abdd81[1].js

Filesize
25KB

MD5
8a06b139f48a29d0d4a0a9b3c4e491c9

SHA1
47c194b8f6bc015043c4cdec807847355e0dde79

SHA256
510d4a40b8f25c0bb309de4f07b9552f2e85ce42ad887ad5781b951c562b1ffd

SHA512
72eaaf8776573577048a12de08f3566f3a8b2f391fb2b7161a23bb617a5e32969147cfe140c7424e0b18f8cc4f01ae27330f0cb0ba21364380a7f9059a8c9b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\46435-436d2756f7862fae[1].js

Filesize
70KB

MD5
e484f8cf6f594cd7dfec4e92eecdf3aa

SHA1
65c11a01ba3c0db2e15b35b5c1011f419808f735

SHA256
2aa4a5da2918dd15d423a66144aba93de4dc20582c1627f481fb6f2649d7667a

SHA512
a8d612d0b604568a0724f751b9fc106f2b91966e2f3c14247a214f22ccec3bffe723fe2dd5f69dffee11fe106fb3ef8755bad25e7cd47b99a301cb2b053e0785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\50114-9ac737234a691e44[1].js

Filesize
11KB

MD5
bf1973a54120617f2e09e5dc30ad59a4

SHA1
73f703f9842343de6b7f1d497647a8de28774ead

SHA256
1019c310590af71017444deadaa91098cc8314feb8af9c6bc5bcecd5bad542b1

SHA512
6ff18449a6835542ddc17f91f743189c4999ae80a19e5c79b56d178a73a30cfeb0b3d8a572706de045b05b2db68fced6731835102092686d15ce72e6205f3432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\51107-dc5ef08b54377e20[1].js

Filesize
38KB

MD5
6d25644c9edd8c02f62b45ea1bee0185

SHA1
d20a123c143a94278b0a26a79f4c8ed53c1b71ce

SHA256
30d85707ba2d22e83c98cbf68a96f8882cd3de7cf53c53eac73762921f313c00

SHA512
368ac9218e89c109d672fab7848da48d5d12be6d63b280c4311af4573e07d2f5ee3647f93ec50708075125a2fdd25cef0e3f0e75d7502f5bc207b5fc29d09266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\54672-c5b2a7838eb32144[1].js

Filesize
9KB

MD5
42138d82382e4f1482cf5b70fae8a46e

SHA1
e58e633724f5475af12cd32b2e9e522370c72a5f

SHA256
a7b2c699f56b64d760010189d976b3b52f7d56f66bf4b7a1425ded31fd84bd61

SHA512
7f9fc227c97dbb3dcaddd15a1cf652aa016a25829e4c7377d3d852d34b3be12e16ec92865c13245afeb5080e78d33874bbc43f44fcd0283df97c3d2f929113e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\60025-c4f473b70cac10e4[1].js

Filesize
46KB

MD5
ac3600dea52269f5a9039c05f3d06d79

SHA1
7f675da0f5c0fb4f3267f223a5c04ea41c1bc975

SHA256
ed6bc96e5126806ef6de4ef0e8b4f6fc8fe804f25c14c575bf1602bab5bfa626

SHA512
d85acd1768ad883464edf7530f7235f525d3e10cb5956e2764160578c8c2a248abc1302e0d69ee42d814962a74d93b5e5f4f6c329073c7aadfb4a2261c7695fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\64477-25cda54408ee533b[1].js

Filesize
71KB

MD5
e4cbaa56a8631724839c26ea6d477097

SHA1
da79c4ab7a1db9f2856e7274c1682a57b005aa1a

SHA256
134afb9835b22f7d6bcbe523f1704b20848230e5c444f88bb192f8ba8898ae06

SHA512
9c452e08c804dcfdb4e95ae2a898e6273ef4a5ed049e6a5b02de95a40f30da90525870eb1a54b8fb7b67994417c0e1f58f7294151ab41c163e4efa3921e90b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\71944-077009b8580760a8[1].js

Filesize
104KB

MD5
8497a5df3c62dfbe279743068463bc6e

SHA1
e785c8ddd13b77464d91d89fb4c66f37f79fbb88

SHA256
acb67e8b7d935f1a8fc07d0b824e8e1671ace470821d27ce7392479819214a9c

SHA512
49c000ecab63d984aa881c0d31bc74d59544d5e11508949e8b727a758d638ea05f636873320d1de25549a6ffac760d481a17183f1738c473fb5b9d52a143e533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\7579-709a1fa4d4836aff[1].js

Filesize
102KB

MD5
325cee0946598709e495541c1942ddcf

SHA1
46be70430af6e83468d806b34bbc57f538900b5f

SHA256
f7674094cc4eb5b569ea29f438f3f1139cd080bc2be2ef9fc55580d89bfa96ab

SHA512
e2b49d681ac3bbbdb7ef291ca2b97ffa05ae758a33fad37a10fcf915c1840a449a0b45b0bed211a0808edb24c0e01825c3b6fbcd69de684c4807c7edc9c52e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\81084-363c9f5ef283ab3c[1].js

Filesize
128KB

MD5
0b04bb7f4144eb0ddc57b5fa716e4b31

SHA1
cad7d7eeee5c85efce2ce5d75e613b35ef8ba16c

SHA256
8bf4eb4cb54e9b895b1044656039fa738b7cdcbab6d385f1394fad25ddea1516

SHA512
a4271239cbdaa4a51aa4c349bdcb49c7c66c6c63254360ea18bf360701922a927eee3481b19145efa290396e8bd2c33c991916a6fb7404b91e602f4b22594143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\81367-24dbe3c8300accac[1].js

Filesize
107KB

MD5
1a856bb786b764491d3d39ada8a2e596

SHA1
bbcb0d9048b6cee0f64c84fa5933b2194443e02e

SHA256
2ca7ba104208543bac1b901e04b5a6b49e68f3e51069994168b9de8a9f6c56a2

SHA512
ebd8bff6b16570e98542ee1e36132a1b17e73e2e02490ed092337166f5028432ee019b378117b45a803529405389547457ae86d3f34928fc22cd3adad9710eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\85530-add9d34ccf75d6b4[1].js

Filesize
107KB

MD5
6c682b9be4ecdcf099dcb6c0d4553551

SHA1
4999c177f65141bc8ff11208ec119df1405d8367

SHA256
129a3df42ec04d1a6a6c700ffdc421c3c7e7b70c561653f6188a1964552c7dbf

SHA512
882e7ed6836fa88c9e9cb6e6acf0f82d26ec0769305e99b61e91a494e2d2f517aa8b7355aee45bc918a053ef5aa485f067bc477629ecce79bf938ec648f2ac23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\9029-f5cfb21176d9604c[1].js

Filesize
8KB

MD5
01a76e4e519b71e71160845beb4d8770

SHA1
7542a5fe98014b590683e862ffe04e2e8932a7c2

SHA256
16e7ef5679ba83e809494b9ac106f7d22928c42af2aed1321de781e040ecec61

SHA512
7a751dfdecea6affa7e0aa0934ae0d88e756fc39db46e3ef181d50fb7d7706ec49f38ff85b4ed822c33818f5bee84422141b18569c17a9b40347103006cda78b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\93697-500daecc1cc4c7f2[1].js

Filesize
951KB

MD5
d0e1dddb19a2588a0a296ebbc4432991

SHA1
21fcd99a547b808f0e83acbcbb38febf3af0de57

SHA256
6f349331645a05c223b8dd561459c62274d57acd834832efe2e3956ec198759d

SHA512
d411fdf3588fab1963b51fcfa770ae0a6fe425c2f9a86c86344d9afcd08524fbf1e3966152589896498fab1241a4b4559353b8d9c54149af53e3ddb8cdf51161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\94996-7278874cf55c2111[1].js

Filesize
165KB

MD5
bc7d0d61d9bca11151bb2c7a88884512

SHA1
01d72af0dc805c1a257cb00bcd29fa0749df59a4

SHA256
599a8eba4b8369c239c9890f66754f4c315dfa4b96ebbdaad135a8ef72df4f98

SHA512
2d2fc859f7b7cc6cf6f74686cc154de77b5ffbe67d81fffa5a328f5b076c6b765d39dce7f15349a51a8db851bf990dc7cdf1975e9e6df7ee56e247d8d547dbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\97120-7c34d87de49073b7[1].js

Filesize
7KB

MD5
7e1500776f1479f3cadcdf1eb04abf12

SHA1
d2b96d0be84156662c97f5f5fcfd0b0af0b82d7c

SHA256
4feaad8a60752cd96a47da751e1ecca06af8f52380d05b0403f9183fe9d5519d

SHA512
4efc68c89bd441267836255a2140b1d1f546e13ad69d05e952be11da777e1d24561fabdcb236a6caf0fd531513c5bf80f3d88a2ff0d17cbddf9604e697935866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\_app-d2dbd22813fb5076[1].js

Filesize
4.3MB

MD5
8cc45265da473fda97e6b79619cc4188

SHA1
aae41846c21f9f44617597ef4294f037f8a444f7

SHA256
3948e443170e998d9b6e8d0514eee51ef40ca2dcaef1c191938579ed9106349a

SHA512
884957c1df9fbf7687f004a512279a67bea6e7079f9c3deed9ab8430c8c4ba6ff5b06989bce2561459abab0c412db9622e4c229a0c9f2a9beb77839c11dc626b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\c92dccfb25adf1ab[1].css

Filesize
16KB

MD5
74fdc757a4930659bee29b8762796904

SHA1
42f7ae19ef29148c5ea3dfa2f5cbb1b41ada801a

SHA256
7caab27b59c05c5509e06007a0446aa59ad87e28329a090dcd5d8f5dce8cd8e8

SHA512
9b2553820fc46172764a07d2b00ee020763d3f08c8b0744a5da514322edd52a5b2e065876d1e3cedc36417b7749a62bfecc8d4a35021d409399382f89a00e7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\framework-d8cae1a2c5ed2d9d[1].js

Filesize
140KB

MD5
347c3e121e567d8cb5af3205ee030d70

SHA1
d105ce71e36fab860afc5f112f761df6833bfe9b

SHA256
df62deb4332637901fe711d13a364cb72b544263b3199cadaac1744e56daddf9

SHA512
b0b8bf44bbab30602f66852575ca2eb5258e58c8d9540e24fb2c8c293118161f79108db7810bd2955a2c7d9cc88fdc22d38276f8ec70b1b78213139dc8e16c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\main-3a72272e1150001b[1].js

Filesize
119KB

MD5
d4229298feddda549749b3c0b02364d1

SHA1
29d4f2b3cfb17a05db85a124e1104f9fd5b7b2a9

SHA256
839c44082912adf90a687bf19c4cc560108571b0864cff1daa6ddd682f3a6958

SHA512
f7abf5c8cacb0ee03d5a0e400b8cefa6f34236cad8af575ad37ef599231431800c6689ee88ae232c60a61bfd4d613a368ba95ce9bee01eef8e067e383d853053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\polyfills-c67a75d1b6f99dc8[1].js

Filesize
89KB

MD5
837c0df77fd5009c9e46d446188ecfd0

SHA1
81d34b3036ea28438bf8f3b111e69b3331f45e59

SHA256
0225eb034d024a03bdc90ea6c79f56193662e7c3eee909696298820e517cbb83

SHA512
dcf5f00351f86c1411191ccbb1a35094965c93e5f20e9b951a93589531c01c315c854db31f1cd8da2f5b6c2abbca8344d5d1465790820cc3b5c20a0aacac4b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\webpack-72a9b3fe2210d214[1].js

Filesize
17KB

MD5
614052199d70ac3623db259d1dbf56f2

SHA1
0382d034ba1adc10fbccc9cc928d1e773c510c51

SHA256
aedfc82f5565cb54ca8193dad74816ec3a56b719fc34de38ccf97fe4bd40f882

SHA512
3c306f6775d1c9a1529fc5d8143e0b25ea266aaa1aa0f0f115eab2545548ca391b6fa4643221bb953b27f26eb5c561f7098a9a9c0f837de9da1ddc6ddfc37da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\61557-00ca9f04e034bfe8[1].js

Filesize
68KB

MD5
5dd147f09b85e78fcfd2b4c62aa91257

SHA1
428726a2a21e8db9b326f5bcf7f3dd60129928d2

SHA256
7cd68353f46202dbbf3db1881ddbd5085e71c10431bf77342348762a06b87158

SHA512
b7cf3bf67526b33864656809d23bb634881fe040d93ad38658c22a6aa2e4ef286f8fe2870c6142c0301900f778309932da50249019c58f88ffd1d9ee9d55e381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\82237-8ff9feadd1063c98[1].js

Filesize
121KB

MD5
cbcb06e010aafb8124b148b50e2a6853

SHA1
2bae10a3a357f5a615335d259a5047c0824f6b39

SHA256
ca3821cd3c74dbfa07e283debea931f8a60ca0243a5d18b1be5d054ac7c33715

SHA512
ded8e1b202fbcbe923ed9ee7e69f47ec64544ef53f63585fcf3722d2117a3b19ea3e2ab1ac5ef3b6a403fdccf62d49e7ceb5ee44a65d8153942caf5d64b6bc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\88800-46766d4db95c44be[1].js

Filesize
132KB

MD5
5554bbb0bca2fc7f79c0f7f98345433e

SHA1
7168d9d44abea4408668211e1b723bbe47a1f6ea

SHA256
5bd33b7a93cf5a0df794b56dcf58839ba2888b7392770661e0ec8392fca10e87

SHA512
0235bcb90d342c2040d87b38bda695e3abcdf86f43d764b977d18b0e3d64f53db6d72ab24e56d16f3d08057e26a664dadd100f225666e2b81946cf0325e3c1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\[identifier]-df458daf8b8b21fc[1].js

Filesize
634B

MD5
77f67a42c27dd7796c73a3eeaa114d99

SHA1
5efc1124cd1eba0ff58779c7bb4c30799c8d2fe1

SHA256
2de8e76c84a0f9a9b7cb6e6bac8e39107a580066ebf88fba34058dc2b69d5f9d

SHA512
1575508229e9404f720b5fd80e8650c5f9603c3554dde533ca14233e516b44f583bbc8ca3e0834fa1f247c9156e183aa5c882061c8b99e9855de3cce01f11d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\_buildManifest[1].js

Filesize
19KB

MD5
21dce308cf9bbd348edd0e59ac2a2e35

SHA1
d9ee11867c9d82902d21c7c38eaeb2711059c49e

SHA256
ed0d4c0dab86f1867d100f9059f7270d6e28dca87f35f46401a752e3f359e394

SHA512
95a2e4e9281478afbdffa427d99a132c17319d4fd8a55df59a8f52a60a085e3d68beef8b812ad6d9f35efdbed0cfe53a96aed40e4c30492fd2acd9430431f169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\_ssgManifest[1].js

Filesize
77B

MD5
b6652df95db52feb4daf4eca35380933

SHA1
65451d110137761b318c82d9071c042db80c4036

SHA256
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

SHA512
3390c5663ef9081885df8cdbc719f6c2f1597a4e25168529598097e9472608a4a62ec7f7e0bc400d22aac81bf6ea926532886e4dc6e4e272d3b588490a090473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\32x32[1].png

Filesize
659B

MD5
ca36db0163b6aa7503533d43a71ebd89

SHA1
0aeef29bcf9ce7af8ca2a67d82c9cf4dd8266a3d

SHA256
460388f387278e50a92361d5a1e37d7bc3630b59582dd878dbbe22c8531f517b

SHA512
04a592dd2238de36612a2de62ddd7d4e9aedf264ae52929f6686da69c976bc6b6d28d49b582a06973eea2a4bdcc30bd620197fd331549d309764559ec8d00a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\BonziBUDDY_Official[2].htm

Filesize
582KB

MD5
9cdcf6e2804c25bc361f007fb17a56bf

SHA1
9b97165f74e21f48a25a06aece91f8e504e1eb14

SHA256
171de4cb11d07c0dc7fa92c188c5a19e12dad2aa293176f279b6b8023a2db0f5

SHA512
31588ad365ca0661a54da1bf997439e1e06bb758720b1a3cbf520e32d5d4f3145eae783ecf78ab1ab6dc23cdd49a9cc282810c50cc4154a947eef0403febf970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\d5bba8aa69ee4494[1].css

Filesize
1KB

MD5
2ac12d1e9587ca67b9b27d16eae2969a

SHA1
e269f348e34a4ea2814e9d562cad22ac4c0b4e04

SHA256
6eae0d9867a2317e8107e92d10d2ea48bf30bb1a597e078ae96aa1b2ac0cd23f

SHA512
838bdfb529e536c460ba054ce3ad86e3f9954fb633bfcb77749cd7405ab38bad85ce7dc71d00600b9fc0c65bdbae637a557c5961f6e1f58ccdcab100d2b39a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\f80efc36-164a4d3ff3d9350f[1].js

Filesize
364KB

MD5
861c7722752d0c6ee809550043c58071

SHA1
c7eb5c8558afcd7b18a2f72c3281e03ea941fab3

SHA256
1377059a511aba547bf665cfdf6889950a843b75cc0ccecca5dbf36954c4c464

SHA512
85587dafc9c9a81f9f33d303c62219adbba3e551e296a1296cf1c7fb9d475abd1601147b9176a7610713e882067213fc2421a0e11bd4845eeaa0c7deb1456c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\gok-H7zzDkdnRel8-DQ6KAXJ69wP1tGnf4ZGhUcd[1].otf

Filesize
331KB

MD5
d4dc6fd71a0b1b0aed616f1bcce60ae2

SHA1
31947883f5954ddf9277150b2710b43c9e5a3523

SHA256
b63fa9edd75e3c20328e04ad31dcc38ce76411f3f9ea1a1ff87f49e5ba874b05

SHA512
f1eb9d77c2f213d87c79c6f1ee6b43984db85b2bc953268b04d006ad4c3ebd8e40622765bab691494789ea20c52392f4f8de9be08c54b9355d90d7998baa86cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\iframeResizer.contentWindow.min[1].js

Filesize
13KB

MD5
dc5c001c0fde144c5f43636fc053d0c5

SHA1
4fdbfc87cda27bcf2df0e845ddee820674bbeafd

SHA256
a5c04248d5c18f521578e93637e96941dd0906b0b7134bbd05734a1b7de5e590

SHA512
96191a60e5b47cabfba30ad54d76cdee35b781567b59b67090da112490e3a1c9bf21825e435fff8937eb18523494966fd7ef4043e7e90900bd7b7f53bff2b496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiAyp8kv8JHgFVrJJLmE3tF[1].ttf

Filesize
178KB

MD5
4fc5673b837f1ba41825221a88fc7eb2

SHA1
193eb4a66d90b17d1c2c1d96e5f218aa018e59b6

SHA256
345d3644ef75efc6a7b39546a4c5f29fefeaa25a2a49774c4e747ff554305003

SHA512
f3c9bc9640b257fc3cf9467630b8d90746c75e4016f01b47d1544b5a39afa7896695ab7dc98badcbd128987085d8bcd95f47794c2ae31850bd591dc5eb0025e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiByp8kv8JHgFVrLBT5V1s[1].ttf

Filesize
144KB

MD5
9a3a3c0803219892727ed9d85ad5caea

SHA1
4e91803235bc44c8db587b8e3d98105ecb611c9d

SHA256
3a05787fc423c4d73c2846beebb56378092f17ac6698ed54765b6ca11fabccc0

SHA512
4586736d78641dcc9464da04d10731ac9603d426c6ac8d3fba03abe7d6e6acfc0c01212eadc720c0877aedf4ab6c2c75ff786c4213bf2c42d3512403fa30fc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiByp8kv8JHgFVrLCz7V1s[1].ttf

Filesize
146KB

MD5
124cd57d8f41f6db22a724f882dca3f4

SHA1
3bc8164396c3e6c1e4fae0cf2a51ea66381c1c2d

SHA256
1984efdda0fbe207d7ac20feac2ba7c2768c92a90094b02a206c9d58cc30ff2e

SHA512
074cb329a4237d9c7710b532fadfe1ef926e8f96151be84a94978d1c2319a7e261fa53a561cc7f288dbd6d45af76e020bae7a5a4df8b3dc22f8e559feccfe417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiByp8kv8JHgFVrLDD4V1s[1].ttf

Filesize
145KB

MD5
4252dae8574e434c7bb0127b8ffd06df

SHA1
6f007dac8dacf714ddcfaa3132a887e6a71cf792

SHA256
5e8a5c3c2a56c3bc1b135645ca9637b9b64dc3fed5fbf85cb5ed144e06bb6d48

SHA512
6365b809a43a121edf0637bc1949ba78ad46222828f7eb523bb2dda73415bba6f8c2a5cb3fc03b47b503f9713228bd1656f5af3b9e4a078e3e7e041b95cb2f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiByp8kv8JHgFVrLDz8V1s[1].ttf

Filesize
152KB

MD5
1bb10326b972c92be6c59c048a4327e4

SHA1
0eba831cb91221e799ba55fc1b7c1805a0799623

SHA256
da1b33b82f5fb047fc50970643e66a09c28787013b0c7f2b771e5465f9ee6b9e

SHA512
f1f7004856577d4515d8427e39329e79bcead190ac2fbfa5519622e1bd0d830e79bf196de180acc7f93b1a28046032ff83829d7898683cf46946e6ecc33b92f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiByp8kv8JHgFVrLEj6V1s[1].ttf

Filesize
147KB

MD5
0fc985df77c6b59d37e79b97ed7fb744

SHA1
bb68fa19e20495d26a20308b90712bd2c6150642

SHA256
dae40ca7b35fe7501bda2e4140a6860b1db47330be5d3c8ab6971fd83a70e9a5

SHA512
a570af12151c5284ef9a32d1d9b633410ec75d8f6c79f5c7700585aaff30997ce9cb2849c719ec4d7faf45502a44f3b9668518719aead5b7a795ff7cc2a983a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiByp8kv8JHgFVrLFj_V1s[1].ttf

Filesize
154KB

MD5
a0f2eadb0002101ea5da28381ce16cde

SHA1
13c6360196875d19f488e709809701cb367296d6

SHA256
57543fa9733173fe1ff8a6449018434810dda00e41c88bceaa0e30e7b2c7f349

SHA512
c8b3d2b93130554a0b2f10da7f664deb1a684de3a0ba1744a897b3b32f2f2bf245caf1aeeabcd3fafb5fb050a1e8aae4918acd4ec8701940624240135e0760b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiByp8kv8JHgFVrLGT9V1s[1].ttf

Filesize
149KB

MD5
614a91afc751f09d049231f828801c20

SHA1
cf83e7582e60ed83f67c7d68b4f7482ac9fc6958

SHA256
fcff04f4bec2b3636f05ed894dc1f9a752c4cb587ee49857ec7a82abaf6ca016

SHA512
f1dacffa13439abe06b3557b51f95e908e85b0d6302211f755bed35424725f98081fa5770b4b830f39f5e9a13f6f33e1c1e1f23e5e87edad3feb196092a2b12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiDyp8kv8JHgFVrJJLm111lEA[1].ttf

Filesize
166KB

MD5
cacbed9f986d5685947088fec7da20af

SHA1
cb7ca77911e100755dec21fcebd123d3914f0af7

SHA256
8d85bdf1bf460f930b2845e482d6907aaa55ad704df94e6ca7971b9fdd6a8b60

SHA512
996026d3fcb4d164c545e82bd6571329215b21e201e6f84ac13e8a6a53b7a5ad48fa4e14ce1828c770bb44740139caeff2ca4d52ed9b110d0b77325fd4518652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiDyp8kv8JHgFVrJJLm21llEA[1].ttf

Filesize
176KB

MD5
b35333e8e8fbf4546626db4717c97c72

SHA1
a08a7780fe9593c031bdbb90772ab05b1444127c

SHA256
0e5364c19f28addfe81e6eedacfc0233cc2b14f196c0ec4364db43249825c0a5

SHA512
b58d22f3747e7cce986f1e8bcde6a11084a335119c6cfb6876ae0b5c494ac549074d6d061b3cac52cca359671269f01060c75341581db97fbcf5e23b42647883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiDyp8kv8JHgFVrJJLm81xlEA[1].ttf

Filesize
163KB

MD5
91aa7b4539f05576f6003d7da0d5fa1c

SHA1
08cf7acceaad656fce2639802e492c0b2747fe41

SHA256
ba96639e42ae0f89b531e432f90e0618a23af72345e265c610ae1ea09741cbbe

SHA512
1edbb79e414414e44dc6bf2eccd564677220458a4a5f9dd37ce166942626eeddd387bd082f715a7640f5607036ec2e7e905050cd6e5fd68c155725ffd0008857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiDyp8kv8JHgFVrJJLmg1hlEA[1].ttf

Filesize
172KB

MD5
f34bf75e5fbde2ab10e87b35c5b115e2

SHA1
86f262a5dc3116a1f53ef76974802df2b6a8afc7

SHA256
cc581d84062e9ae77b33cc42c3eadc79e44ea845bf8bcf86af4c6f78dea20284

SHA512
b8ff842c74b567eb8be5802f87b4b538a0c4bbff73e8f1c71d780f5e7c5c38ea47bcb1d17eb94cc4391133eb227f40f6a20756d8064b1bb82019b7f22b84e617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiDyp8kv8JHgFVrJJLmr19lEA[1].ttf

Filesize
170KB

MD5
215bb268074bbf9212656b4a8d1fcc30

SHA1
4fe585c2f76c0638df95d9b26e753525d3912172

SHA256
b4de1c6c4adfb29175cc846d6fc80bf317f8850aef72707f74601f8910b45436

SHA512
cc9d9a91cbeeb85f91cffc629367f669aa014ceb0e717723c8a4779e03c321abe6db140f986ef2cfce8761140927bbf0e2765b60448ac5162f5a2365186213a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiDyp8kv8JHgFVrJJLmv1plEA[1].ttf

Filesize
177KB

MD5
4aa49ff8c7de4295787a4c7b318103e5

SHA1
06556ef3605138c71d24f1fe9d4e391fe751f5e7

SHA256
7136819b6a71f86d37978045d98c942027a9832684dd4785ce6edaedaaad92a0

SHA512
4a419b6add8b4b3599fd20199251d1e98572d1c1b35c6c842d097d30d6fa5dcdec415069a922d346119ada9f50cd1c854067a30904bdf8fe533d535724e68746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiDyp8kv8JHgFVrJJLmy15lEA[1].ttf

Filesize
168KB

MD5
ad298ba8cf26d9c214d28d1eef16fb4c

SHA1
352b886f06803d5c77722dc91c0313b7d2338c82

SHA256
733b74494c0b5856045e34eea8b899f02458ca8e0b7ebd2a887a86b64d99b0d0

SHA512
ae9bb7496fac01d2da7737d4b90dd7153098ad73fca850b34b50cf0330fe631651355aa622b6fc47a554e52e95af7cad4a1a56a1a9ba5bffb38802df83f5d9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiEyp8kv8JHgFVrFJA[1].ttf

Filesize
151KB

MD5
cd6b896a19b4babd1a2fa07498e9fc47

SHA1
52f9413b264e8ecefbbf12830e3dfadebbf72986

SHA256
cdedb1729acac414ed01744a11da7badb86adf13108e7bd3fa161b9323f7fe54

SHA512
eb8b55372db754593dce65d048bfeb5e63899884b2ba5ec55d33a287042bea88e8ac54bc92071ef6271f18dadfc67e2310d2473d1b20605e9153e26279f035e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiGyp8kv8JHgFVrJJLedw[1].ttf

Filesize
173KB

MD5
07502c4fe46025097dd8b1e331182ee0

SHA1
8853c7193c21b71acb6054a2d8243147fb283360

SHA256
d455310e3d1e4393723dbe5836cb27c351751123b89a74c7034ec60c861d5556

SHA512
3ab7183f1f0d1655d0ea00e319a4a36006fda3cc8edc86adcd1a60fa85219e31adba39b81c4db0b3a9da843b7dd339635fa64774c407a80b98c0c6f46b9bdf78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\pxiGyp8kv8JHgFVrLPTedw[1].ttf

Filesize
154KB

MD5
010bf26d1f08aa72a7993f1e50bc0a66

SHA1
9bebfeda7e983ad8d9d78059e44f937622c42dd7

SHA256
e8ffb08eb3744757c0ca87f865e6ec781ba960d6c0bbcc6821e76997e692242d

SHA512
253fd64d7cdc853c9b4e1bc491f84c83e7b30479eef65e7f123801df5e4c50f08f190b1cbcbf8f8eebb704205a1bf9b879376a502aebf8d784901864610fce39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\v2b4487d741ca48dcbadcaf954e159fc61680799950996[1].js

Filesize
16KB

MD5
b2c60107bdb8a04322c7e23da8f3c717

SHA1
daa0b0f149b35bc5c9da998cdb46e9ae98128b88

SHA256
4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2

SHA512
0ff8dd1340b2a5e57115a7537a32864f39b0c95d74735a71664fc0aa326e65b689c06332347637abf9933d6a8c52714009f093ba785951571de1c57bf1d2b5a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
132KB

MD5
fa2eb036c93d6493324a0883ab6c6116

SHA1
d389806fd3b40ec317332a70c78054cd20e924e1

SHA256
63179d2b26a883d303716ec10eb4283ea34abf82315059e7f64fccf216844817

SHA512
b0040bc047259c81c510fea86bc87046faa3cc6d294e3134135cbcb3f6f7fdd447ee667d14637eaf8d750bcf0f702b8f62ac4c23f84b051ca2b657b8bbf18d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cvljv0cy.hxw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
7782094ffa85bd751345a87c8a1782a2

SHA1
17b8bd5e5ecc1eece5a6aca1ed6c82509f82f826

SHA256
ff41952b7fbffff7552225d8cbc48d413419a7c1e11c24093fc75cea0f999058

SHA512
71c1dc6cb47c87195e3605c94f60ab056c8bca72e84cec16fc46e7c86df9cfb53e892108817237fa40158be35502cc92afb14c4fdf017820f90a5a4578b081e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
aa0811cdfee67c590a9625cc97c053f0

SHA1
38d3009dd09fa80e2a939b9f381bfb458ee1d278

SHA256
d70125f2df8fc102a4fdc2c2835736026c0f7b8c0600b2deb8395378fdb828e9

SHA512
4317e70e173c37d273776560400afd42d208d625e36e79b882135c3c670b100e79a035fb236724deba1754d563812dca1a01cddd3acb50f4724cec9bb6506222

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1bf76e6e33bd602c9326c37dfed3c33a

SHA1
059549d9e4f832f7252843dbf81e8aa784ab2484

SHA256
02fb89e064a7ce53eee15a9522611254346bdcce77a8bbe77e1bb9ff66296225

SHA512
74a5078d129daf3efb7cf46033bf389325e59b8cee593fac1ba5acaacd963323ba312f76fac1c45a2e68ba1fca954403dcaa5a080a2ca24dd4fe5e98991b4e13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
361c0314962805951e721e8754bf7710

SHA1
d5860f2d9b2b779e6d0a987d2242f0dcf21e2af2

SHA256
023a939e3c0baeccd12eb5488735be9ff6ec9a52f73bd1a847c9c702859f1131

SHA512
6312b30d001a66c8bf8439fc4e68c270878b1825deeb9f79d8edd3b19110164a84dd03d04ccbdc4be70a90006c42028ed866d35a53c7b0923f1adfcfe4999e90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
a95e297d3d8159826d8aa958cfad91df

SHA1
e1777413077d3516ff5266888d73d1adbed16b50

SHA256
bc8423f786f3664ba5a1165345591a983efd6aae9e251f5fba173085fa1fae85

SHA512
eba92bbf42501f2518956cd40277769100ede89396c043744e59ab540d3c2fc161702d196cc3a256eea348a83b25246a153d6615afa88526b479c2ef88143ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
1e8a6e44fda8bb342cf2481a3feb5234

SHA1
339ba6dacdaab5fb98a0a8f387983d273dd2aac7

SHA256
ba0d105f1afcc3adb782af328e59194712350163b25febd2eb44bcc038149d09

SHA512
00227be9abf63227f1aa8a51c960566102645ccdafbb5006ced6fc7b90fe4e817f1d11fb7e6cc52e67888865456458e7afb6362ac0080060a2f144134ada6ca0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
06512ac4bcfd34b4b1478933ce0d2ebf

SHA1
358f0faede4d9dde5c3dbddb70c161d3ab3efae5

SHA256
842f00b78e4059b57f026a497488d58ac55a6adb46289ae070544ef7a9aa32d6

SHA512
2d3898a45e7d41b802405461769acce6f77fb4c50836c881a5542162a4c21162b42dc7b27ba03fb1958333d82f34f96c3b1d17b2f72661d3e6aaaf1c81a7f107

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
94e8323a335d6305f7faa0dd693627c8

SHA1
5036a9aa96b9da9e7beef60a2df5499900c2207b

SHA256
8bd11d61a03b36966325fbb154d9268b3c91a8e6b992c5e1931e1cca5d5a9239

SHA512
9ebfe4b89698a6db9cb7698717592574d8f6509224cf6aa9a5cf6a1956ce7496fefc3c623f6348f5367bbeffeb599841c49fa80ae127fa30798307abf8b91c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
405977a17f0e96da6d0c0d8fd2eed727

SHA1
e2dd6d7dfb11054c45506edc0ac2261ead667527

SHA256
95ade8f8e6e7bfc018b0aeaef6b052d4a60344240a2df1659d5320b94bdf3038

SHA512
3a7d621bba6b22485af5b3c42b48c062e58cd9db546696e962fa34271ea294bd9e488ac8b32ce72d18f1f33097a24cf14846a047b66db1a1e34632ca23748c73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
e08ef355498ae2c73e75f5a7e60eada5

SHA1
c98b5ab80782513f6e72d95ab070e1ed7626c576

SHA256
d1a98a30522d1bf882574df5ed2793bba5c4fdf0381788babea0846f6946745c

SHA512
a0550e83ecd1cf632b4e54bf43744ee9f7c0a8dfcf9a043e018c00d4ca0bba606cfcaaa469b204e7c9dffec1f79b91e16cd4f1c94ff512c45d3dd25b7174e859

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8b4e33038c0791bea7d6aca77549bf01

SHA1
633a238396814b63a71d7e21b77514933c6a35e3

SHA256
05b83cea956da352e8d6699b1c949f17610b7fd10286a1847c503e13def57d03

SHA512
e5f74fc660d9e9a85aa98da5fbc16f0056b15fc09fed6453df27a4d7015fb40e12a89a6e49f38362e935e3f4c5746b0ce66c0e7af6fc7838f99ea1f85124b113

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore.jsonlz4

Filesize
641B

MD5
ce3ac6f550d786cad59e76b8f354ad6d

SHA1
4cc8a9fc9f26c2e90dfed536838e908849e061eb

SHA256
651eabba27b99a2cb9d191d70d074734dc66997d6b57084c69a65d9ff5c030f8

SHA512
e7aea312538362c8952b04d7c55cc31d40423458a8f7bb854949150a614c79872051d4c7bd7ab60f7315cf1e6c38a1aff36b6761efb71399502414505286456f

Download Submit
C:\Users\Admin\Downloads\Bonzi.zip

Filesize
49.8MB

MD5
65259c11e1ff8d040f9ec58524a47f02

SHA1
2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

SHA256
755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

SHA512
37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

Download Submit
C:\Users\Admin\Downloads\Desktop Goose for Mac v0.22.zip

Filesize
14.3MB

MD5
ec4179db8ba7e8da93ec6d9f9c0f5e6b

SHA1
6e620b15fdfe1cdf121df954d958326aa5144c59

SHA256
9d866197a98d0ab197d2db2252f50300d5ecdacc772a0ed353d5e5175e9cf47a

SHA512
eea8610b877de743fe8dd05fd022476a5bf5ba971b2ab75a82349f2160f188632cfb7b6279823d68548e48a40d08bf14508261511b8b052cac10d73f4bcfc7d5

Download Submit
C:\Users\Admin\Downloads\Desktop Goose v0.31.zip

Filesize
4.1MB

MD5
eaad0961b52b14d9a323f092ef307d8a

SHA1
feb3aedf16432b063ff93c90623a865a1fd5214a

SHA256
e66264065923676807fd6d7b36f7c9dc52db9ef1c5399b2811738eb5e22a30f6

SHA512
fc42d2ed6a8a8efee0898236526dbe46218dbec657caa5e70bcb18433345d56a010903c155c726a5c9e117e1759cae42560e18da49d5bbfe4e99048fbd326330

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 268758.crdownload

Filesize
2.8MB

MD5
1535aa21451192109b86be9bcc7c4345

SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c

SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

Download Submit
C:\Users\Admin\Downloads\Untitled Project (5).rar

Filesize
71.0MB

MD5
8567b25a32f86eeb360d3ea1255a126c

SHA1
bd2af6d63cdccf97e3d2c9d7d5564b32f44161e9

SHA256
5a2a29b5f503ca867219cb1063dec264329c88bcc20595b9cb54a36f7effb4f6

SHA512
87001ca2d50d7ccc9bdb410c73da7cd800a4978d511cad946eae5d321603665fdd7a4c2a7485ea81de2754ac85a0466db8990f27135b0bb7d1dac6b399229d5b

Download Submit
C:\Users\Admin\Downloads\Untitled Project (5).rar

Filesize
71.0MB

MD5
8567b25a32f86eeb360d3ea1255a126c

SHA1
bd2af6d63cdccf97e3d2c9d7d5564b32f44161e9

SHA256
5a2a29b5f503ca867219cb1063dec264329c88bcc20595b9cb54a36f7effb4f6

SHA512
87001ca2d50d7ccc9bdb410c73da7cd800a4978d511cad946eae5d321603665fdd7a4c2a7485ea81de2754ac85a0466db8990f27135b0bb7d1dac6b399229d5b

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
memory/2368-144-0x00000216F4520000-0x00000216F4530000-memory.dmp

Filesize
64KB

Download
memory/2368-145-0x00000216F4520000-0x00000216F4530000-memory.dmp

Filesize
64KB

Download
memory/2368-143-0x00000216F4520000-0x00000216F4530000-memory.dmp

Filesize
64KB

Download
memory/2368-133-0x00000216F3EE0000-0x00000216F3F02000-memory.dmp

Filesize
136KB

Download
memory/5016-4256-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/5016-4290-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/5312-4292-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/5692-799-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-6259-0x00000000016E0000-0x0000000001720000-memory.dmp

Filesize
256KB

Download
memory/5692-4850-0x00000000011D0000-0x00000000011D3000-memory.dmp

Filesize
12KB

Download
memory/5692-4835-0x00000000016D0000-0x0000000001710000-memory.dmp

Filesize
256KB

Download
memory/5692-4814-0x00000000011D0000-0x00000000011D3000-memory.dmp

Filesize
12KB

Download
memory/5692-7175-0x0000000005580000-0x0000000005584000-memory.dmp

Filesize
16KB

Download
memory/5692-4765-0x00000000016D0000-0x0000000001710000-memory.dmp

Filesize
256KB

Download
memory/5692-4112-0x0000000001740000-0x0000000001744000-memory.dmp

Filesize
16KB

Download
memory/5692-7126-0x00000000016F0000-0x00000000016F4000-memory.dmp

Filesize
16KB

Download
memory/5692-2124-0x00000000011D0000-0x00000000011D4000-memory.dmp

Filesize
16KB

Download
memory/5692-2104-0x0000000001340000-0x0000000001343000-memory.dmp

Filesize
12KB

Download
memory/5692-5804-0x00000000016D0000-0x0000000001710000-memory.dmp

Filesize
256KB

Download
memory/5692-722-0x0000000000D90000-0x0000000000DCE000-memory.dmp

Filesize
248KB

Download
memory/5692-1987-0x0000000001340000-0x0000000001343000-memory.dmp

Filesize
12KB

Download
memory/5692-723-0x0000000005810000-0x00000000058A2000-memory.dmp

Filesize
584KB

Download
memory/5692-892-0x00000000011D0000-0x00000000011D4000-memory.dmp

Filesize
16KB

Download
memory/5692-891-0x00000000011D0000-0x00000000011D4000-memory.dmp

Filesize
16KB

Download
memory/5692-865-0x0000000001340000-0x0000000001343000-memory.dmp

Filesize
12KB

Download
memory/5692-864-0x0000000001340000-0x0000000001343000-memory.dmp

Filesize
12KB

Download
memory/5692-724-0x0000000005E60000-0x0000000006404000-memory.dmp

Filesize
5.6MB

Download
memory/5692-725-0x0000000005780000-0x000000000578A000-memory.dmp

Filesize
40KB

Download
memory/5692-5935-0x00000000016D0000-0x0000000001710000-memory.dmp

Filesize
256KB

Download
memory/5692-5966-0x00000000016D0000-0x0000000001710000-memory.dmp

Filesize
256KB

Download
memory/5692-5969-0x00000000016D0000-0x0000000001710000-memory.dmp

Filesize
256KB

Download
memory/5692-728-0x0000000005A30000-0x0000000005A40000-memory.dmp

Filesize
64KB

Download
memory/5692-836-0x0000000007630000-0x0000000007670000-memory.dmp

Filesize
256KB

Download
memory/5692-729-0x00000000057F0000-0x00000000057FA000-memory.dmp

Filesize
40KB

Download
memory/5692-730-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-731-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-4863-0x00000000016D0000-0x0000000001710000-memory.dmp

Filesize
256KB

Download
memory/5692-732-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-6205-0x00000000016E0000-0x0000000001720000-memory.dmp

Filesize
256KB

Download
memory/5692-733-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-734-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-6256-0x00000000016E0000-0x0000000001720000-memory.dmp

Filesize
256KB

Download
memory/5692-775-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-735-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-6300-0x00000000012F0000-0x00000000012F4000-memory.dmp

Filesize
16KB

Download
memory/5692-736-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-737-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-738-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-739-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-740-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-741-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-742-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-813-0x0000000009B80000-0x0000000009BC0000-memory.dmp

Filesize
256KB

Download
memory/5692-803-0x0000000007630000-0x0000000007670000-memory.dmp

Filesize
256KB

Download
memory/5692-802-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-801-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-800-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-798-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-743-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-744-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-756-0x0000000007610000-0x0000000007650000-memory.dmp

Filesize
256KB

Download
memory/5692-761-0x0000000005A30000-0x0000000005A40000-memory.dmp

Filesize
64KB

Download
memory/5692-762-0x0000000007610000-0x0000000007650000-memory.dmp

Filesize
256KB

Download
memory/5692-792-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-789-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-790-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-791-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-788-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-787-0x0000000009B80000-0x0000000009BC0000-memory.dmp

Filesize
256KB

Download
memory/5692-783-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-786-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-784-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-785-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-782-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-779-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-778-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-777-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5692-776-0x0000000007F10000-0x0000000007F20000-memory.dmp

Filesize
64KB

Download
memory/5728-822-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-793-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-796-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-760-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-757-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-758-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-759-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-795-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-755-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-754-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-753-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-752-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-751-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-750-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-749-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-748-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-747-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-746-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-745-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-794-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-797-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-816-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-817-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-819-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-818-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-820-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-6358-0x00000000054D0000-0x0000000005510000-memory.dmp

Filesize
256KB

Download
memory/5728-6341-0x00000000054D0000-0x0000000005510000-memory.dmp

Filesize
256KB

Download
memory/5728-6288-0x00000000012F0000-0x00000000012F4000-memory.dmp

Filesize
16KB

Download
memory/5728-6228-0x00000000016E0000-0x0000000001720000-memory.dmp

Filesize
256KB

Download
memory/5728-6212-0x00000000016E0000-0x0000000001720000-memory.dmp

Filesize
256KB

Download
memory/5728-821-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-823-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-824-0x0000000007DF0000-0x0000000007E00000-memory.dmp

Filesize
64KB

Download
memory/5728-825-0x0000000007630000-0x0000000007670000-memory.dmp

Filesize
256KB

Download
memory/5728-851-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/5728-857-0x0000000001460000-0x00000000014A0000-memory.dmp

Filesize
256KB

Download
memory/5728-858-0x0000000001460000-0x00000000014A0000-memory.dmp

Filesize
256KB

Download
memory/5728-1629-0x00000000012F0000-0x00000000012F4000-memory.dmp

Filesize
16KB

Download
memory/5728-2078-0x00000000014C0000-0x00000000014C4000-memory.dmp

Filesize
16KB

Download
memory/5728-7067-0x0000000001700000-0x0000000001704000-memory.dmp

Filesize
16KB

Download
memory/5728-2259-0x00000000014C0000-0x00000000014C4000-memory.dmp

Filesize
16KB

Download
memory/5728-7159-0x0000000001430000-0x0000000001433000-memory.dmp

Filesize
12KB

Download
memory/5728-7164-0x0000000001430000-0x0000000001433000-memory.dmp

Filesize
12KB

Download
memory/5728-4794-0x0000000001490000-0x0000000001494000-memory.dmp

Filesize
16KB

Download
memory/5728-7374-0x0000000001860000-0x0000000001864000-memory.dmp

Filesize
16KB

Download
memory/5728-7376-0x0000000001860000-0x0000000001864000-memory.dmp

Filesize
16KB

Download
memory/5728-7473-0x0000000001860000-0x0000000001864000-memory.dmp

Filesize
16KB

Download