986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e

max time kernel
386s
max time network
390s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wave.png
Size

10KB
MD5

57bd5782b784673f8e3ebd06f95bdf38
SHA1

1f55e36180024eb5c8fc066a855287898e6b077a
SHA256

986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e
SHA512

9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51
SSDEEP

192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
157	raw.githubusercontent.com
158	raw.githubusercontent.com
159	raw.githubusercontent.com
160	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\you-are-an-idiot-main.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bonzi-Buddy-Website-main.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\YouAreAnIdiot-master.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5680	msedge.exe
5680	msedge.exe
5504	msedge.exe
5504	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe
6684	msedge.exe
6684	msedge.exe
6684	msedge.exe
6684	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5040	firefox.exe
5040	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5024 wrote to memory of 5040	5024	firefox.exe	102
PID 5040 wrote to memory of 4272	5040	firefox.exe	103
PID 5040 wrote to memory of 4272	5040	firefox.exe	103
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 5092	5040	firefox.exe	104
PID 5040 wrote to memory of 2720	5040	firefox.exe	105
PID 5040 wrote to memory of 2720	5040	firefox.exe	105
PID 5040 wrote to memory of 2720	5040	firefox.exe	105

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\wave.png
1⤵
PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.0.209529288\141027259" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce38cf24-7faa-45d3-b672-3b4a7a628c62} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 1980 25e55adb458 gpu
    3⤵
    PID:4272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.1.26623967\1690412588" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {112e2be7-b7cc-429b-a64a-81805ed0ee96} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 2380 25e55a0bd58 socket
    3⤵
    PID:5092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.2.1583216793\538218134" -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 3256 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17e4fd4a-9375-43e0-8931-d287756460f7} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 2876 25e55a5e758 tab
    3⤵
    PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.3.1912817005\1955091369" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e00f68d-b5c6-448c-87a6-2bcd78deecca} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 3572 25e49361958 tab
    3⤵
    PID:3804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.4.1568652921\560189499" -childID 3 -isForBrowser -prefsHandle 3440 -prefMapHandle 1100 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78caf17a-5855-43ea-862b-ae26ca8cdc9e} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4068 25e5adfbd58 tab
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.7.470485881\2142707012" -childID 6 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4a9fa45-2d8e-4902-a5e5-63a282628d42} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5472 25e59b4fd58 tab
    3⤵
    PID:792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.6.1821954104\486058376" -childID 5 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27fcf513-b6a0-4657-afb9-ae9913437672} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5192 25e59b50358 tab
    3⤵
    PID:4072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.5.1567277245\1408089265" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 5040 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {526ebd2f-e5e1-493a-bd59-fc10fa49bcb9} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5048 25e59b4f758 tab
    3⤵
    PID:4888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.8.1018334311\2078997347" -childID 7 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d503ea5e-c109-46d3-a47e-cbc19b2b4f3a} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5432 25e5d8a7e58 tab
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.9.1353504650\1902965578" -parentBuildID 20221007134813 -prefsHandle 4240 -prefMapHandle 4104 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1562d0cf-aa4f-4efe-be68-897409c22e1a} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4236 25e5e1ec658 rdd
    3⤵
    PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.10.1794317878\1835824383" -childID 8 -isForBrowser -prefsHandle 5908 -prefMapHandle 4916 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e30c4ab-aff8-4226-aeb8-75fdbb0a5abc} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5920 25e5adfab58 tab
    3⤵
    PID:4752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.11.1097080327\1020885359" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6028 -prefMapHandle 5952 -prefsLen 26646 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ede3b2d-e4fb-4ef9-886d-e0aa9266517f} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4240 25e58496e58 utility
    3⤵
    PID:5876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi-Buddy-Website-main.zip\Bonzi-Buddy-Website-main\index.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaae6d46f8,0x7ffaae6d4708,0x7ffaae6d4718
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,2660383429920560582,9585780310205426609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11512 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot-master.zip\YouAreAnIdiot-master\idiot.html
1⤵
PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaae6d46f8,0x7ffaae6d4708,0x7ffaae6d4718
  2⤵
  PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot-master.zip\YouAreAnIdiot-master\idiot.html
1⤵
PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffaae6d46f8,0x7ffaae6d4708,0x7ffaae6d4718
  2⤵
  PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_you-are-an-idiot-main.zip\you-are-an-idiot-main\index.html
1⤵
PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaae6d46f8,0x7ffaae6d4708,0x7ffaae6d4718
  2⤵
  PID:1544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeTest.cmd" "
1⤵
PID:1848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeTest.cmd" "
1⤵
PID:1876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OptimizeTest.cmd" "
1⤵
PID:6048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44f9318bdb234e98a66d4d71cc0f97de

SHA1
d68a6770edebbaa151d0505a223b5bc883f2d24a

SHA256
3eca17f459cd4539a282501bb3b6d1a5000a1258e85f5e20ea497d948e60b00a

SHA512
80717ad5b2717cd5bb775cd6f38897152adec5ace4d8132bce09c5cc8cc082f1ee975d9e1e661e9e3286362c6d81f4b93ce57fe6f0c417e7feddcbdfa4910e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff0b02bc27f04717b25309d67fd26813

SHA1
a9e8c2bbf873a1466199c7d760f508955ea665c8

SHA256
b838a7baf1d6ebf12a1f232c7e14506fd11a21fc23c8998ab4a51c5381fd8d08

SHA512
f5eff04ba4d501b4d79f664154a82e0acd815f3370d23bfa63d2bff97a247af8608cd42f7a7ca730043af59455cff6e607e9431a4db8c47227c8fdf280b4e1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d08fecec288dae08639cf02df7b1334

SHA1
829ec8910d04ec6fb1a74fc60b78c8d8ab2c6399

SHA256
0806b39bf7f1dd587ee3b796004ffe9638f0fa2e4a6ce90338770d09be67131f

SHA512
35e1b5742454c433d02748a5d44a701a79e104cbadb812fab58b40686ff313d8b0509815316dcfd057c32de1a6917a0dfc98aa6958f52b67a4bd7b4722a19b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86dfdeadd90fb64ef781ed0b27f103c9

SHA1
4488ad0204abf08230d8245600d0b5ad48e5c024

SHA256
7c5694327e6c4ede2aebfa696ec90ee87271cce0f12825d261510fd348ac65a7

SHA512
41382e5a1c9216f591b01b6d0c8b61263ae8d2a3943138ef59b7b4984db55a0e855a4e914b35893c67dd393fb6ce9056afe1a76aa1fe05c75dcb6b318c13ce35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13351386295538456

Filesize
37KB

MD5
12b2eb181a03978bd87687102229b64e

SHA1
d26279bef5db050b5a9575201fc77572b7f89905

SHA256
8a495e61fa01ff131ba9c1a9c4a4f3a26128d43ae8a4acde3f711da3583d59a1

SHA512
af73b98f86b08cfe556a613b81f5e581ca022b9a50b452ccd533275c31216e17826e5eeba0ddac6c3b292db7b3f632de336d3acd899de5d3a8fb99ad6a7ea17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13351386333451631

Filesize
63KB

MD5
62b8c3abe5fd64fbf5e59234c6b8ec13

SHA1
263a462f5c34a0ab7b58918954fe708be26dc5ff

SHA256
2224c42aef6592a2e638305595c68ef54da2124fce5bb023f2891f1b23545e9e

SHA512
60efe9f6393c4b25caa90f109e47472c789cc5aba9f3e0537d88efd689a2d1db11e0ddf8bf027ee516fd792a66ab0764040e021a9e36c29e9efe3a0b6991cb4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cbf10e1251370b429d1f5f396c26d621

SHA1
9f4ade64ccd19e2a2afe1dace9f61c24958d43ff

SHA256
d5845a934c451952275f7481623c78b64870e8d89a823341e15d76b595471f70

SHA512
fab3f757f5ccfdbae7049f3e6a6a6c126dd7189cb0ba54f87552828e73e3938ddde14278181c3efac1748f1b5e123d12d35e01d727cac5bea523dc7c392a6a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
17dd5d1d808b89edfa32fd044e896b1d

SHA1
f21d2d8ae1b439d990a7e041146039b8102438af

SHA256
e10152a28e17cef14c82deb8095b1a2de889452f08ce00b843e5e21bcf96bec4

SHA512
38047462409a17d9518d3ebb84a0608f5f5006818f25c252951db8a01fb46b0fc1ae74d1a71bdfc496d5cd9471993f95cd11909fb1a7776965e9fcd5de184d24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\13232

Filesize
53KB

MD5
c3975993283923ca1a321e58fd9d9a97

SHA1
98501316e92d2de29c19b00a2b08afc3faa491bd

SHA256
2054b2dee001fd74ee28f851a63491a78d9537c198ec668e9e3d455b7f953a2f

SHA512
60894f353c19a8dc684bfa958aae689d47c3d59ac505293c5a9ef2a861f46c94fee78f8e685f024e3653c3b244c8eaf9887fd1f8999f0e9b3513d9b215b016d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\16300

Filesize
13KB

MD5
577a46747603bf30b1ae876b83c2f04e

SHA1
4e209a5261f8cad26a685cfa5c3cbb82dc8004f5

SHA256
4e5253c9feed3be3a79a3e933d1b8236487ec9c3a8746df58b4b95be9cc246ec

SHA512
c23a43c8d55324eb5a41e0767d38f9be8c2eff17a2200724c34307a483ac44df15b40019b88c08337f360361a7c2246716a7205406d18a97647c1131291d9128

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\18368

Filesize
17KB

MD5
0f965dc23480a81145733eca9292841f

SHA1
4ef7151674c29397ef601f134de0c954bf73a462

SHA256
69bd76ddf1398dfad2398d83d439bfd60ebbd6d4629ba6de9ca3a96576dca44c

SHA512
3e7182455ccfd264de18134117a5c4ccfd27ce7edeb268615b5e2c686ccf5758d43d1e657ed866659b8b5d9d33c4a51cc3a2ff85b9949659f0b6293f2b6f4b41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\22778

Filesize
52KB

MD5
b62846d7ac81da8aee513b0cb35b6937

SHA1
c55d5e780e141624e459027579ae5857a49dfd8f

SHA256
4760bda80da500a9f320d617fbfa2d903781728848901ae0325f92ec454857e0

SHA512
880a4b9c2ca065fb0b7cc673eb2c6ea3dfa368092a61dfb613541a0ad164e9ab6e418ffdc15717e3e1bfda7bb3f6acbee06985e1dc584c3e71f9bd2e5dfa89ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\31091

Filesize
52KB

MD5
767d93701c8a3a2ca8c87543cd942988

SHA1
c18b62fa6b9d855546b313be3f6dd4161f62088e

SHA256
4a611adfd7fed716708dafff5680365ff101843635857bb352ead0039c608757

SHA512
03470ace27e4d415126744bbfc27d6d00777fb7a4bf555ff94fc8888ea20ebe0d3a2537f6cb4d204aae471f36a9637145a6984e1977db33081f05ae176e9bf3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\4173

Filesize
53KB

MD5
bd24e2ffee8b6cd90c261c63e6739856

SHA1
c1c75c17d703cc234039ece7426cdef441f46b14

SHA256
15c090e57203b28f6ad895114a46199110d5d722de676e895cf06239e75ad187

SHA512
2177e79406bb2b9eb2d4434302d4364084117061b49f38fce84acd2798375bae0055556280ca5810463fb60ce7c5064835f77b3a10031e27df594251d7972863

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\09EDBE0C0AE5CE04868F06A4BC625F286116BA02

Filesize
33KB

MD5
ef1f939e0d55a5eb4f2eef7bfce971fb

SHA1
e1c3304b5d6bc155358bd5c1bf7b7fec54f5f685

SHA256
bdb728d6d73fd7a7c134387788ff5349b35806842a9931d239faba01fb33b02a

SHA512
abf170836e2c2d8f7b2340dd22cee11023b0f5391598997164b10d3ee7d42f7a977b1bec09b865647e956c22899302957fe43bb6ad77770f67279596337c0677

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\1E61518360BA13E897A17737CCDA8D9067374818

Filesize
766KB

MD5
43f4d95da6f8b9762ce06b47d1d3c979

SHA1
488b3f80f45c1c993fc97bcf71dd256412ba725f

SHA256
82000dcf46d651b6c1f81393d39d454e2124ceb79cf44090ea23de1aca3e8d86

SHA512
2e729576581091d848d1012d9bbb9fe733c84ee05761b391f1a4ae91ef7dc3a7979884e5daab08cb98309f218a42b8b417a121d622a90613cc7ec78fdbe5b16b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\34231335DC373FC6F959E8D1C1DD1906DAC2A65C

Filesize
48KB

MD5
b0a310f2d7d10ec550405f5c7e56b795

SHA1
5154e72aff93e22612881d46f4985e7b54a65848

SHA256
a8add58c9235509326aafa7c5d330e89324f638a6f2c7fb727a935acdbce41fe

SHA512
ea77786dd3aa3585a77b86f8ba43e50c0e3cbb098923c1204c1966bd9fcd219cf99cec7b724799b684a2cf9470d8b79cb36394440328afc8463f09e8c399b29d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\3AE8792A487F90E02C5F59DF2EC9D50F1CB76903

Filesize
41KB

MD5
4e3253d68c2fad55ead3e30781825fcb

SHA1
2cb8d5ab2fa6b664704db3d89f706490d3540eb3

SHA256
947e40eb006fb730361678c667180d1fed7acae58b718f862fa9ad00580f5e0a

SHA512
7917cbe5866bc1f0c86d29c8f75cf59344c28ee383058b8d1df71145cfee6ae0e8e5ca88e8b38d8768974963239b27952b52693a840e99df6866aec188d4808e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\610381FD3C71D594CFA6AFE8B8803962D0EF6779

Filesize
67KB

MD5
074c8d36a9906c062635e77342368735

SHA1
cbf27080f655e12bb0cceff4dc172c4b3311d6bd

SHA256
a8c09de28492f47f18fd7d585a56ce6918e6e2ea3e1fb61fce84703c01db4e04

SHA512
d1c833f919c591b20b56e6f8f9b79b3c76c69a11ed40e387ff36c1710d8ad48a97f436a64fe541c1aa44e93e4df7e604b48c786340a63f898e32b455c244f437

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

Filesize
40KB

MD5
3951d1615564f67183b1456b3b0e5f0c

SHA1
0350edf40849bbeb7cca87515ce342f0625b5bf5

SHA256
4ef8f7b2c0b63243ab0d5631fd939b53ec183cb5559395b471fa3f11e71af1f8

SHA512
7f246f2193b144628c5ba7ebb8e2c40f47ae87c9d057ecc9a17477e03cb45150166ab8199776c5a63332c8ac86d4aaaba5f98c4118c71c7ba3fca986135b3646

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\6FCB1FC70468E5C5DAA9C741710D63CBD0FE1A93

Filesize
33KB

MD5
8216b9a11ea2cf9669e33687fff33bdf

SHA1
70d5c4a58f4872711a9e8d1463cafaebad9fc426

SHA256
c650b065bcef95ceab9af732ef727f2ec18e218bb4940ee6289d0d9544045bed

SHA512
7db3e7b4c8152e1d0759ccaf664a588b8738b294b313ebf81226b751ff0837432624addf76682818190cfa0200b5f1fc2b6fd3dbe2e36074d0052822e31579ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\74CF8F8A528173430B333A294F41B0AB0333197D

Filesize
31KB

MD5
8a02ebedcd77d525a446e651259dd6d6

SHA1
a5e027177cf894cbedb250ff1f2e1b74ddf4d660

SHA256
8ec6f6bf58381396ec87e366eec072f43b2f40cfb4dc056cbcf308f0df231ec3

SHA512
407d229f975a9063b52acde2a8012b95f01f96050b76355f6397a865c330c4dadcc6663db00f389f0353fbaa7556abb86a1b76a5c56137a26eb0eb4d2257268a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\8CA2E0E7586DFA0673FF9374189BD72333EEC975

Filesize
35KB

MD5
b2be78de62d9145d1de3be309ec39bdc

SHA1
4d313c87a9a5e91914db6dca324a139fca9b34ec

SHA256
7592471fa594407498d4303194772f820a59c2f484d0be714756770260a9c2b4

SHA512
fdaa6e04358390bc2252f764d7a92d263d94190dfe18e42bf9b6876604237e9eeefa768e0e875976992a8d010667ba4234236b5937683b2d3f10e2cad3905e1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\8DA4846151E6B4C90531469D8F98CDC35A044D1D

Filesize
15KB

MD5
5a6a4992b7edeee03c5f5576f2e102e9

SHA1
b238eef42674079a2de46384c36d921eecbf7907

SHA256
5cec22b2e91959d087b0b4d7efefd4da3b8deef8b1593a2c59bb07f83040aabf

SHA512
64b9ee8829ab2122b27e1bd6e97faa68f48e188cbe0cc0f51e844375f7b7f5b68d2286344c4c384b7309610d411356a4712d633023c740f492eb90765dd05eff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

Filesize
128KB

MD5
934fe5dc07b7e8090b2442379a0cbef1

SHA1
ef2ef73e68c022a57d465ed0b405504da9571a96

SHA256
ec1bed61501bb9078ed5c65df79b56e863dda468903639d4761c99fe55bc6c43

SHA512
e9a4e446221378e9dcbd96d765dc19a07c59794ea232a18badc65d46548682ac6753d8d4646b6c52614de7336f0e2abb4c8229027468206e067ac8675a802ef3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\9D00C2F18FF2DF29C2CBFAD56AE88A9E2CE969A0

Filesize
60KB

MD5
1589fea5cfc03d6dc7b284df67f37132

SHA1
d92f9aa4b309a377c8148c8cb852706713c3bec1

SHA256
40f3a596bb9cd4c1c5cd6b720d70a56b379cfdc759540089d954993ea2d5696b

SHA512
6465f50ee841c2291b2462dfd3c12c4ec24d72e489f920f1e16a8e2d6f0b8f7f11f8ed9c4778d6e0b1d6f4753b4b278af58b5cebb7b107353d84cd932fe0603a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\9F596B445897A380F991801AA8C3DBBD30940ADF

Filesize
42KB

MD5
8ed33d5b8be04acaad142b44bc6dc0b0

SHA1
b78642523e2da8cf2ac3e2b0032a1dfaa11ccf2f

SHA256
8d4c8eb923965ed96e684fe63cf8b7a85d217045e5b443aa1d566394a9c17a5d

SHA512
612a96f3a6e44830bb23cfd460216958a8d85b15423f6bf0817396a536444cfbc9f1d57d11bf8c1ebb420a2d876e44c7c46580e2e5176f5b3e1685d820b19e30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\AE04E0BC8EEB702C7E22D403DE96ADF18FA97FB4

Filesize
45KB

MD5
a537fd9b15d3dd30ec15d7a1cc02f95b

SHA1
481cfdcd27c851c8ca603fba1d1f7a57a8ef14fc

SHA256
72c39dbefb8d87730c3ef5afb997e2ee90a5209e9176e92cce411f47e18d006f

SHA512
bd6694f971c8b05c096f026783fbd55fdfa6c75c04ad931cd115c6e6c8341b262e75738086c952b0f80e200911573441938c7576fbcea436ac4e9674f37f391d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\AE1BE5C60797ED13E5FD86423A082A53DD4BFD63

Filesize
51KB

MD5
4d98e4c3a66a466274ff4792450885a1

SHA1
132ad879eff0d79a11e48b286894acd90f19ee72

SHA256
60b7e1005e8cf87658b8b389ecec53541fb2c70f945dc5ef0860aa828c039061

SHA512
0ed9267965494b25c0063af4b98e3866e3fcf7645674069eb7efaff3291bfb4075cc79be12c0b69bc8add702de1c835d0ae54f41326585bc662ece947aeb9c4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\B514093AD97EB137639E70982E6CC2877881F842

Filesize
33KB

MD5
00618a60705abb610361c7b2b4a5e921

SHA1
dd17591b1aeebaf7fef2b602f31a999fcd0effb1

SHA256
62e869c26bc1e86e3f76d910c145db81700a74a3ff8747588990ab22ee085032

SHA512
4a3336bc4caf0dfc08a89b0b460651832a2af7596bc0a60db00069150f03339ae8caa719d2f3b0f03fe1e441b34b08abcd29f704629542d55e5761c83fa3fa47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\CAB92D6BFF12C33DC97C7A6782A7B9F26D7596BB

Filesize
35KB

MD5
e1430ba009cd632f5bc653635012ce70

SHA1
d8e3340907292b84faf0bd8887b912614f25528a

SHA256
c2772eb0373bd1a36cd1de76a3f83dddb121cd4c2c0e673d72d682b586c5d03f

SHA512
4fb5a16e59b212dc12ce49c1fb2a9dcbf157b26938e60154bb011bbc56c2eb1cc0d03d08fda4a8127258a6efd714741db40f5b342c581cab76ac5ef503f9d061

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\DC6CB4D23713E5F558FEB0D8FBE338CC7797A724

Filesize
35KB

MD5
15cc1b5f556ba56ba44b36ea2f0e3a95

SHA1
c05ec481f0c0d55e04a87e5c314169e5034c3e18

SHA256
df3e0ad583dd8f3967a29dd925ab7233085655a8fbfa90e501946c0d42f82e95

SHA512
d5e32f2bb0914cb683885ddfbcc8cc21737cb67efccf95f609224303f8684c44f05d627a248aec1eb5a1a89982c047e0fb14de9dc90a749eb16618fa54f251ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\E530552157B408FA1285AF8C6D7A3C803A79C692

Filesize
35KB

MD5
17c8c429c9b321ce6808da7f01a54e15

SHA1
ef17b77df804e20e9bf7be3dadc0a2a56cadc7d2

SHA256
4ebf81453e16d4108b82bcd4e96bb1a50dd18b76e77ff64908e4cecb269a6883

SHA512
1ea655f03910f5b6c53ab6ed2282cf1ae7c1100566aa6281a523c6314d260dbdc52eb25355f76017b691e218d96c332d365eb0b4b2eb5e88a9450ab681bd354e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\EE715477A6CC541A25A9EF2025F6E2391D8F1774

Filesize
16KB

MD5
e7890826d6d9281871060c2f35e23325

SHA1
a6cbb4c5a1210ee2ff34d630d019561f79d410fc

SHA256
660b76989842b2a276e16c6c0b62e766388703aa4c18a504216c3b818e2cc852

SHA512
231310d95a744cfc9cf43bee0f3bea2d4613d6ac0910aff17bf945e25674a0a3cbbb048c1be5b7e0fa3e80e6d77efc9b950b47f07bd469af53f7690c6df84ee3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\F1C49281349CA1EDCC1827D26710CF46014642CC

Filesize
45KB

MD5
905166e7b7abf79d4253027fda41ec1c

SHA1
3b57e80fb6d1e236264e47598e027f2ae1e7272e

SHA256
b3b74df42d81ae6c13ff9b2cbc0c842462ec2c8926af79735ce506a197e8b5b8

SHA512
83d5ed361df5859995f3190f4e35ebb1716390d9077bb012b59650a7ddca0b87f403c2eb5d5837f437e70c05821e26df26e866d1d769f1a4a8f0e3e54ab6c9ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\F8206F3DA430A4D1AB95F056F60E5B6831C3A2B7

Filesize
38KB

MD5
3013b946b0d37ac544f0b95cd668fa79

SHA1
333104deddefb13a7bd172b9ba936b259a2f192d

SHA256
93cacddb6de22295ca252466461339a8211e09ac9c9cf571de16af9be5b69388

SHA512
d576d2470d7c89cac3aaf72387bf0c20f95c8be07b2e42493698c2ae6f45355e95880ec5fe3bdb6fd3ab0cc33190b24e8b2f429c7083c9cad17a8dcb0d2178a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\jumpListCache\3iOf_BAiuxcBvDj8CI8fxA==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
bb5b7b35c23172360a198e007b0da9dc

SHA1
e0ddeeb8a822c68b3f1b75371e0ccb69321f30a9

SHA256
f95eb9e106e0dbe28ff8274ea978dec4e674024b76806f486c2abc37714d4188

SHA512
cd94350d34f7d2976c77ec534efa9bfc7b8322d72528d8b55e65854e2055db51a25e51e22d67a35f8b047707bb06163cf4f0fcf1e30cf94710588c6a05611d57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d8342560a5e337228646680c2f44cab2

SHA1
cdae72a61e825469316b749dc89db26dd28ee50b

SHA256
669ab7b0d7906af06f3d635c62574c82abfaa45b26dfd6180f490e8efba6c819

SHA512
8075afe93261e12f2197b6ad42b52bcd29d30566b093c712ee27600d4517ff0be0768beae5042ea31629ae744020a7274e34a70d8ca7494e5a21e504c871a393

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\645fcfe4-a1a3-4417-bd77-fd9cf977b9d8

Filesize
10KB

MD5
47eb49659caebe24205ac077d12e668c

SHA1
de044457938510412818b1108b714b1f059fb9b9

SHA256
3341b1885d7639293af951d0417b1bd9a26f2885a67392d9c59a2a9ccfceb7f2

SHA512
68df4c43a409227e4a227588553914ee9a9d7075dc54daa020414d88f1736ceb1fd0866b3be6da3a14ac8b1a14961549be96ffd16ecf29725904d04c2e6d6d75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\78d733cc-4ff9-45d4-9922-e9d47f6dfafd

Filesize
746B

MD5
113bca0bee10043b671c7a1f4401ff7c

SHA1
99b28bc2ffffec9904de85c09564495c22800c83

SHA256
f4355de442595f8e4096e18af03a9a34eced57c84d2d9b8b99e879292c955545

SHA512
ef3a6421b3a995094ff61b89ead2ea70c1631885c9d6de9f300cff8aa6ae10df60025324af121cf2b3c0937234dee400bd93c03b7cdaadca8d5986b6abba52fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
6KB

MD5
d63d389dc2c6154f516610554e0a9743

SHA1
d3a99e884aee3d260cccc94c92e94d561d5c5e23

SHA256
f41485f368e15d6bf384d34a546f338059990c7b19fdc55e740e2176daf315a5

SHA512
04bf3036f8af661f0b1707c1838699e900eb767750ec16169e1aa4d4bffa35b6e0fd16c1ae27aca0904b8b8787e8b959fab501805eb77bef424b54b3a162060d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
7KB

MD5
0188a9aae1f545ed96c7d0633f42dda2

SHA1
794eef34cc112ed5d636a1656d25fbe15f40ea9b

SHA256
de562fc04aaf2626b6fabc9d166213f78aa3b13e70374daf645cab4ce2fb5e8b

SHA512
b54f1ab2bad59637483de87e73cf625c5497a3fca9790469ff899dc2b0a49cee990cfea9cfbd5956503a00fde121869f18108254565d39210334c993e41a2b3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
6KB

MD5
5cb6def4f3f6de2cd42affdf1d4cb817

SHA1
9263fcdc77511a838e0d1a2a5ca82eb4b781dac4

SHA256
85f1e0f76eafe4761099857cf4c57185726a2751d9c61c079a78807ab547d7f0

SHA512
0d6051f92be971ce27b44126165a427588e429f3a5b85f2a21a0f33586c9d899cff897fc75dafeb672fb3ed04e9bdb7e02743d93eb17ba0e2b4ff9a6ec5c18e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
6KB

MD5
5b6ac55e44688bf426879df68bf520d6

SHA1
ca1a7646dbced920364d073f10b4ef5b1e829664

SHA256
20acb386e598b135229688b2dccab237e925bd706db360e0b64a4a19a56d7548

SHA512
b498301e327ee254bed90f20b14ed708c70ec243219339ef466cde42ac5ae1e2822af3c30ec17a599acc2268cb8eec694e994a40f5a52ef75bd5b81b60f74c2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
6KB

MD5
96188de6809beddc430f5d88391c7165

SHA1
1c1cf4eeba4e58fcf6e9b17e990925afa3d5f3b6

SHA256
51ac3a916328ea95611a6087cac70f6962806e8a91b705d0ea8494aa9299079b

SHA512
9c3a76c7491277a5a68217544df930ab9a68b27c34c8fb6c48c4175b7a543ea87d4373d38bd0609fc1094578e3c35174bfeea8ee16e935c0f1e08d75882cce8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
6KB

MD5
4e6891a09bbe3f686a6f8430ad37f142

SHA1
ddfe3c3f77f2f864d18619035ca3f8fdd3c8e306

SHA256
1cb85e41232eb87667d414fe0baeeb72b2d22f45d3cf29a89b90f9ca9955e136

SHA512
4d2ade984a3cd769333ad4ad5cffb53fdcba373bffe855d30e7e5acb0c9a9cf281ed187da52ee92bc5b7b9df097d7c273adbd60111effb782b366816d01b722a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
88bc5e8b39006ab77747b45f33b0b21a

SHA1
0db4f260f559b341493c5c9318f885572e730e44

SHA256
7ac89b9d0758423d66d1b38523acdf41b0b4ad9e27a363ddd99d6b17301fb8a4

SHA512
ebe51ca9c12bf43f12d8447dc3109aaef5b22bdbc9a5dd61a8ff74140a82f8ed17944a00e6a14e16af4ba13d3c4b56f73bd59bc2cae0b8168e429cca7c9e5f36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
698c1f83ec42283d3a622e2daf59a681

SHA1
b660d7a3fd146d1a88edeaf49bb78ca2dcf74a84

SHA256
03df207347abc80440f6c179715cdbc6cdac1c0d5f0d1a015dadd0b0eca9ec0c

SHA512
7ad493e9fc59ab56faf25db0f646a47a6caae917c3e3936d119e75c4f66cceac40cb7da8478c4a382930a426d959aedb2dc92aa0b4884d533568402fa6d67f1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b0b9f3674726f496b10087dd9e44f5bb

SHA1
e0c07201406b4604c691e2ec379a435d0263bc7a

SHA256
d16cc2aaaf2a1f544f293da48b7671c72f5890fe20b8998993130f216b21f8fa

SHA512
8359edf8d9edf03785240b0ed5c0e4927ec4bf3b7822cefb12c1f85b29697fa60217e05b09e76d9a6b91e3e7694dc6a0a9ee25f090966305d4cca9435af589ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
163ba70b32d6d1e635e62c51c00ff850

SHA1
35d8195a7b95ad9b382219adbec32d3967b4a6f1

SHA256
1710bdb24eae4b9a2e3e32419075fef1bd5f70e8e85eef8a80c1ac28cc33ad2c

SHA512
18398acf7d25e227aa75e661291090a4f4cd4e8323896ccd1fccf4d04077f2f3f635f296337472d2add81c6e3489db0fc17a40e504deb1c26c05d90212d43f83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
f6f32e71e94415c6ca66359dfcee56a3

SHA1
54cdfb422adca3eef57a63f0002a57f3ec9fb508

SHA256
3e3369516da9fb18ae1b737b0fc2a16196723a5c504fe88078959c4d894ef3d6

SHA512
95667ebdb422c11495224a7c7e14e63f08baaa239cf1b3644372514a92ce9c0abf389e2477ea58b14a446a3b4f4666bd2f3a1ad934f55e7616e1d6873840c82c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
e4ab525b71679701b413aa7c23a6a642

SHA1
f802045feb70050a8822f92d2e4f425de0901421

SHA256
c5415b9bba28ea670bae47cc56c317d7dbeb328afde8e34e96b929602493d5f3

SHA512
1f87a871022b7b30249072579b1891dc4420dc9e5bbcf8307a95f208915da2f4a31b41451469aef3382637996266a959b9d5f31ca566a8b795c85de77a052b07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
26436d337f666c121d341b112ee9050b

SHA1
dc02b29e498e518588b7fca0f43a8a1fcdc8aa38

SHA256
eb8da5a1d71d51606f6ed2321f38a194a5bb8dcf8bf2d813f9d6bcdf3bb923d0

SHA512
7d70707cadb9f4dcf1ad67ee99f80d11293d98f81f3d40a901a460bc6a772d807051e4dcaa11a0e194bcbeefe998d124684155018972ea4c86ebec6ba74e400c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
d4238eb1e7206f14ec0c22d512dfe49c

SHA1
1d79913e4298ea4ef383196cdc62e2ab4fb6b4ed

SHA256
34b8c0abfd96954dda423d8ea7cfff67b0b9c30d8b6c62d6ad0cbb4065295aa8

SHA512
04e97b85a49bc83c401897a6585e3d11c68bb0cb33df995768cdf6a6dd1f3e9c99a97d232b7f75821b7df30a4ee01e449744c316bb493a8159994183cfbafe70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
fd3c88cc7723cd01b82ae89dc65e67d1

SHA1
697df76e081491d11c40a1bcd863292937876e26

SHA256
c4e73a025651725f47a5640a2d2a3a9170ff21653756475a5595c996b221ec42

SHA512
14f02f58fa972e3722e91a5fb619757080838926bb99c20bcd6c20e063b349b49f82cbd0870a7b24a60c538cff780262751f9bf81e3911066d31b6d62277697c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
5618a70e4924dc5261ddcd4abb7f3d05

SHA1
ccf2e4241c621cdfc265bcc8db3b8be83e530304

SHA256
dcb4108d58022dff555905783ad32bd507082bd57bc08a54a0a810bbf25e4199

SHA512
c86e60073630fee73c61c1aea1cb73cc9f69b48077eb0f8f76ab29d7207084200696c2c6b8da657096df97d272a0cd2b2a04fed47a4ba57b4add58223998b115

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
120912fb71a083202ea9979a0c0758db

SHA1
2df6c8cb985725a7501135dc62a3291987ab63df

SHA256
b90e3e9b8ceae1db37d66550ca1d2a8a61552b2112ab384aba289eefc801f6c2

SHA512
8cd3de11c8e1408211669159107a57b5e3e35b2bda90fd4271c0ad1f92137507dbba767259ce57668ac8951b7a8aa495a719eccd8c4c6042b6f169d5495d995d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
334453621506ddebb8566bb8dbe16daa

SHA1
7da2cfc0abd0f86b153c032aa215dff9ed441e78

SHA256
ff0a113aa2a31626c305e8bc31c4afddf4efe151c82381f7bba9a67c9181738a

SHA512
62b06e5d596943f62e3c5f26f925d837880ed691f4bcdea9c3811e90c410c24465acd541a63c96556469a407090ef50780d0da90cc87de39649c466ceabd4e24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
c007e0039224a36da865568070d1736f

SHA1
74aa8e6b857b3206c14e45981ab1cc7c19d90291

SHA256
ba7c694556fa83c7f5fd338efbd4559d4d5f09a6e6ba994431cc656216a941fa

SHA512
262d230c9b4d6c34503152fbd48ad302716087aa3e53836cbfa673c647ed4749fcf8dded48758b3d8cb15545a5486c1c9cf86c071ba24f8a58fa4b246786b7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
45528d5179525ba74f148d6b1e48152c

SHA1
016009bdac91ae285f7a7da6412d6d48190ad999

SHA256
0a9342f4d6757a0b8beee6a7e460789c8a5ffe4f2f125307a61e96a1894c90fa

SHA512
89b676a615a6e85459d8a675ce47e8ae26ca500cff24214b8308ba128b737f43c830c55275bdf6198edcb775f0e8d6652d981dd4903d07e7b6f5a625e1b0a6c4

Download Submit
C:\Users\Admin\Downloads\Bonzi-Buddy-Website-main.eNNv5-HT.zip.part

Filesize
2.4MB

MD5
65b15f1c42ff54cd139c4d3d828add2a

SHA1
fbbe8ce244c1cb94cfa36ae39646cc3dd5e830fd

SHA256
a1f11fe9aac58efe89b4cf84eaa0ab26ecc6929ebaa2451eda2504c1966669e2

SHA512
15b25921d3569ad7a5ed99e8ef5aed964af3a84ba8b7b3140e8e53a20348b97347df7cc799dd9dc5076afc1942ad641bc584760fb163173a45ccc8168b1a7bd3

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot-master.dRFwnF9K.zip.part

Filesize
27KB

MD5
51417be75595b9bf7d80092b7f8f6368

SHA1
5b89ea8d0779148bf7f488fa9af65f2fea34043f

SHA256
fa5582e0026ab607fa53ffda5da26e5f09dd2fe273b125bd960f962f5a7b441c

SHA512
07edbfb0ed6ad04f5621759eda80002fdede170191a2550c6b9154ac9750cd6b54058218884ecde2b821130e04a827d8ef08a5403be862d6bbb279d497f9004f

Download Submit
C:\Users\Admin\Downloads\you-are-an-idiot-main.AlsgNSg8.zip.part

Filesize
418KB

MD5
e04156e46d20b40ffd4aefa0ba611bf6

SHA1
5327d0ad1e4b2ef634d9b95a51f61a0aa32673f1

SHA256
889fc4bd6710a547b9d9942ff705a2136d88412d6cb96912fc5e37f467420338

SHA512
29b4916c7f0af3a228d671893a1ca3707e217361919f57761f4e6d707b2dd01cb1ec74ba9425fba24b809471706181be85dbe5301fc4c1afbf1ba9e101797510

Download Submit