Analysis Overview
Threat Level: Known bad
The file https://github.com/Dfmaaa/MEMZ-virus was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Loads dropped DLL
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Enumerates system info in registry
NTFS ADS
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-29 13:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-29 13:30
Reported
2024-08-29 13:43
Platform
win11-20240802-en
Max time kernel
753s
Max time network
756s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FE23.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TranslucentTB Installer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SET94B6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SET94B6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t2.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\BonziBuddy432\Uninstall.ini | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Reg.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\speedup.ico | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\fix.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Intro2.wav | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb003.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BBReader.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j001.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\p001.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page13.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\favicon.ico | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualShortcutsMaker.vbs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\sites.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\menu.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t001.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\msagent\SET9A75.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET9A76.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET9492.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET9A5E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET9A73.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SET9A88.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET9A61.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET9A72.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET9A72.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SET9A87.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File created | C:\Windows\lhsp\help\SET94A3.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET9A5E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET9A73.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET9A86.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\SET94A4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET9A60.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\SET9A87.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET94A5.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SET9A76.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET9A99.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET94A2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\fonts\SET94A4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET9492.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET9A60.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET9A99.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET9A5F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET9A86.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET9A61.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET9A74.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET9A75.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET94A5.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET9A5F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET94A2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET94A3.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET9A74.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET9A88.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\BonziBuddy432(2).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BonziBuddy432(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\TranslucentTB Installer.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BonziBuddy432.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322982E1-0855-11D3-9DCF-DDFB3AB09E18}\ = "ComMorph Class" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Version\ = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDateComboCtrl.1\ = "SSDateCombo Control" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D44-2CDD-11D3-9DD0-D3CD4078982A}\ProgID\ = "ActiveSkin.SkinSource.1" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSWINSCK.OCX" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE7-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus\1\ = "148628" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\Insertable | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame.3\ = "SSFrame Control 3.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}\VersionIndependentProgID | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\Printable | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F8C-055F-11D4-8F9B-00104BA312D6} | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSCheck.3" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}\3.0\ = "Sheridan ActiveThreed Plus Controls" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\TreatAs\ = "{D45FD31C-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6}\TypeLib\Version = "1.4" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F5A7562-BDC3-41F8-8122-4A54D2C3C50C}\ = "BonziCHECKERSControl" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control, version 6.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07D0E280-EF44-11CD-836C-0000C0C14E92}\TypeLib\Version = "1.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\MiscStatus\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\Implemented Categories | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\TypeLib | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA478DA1-3920-11D3-9DD0-8067E4A06603}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\VersionIndependentProgID | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCommand\ = "SSCommand Control 3.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinItem.1 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CPeriod\Clsid\ = "{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\ = "{D6589123-FC70-11D0-AC94-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F66-055F-11D4-8F9B-00104BA312D6}\Forward\ = "{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComMoveSize | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\InprocServer32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F68-055F-11D4-8F9B-00104BA312D6}\ = "clsBBPlayer" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\TypeLib\ = "{8F58C996-9C30-11D3-8F99-00104BA312D6}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\TranslucentTB Installer.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\TranslucentTB_V2024.1.0.nupkg:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\geometry dash auto speedhack.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BonziBuddy432.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BonziBuddy432(2).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BonziBuddy432(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Dfmaaa/MEMZ-virus"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Dfmaaa/MEMZ-virus
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1916 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02eb66cc-d564-4353-ae77-d094e7fc974b} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2336 -parentBuildID 20240401114208 -prefsHandle 2312 -prefMapHandle 2300 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {007ea21d-ae33-4992-b48e-d3551c67dcea} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1480 -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 3264 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc256a30-e436-475f-b552-99949fab0e32} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2712 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f3294d8-f692-476e-a9ef-54bd26332224} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4740 -prefMapHandle 4736 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d25b58-b1f0-4b65-a837-259ae5f8ff4a} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5596 -prefMapHandle 5592 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36183fd5-b8e0-4750-a270-95395e260842} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 4 -isForBrowser -prefsHandle 5720 -prefMapHandle 5724 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d928513b-de2a-4622-93ff-f1994cf96496} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4640e151-20e6-4efc-a609-d65a218f7dbf} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 6 -isForBrowser -prefsHandle 4608 -prefMapHandle 4024 -prefsLen 30451 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc44be77-4221-4034-8b42-0325e8c85182} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6568 -childID 7 -isForBrowser -prefsHandle 6540 -prefMapHandle 6544 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b433c5b-ec18-4839-8f13-745c74f568aa} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 8 -isForBrowser -prefsHandle 5840 -prefMapHandle 5852 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8e448f8-98f2-4607-96e2-55aa869e7422} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7008 -childID 9 -isForBrowser -prefsHandle 7016 -prefMapHandle 7000 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5221b4b8-0135-497e-aa9b-ec87a67d3162} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\MrsMajor3.0.exe
"C:\Users\Admin\Desktop\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\FE23.tmp\FE24.tmp\FE25.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\FE23.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\FE23.tmp\eulascr.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
C:\Users\Admin\Downloads\BonziBuddy432.exe
"C:\Users\Admin\Downloads\BonziBuddy432.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff48ee3cb8,0x7fff48ee3cc8,0x7fff48ee3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14680503715624647068,5434963962148809860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1784 -parentBuildID 20240401114208 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 24528 -prefMapSize 245025 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74981bf9-a622-43b6-9635-881dfe76b259} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20240401114208 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 24528 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4862e8bb-0bb4-4b45-a2ff-11cf27b9061a} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -childID 1 -isForBrowser -prefsHandle 2456 -prefMapHandle 3008 -prefsLen 25027 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {881af488-96bd-4823-8322-55dedaee6285} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 30260 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee78baa-84d4-4f1a-b241-89d6e875d28b} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4616 -prefMapHandle 4608 -prefsLen 30314 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd6dd34c-6ceb-4240-b4f9-13baa2db3438} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5176 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c46866d1-f8ff-4886-bc5e-8f247381a047} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5140 -prefMapHandle 5160 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77720c7b-edf5-4402-a8b0-0320b8022467} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9d8ec12-17a8-457d-ac36-46e77feeea1c} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6020 -childID 6 -isForBrowser -prefsHandle 6012 -prefMapHandle 6008 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9112410d-fff5-46f4-a8ff-d640a218f39e} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 7 -isForBrowser -prefsHandle 3428 -prefMapHandle 5332 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4c35085-7e96-4d91-8951-8df33349829b} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 8 -isForBrowser -prefsHandle 6552 -prefMapHandle 6548 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f772add4-54df-49fd-88b5-25ab64d62924} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7204 -childID 9 -isForBrowser -prefsHandle 3604 -prefMapHandle 6080 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e65ad5f4-da24-4fdc-b692-12d0945e60b0} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7332 -childID 10 -isForBrowser -prefsHandle 7304 -prefMapHandle 7300 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15e9cabc-7531-41ed-9596-e8682d4cb6dc} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7620 -childID 11 -isForBrowser -prefsHandle 7628 -prefMapHandle 7564 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10eba02b-e371-4c6b-a566-9a7ecbd9a82f} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7664 -childID 12 -isForBrowser -prefsHandle 7672 -prefMapHandle 7676 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aadcd714-6f91-4f7e-820c-d4397695d8e6} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7872 -childID 13 -isForBrowser -prefsHandle 7880 -prefMapHandle 7884 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc96ea27-4189-4390-baad-e5ba7046cc95} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7892 -childID 14 -isForBrowser -prefsHandle 7908 -prefMapHandle 7912 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91dda7a6-186d-4c58-8769-faaaad16a85e} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8264 -childID 15 -isForBrowser -prefsHandle 8252 -prefMapHandle 8256 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eadc11a0-0ef0-4130-b065-822ca4401448} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8396 -childID 16 -isForBrowser -prefsHandle 8404 -prefMapHandle 8408 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f7e841-7f9b-42a0-8f0a-9e8230c96a17} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8612 -childID 17 -isForBrowser -prefsHandle 8692 -prefMapHandle 8688 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {582cb9f4-c9d5-4598-a907-71d63d4e567b} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8824 -childID 18 -isForBrowser -prefsHandle 8832 -prefMapHandle 8836 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c83f189c-88b7-4e50-9ce8-bf72d1477d68} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9040 -childID 19 -isForBrowser -prefsHandle 9048 -prefMapHandle 9052 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4c9cd51-3dc2-44bc-9959-13005fea3210} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8680 -childID 20 -isForBrowser -prefsHandle 8664 -prefMapHandle 8668 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad754bb8-397c-4b80-a348-62630027a5a3} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9420 -childID 21 -isForBrowser -prefsHandle 8664 -prefMapHandle 8668 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29e10a68-7a63-4042-92d9-a46b8a6ff9d8} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9240 -childID 22 -isForBrowser -prefsHandle 9560 -prefMapHandle 9564 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ea12c49-71fd-4156-bfc2-e8bf9af38265} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9636 -childID 23 -isForBrowser -prefsHandle 9548 -prefMapHandle 9552 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c4e0994-4f1b-43e4-aa20-964f3907e94b} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9660 -childID 24 -isForBrowser -prefsHandle 9536 -prefMapHandle 9540 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d34908d-3299-463d-a451-51f6b0e69a12} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10132 -childID 25 -isForBrowser -prefsHandle 10120 -prefMapHandle 10124 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {055f34ac-b369-4634-856e-c1800eca2eb5} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9492 -childID 26 -isForBrowser -prefsHandle 9748 -prefMapHandle 9744 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e1aac09-c120-4666-b5b0-46e43b1c36f7} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9052 -childID 27 -isForBrowser -prefsHandle 8088 -prefMapHandle 8084 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6efdde3-334d-40ca-b81c-393443a6674d} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7864 -childID 28 -isForBrowser -prefsHandle 4408 -prefMapHandle 9108 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e328521-a5a1-4b54-8477-e00e0bc3b902} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8224 -childID 29 -isForBrowser -prefsHandle 8320 -prefMapHandle 8336 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {044e6c3a-9773-4923-9eb0-9beb67bdfb85} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9032 -childID 30 -isForBrowser -prefsHandle 8324 -prefMapHandle 9024 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e319cd4-b1b0-43e4-97a7-4d7e4fbd08e3} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6460 -childID 31 -isForBrowser -prefsHandle 8660 -prefMapHandle 4152 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccda44ba-971a-407a-872d-b7b9241b28a1} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7724 -childID 32 -isForBrowser -prefsHandle 5272 -prefMapHandle 9032 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fe81e8f-010b-4bfd-b42e-7d40ca36c9bf} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7696 -childID 33 -isForBrowser -prefsHandle 7736 -prefMapHandle 6460 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec59d59b-7525-4e5d-9e91-95a812cb5123} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7952 -childID 34 -isForBrowser -prefsHandle 8548 -prefMapHandle 8536 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec8c85ac-70ff-4c68-b2e8-6ff9b62fc305} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8080 -childID 35 -isForBrowser -prefsHandle 9432 -prefMapHandle 9252 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95300925-3713-4c72-b55c-494c9f67a429} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10348 -childID 36 -isForBrowser -prefsHandle 10500 -prefMapHandle 10496 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7762af16-5635-434c-883b-edb067f1a08e} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10808 -childID 37 -isForBrowser -prefsHandle 6528 -prefMapHandle 6736 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d85418d-7777-4adf-ab3c-5c35bbb5fa93} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6412 -childID 38 -isForBrowser -prefsHandle 9664 -prefMapHandle 8664 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbb93f84-d3cc-4ab1-b539-b478309d87a0} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10168 -childID 39 -isForBrowser -prefsHandle 8892 -prefMapHandle 8496 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a48c9c8-1ea8-47d6-8416-b3a810c37a24} 5368 "\\.\pipe\gecko-crash-server-pipe.5368" tab
C:\Users\Admin\Downloads\TranslucentTB Installer.exe
"C:\Users\Admin\Downloads\TranslucentTB Installer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9PF4KZ2VN4W9?ocid=&referrer=psi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff48ee3cb8,0x7fff48ee3cc8,0x7fff48ee3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7233764106263642362,3058741330390521396,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,7233764106263642362,3058741330390521396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,7233764106263642362,3058741330390521396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7233764106263642362,3058741330390521396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7233764106263642362,3058741330390521396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7233764106263642362,3058741330390521396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,7233764106263642362,3058741330390521396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49753 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:49760 | tcp | |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 92.122.92.66:443 | www.bing.com | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | tcp |
| NL | 2.18.121.79:80 | a19.dscg10.akamai.net | tcp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | tcp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 92.122.92.88:443 | www.bing.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 92.122.92.89:443 | www.bing.com | tcp |
| GB | 92.122.92.89:443 | www.bing.com | udp |
| GB | 92.122.92.89:443 | www.bing.com | tcp |
| GB | 92.122.92.89:443 | www.bing.com | udp |
| GB | 92.122.92.49:443 | r.bing.com | tcp |
| GB | 92.122.92.49:443 | r.bing.com | tcp |
| GB | 92.122.92.48:443 | r.bing.com | tcp |
| GB | 92.122.92.48:443 | r.bing.com | tcp |
| GB | 92.122.92.48:443 | r.bing.com | udp |
| GB | 92.122.92.48:443 | r.bing.com | udp |
| GB | 92.122.92.49:443 | r.bing.com | udp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | e-0001.e-msedge.net | tcp |
| US | 13.107.5.80:443 | e-0001.e-msedge.net | tcp |
| US | 172.64.154.167:443 | www.bing.com.cdn.cloudflare.net | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 92.122.92.10:443 | www.bing.com | udp |
| GB | 92.122.92.10:443 | www.bing.com | tcp |
| GB | 92.122.92.10:443 | www.bing.com | tcp |
| GB | 142.250.200.14:443 | drive.google.com | tcp |
| GB | 142.250.178.1:443 | drive.usercontent.google.com | tcp |
| GB | 2.18.66.57:443 | tcp | |
| GB | 2.18.66.57:443 | tcp | |
| GB | 2.18.66.57:443 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.122.92.90:443 | r.bing.com | tcp |
| GB | 92.122.92.90:443 | r.bing.com | tcp |
| GB | 92.122.92.90:443 | r.bing.com | tcp |
| GB | 92.122.92.90:443 | r.bing.com | tcp |
| GB | 92.122.92.90:443 | r.bing.com | tcp |
| GB | 92.122.92.90:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 90.92.122.92.in-addr.arpa | udp |
| US | 20.189.173.1:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:443 | bonzibuddy.tk | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.122.92.72:443 | www.bing.com | udp |
| GB | 92.122.92.72:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 2.18.66.57:443 | tcp | |
| GB | 2.18.66.57:443 | tcp | |
| GB | 2.18.66.57:443 | tcp | |
| GB | 2.18.66.57:443 | tcp | |
| N/A | 127.0.0.1:52834 | tcp | |
| N/A | 127.0.0.1:52842 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.122.92.89:443 | r.bing.com | tcp |
| GB | 92.122.92.89:443 | r.bing.com | tcp |
| GB | 92.122.92.43:443 | th.bing.com | tcp |
| GB | 92.122.92.43:443 | th.bing.com | tcp |
| GB | 92.122.92.89:443 | r.bing.com | udp |
| GB | 92.122.92.43:443 | th.bing.com | udp |
| GB | 92.122.92.89:443 | r.bing.com | udp |
| US | 172.64.154.167:443 | www.bing.com.cdn.cloudflare.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| GB | 13.224.222.87:443 | sdk.privacy-center.org | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | udp |
| US | 199.232.209.91:443 | softonic.com | udp |
| GB | 13.224.222.87:443 | sdk.privacy-center.org | udp |
| US | 199.232.209.91:443 | softonic.com | udp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 13.107.253.67:443 | www.clarity.ms | tcp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | udp |
| US | 13.107.253.67:443 | www.clarity.ms | tcp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| GB | 108.156.39.61:443 | config.aps.amazon-adsystem.com | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | tcp |
| GB | 142.250.200.59:443 | storage.googleapis.com | tcp |
| US | 151.101.1.91:443 | di-images.sftcdn.net | udp |
| GB | 142.250.200.59:443 | storage.googleapis.com | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 172.67.74.232:443 | cdn.btmessage.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 232.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| IE | 13.74.129.1:443 | c-msn-com-nsatc.trafficmanager.net | tcp |
| US | 104.26.7.141:443 | cdn.btmessage.com | tcp |
| US | 204.79.197.237:443 | dual-a-0034.a-msedge.net | tcp |
| GB | 108.138.233.47:443 | api.privacy-center.org | tcp |
| GB | 108.138.233.47:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 18.239.68.199:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| NL | 188.166.203.175:443 | amsrt.marphezis.com | tcp |
| US | 8.8.8.8:53 | 6ce423f2e917f56864fd80f3795e50eb.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 142.250.179.225:443 | 6ce423f2e917f56864fd80f3795e50eb.safeframe.googlesyndication.com | tcp |
| GB | 108.138.233.47:443 | api.privacy-center.org | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | 6ce423f2e917f56864fd80f3795e50eb.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 52.51.104.112:443 | id.crwdcntrl.net | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 52.17.251.242:443 | ad.360yield.com | tcp |
| FR | 185.255.84.150:443 | hb-api-fra02.omnitagjs.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| IE | 34.249.233.34:443 | ap.lijit.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 173.194.76.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 112.104.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.251.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.241.63.178.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | 34.233.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| GB | 173.194.76.157:443 | stats.g.doubleclick.net | udp |
| GB | 2.19.252.154:443 | a267.g.akamai.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 172.217.169.46:443 | ampcid.google.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| GB | 172.217.169.46:443 | ampcid.google.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| DE | 178.63.241.79:443 | s.richaudience.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | udp |
| US | 151.101.193.91:443 | en.softonic.com | tcp |
| US | 151.101.193.91:443 | en.softonic.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 185.235.87.191:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.176:443 | gem.gbc.criteo.com | tcp |
| IE | 52.95.118.179:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| GB | 184.26.56.245:443 | e6603.g.akamaiedge.net | tcp |
| US | 151.101.129.108:443 | prod.appnexus.map.fastly.net | tcp |
| FR | 185.255.84.153:443 | visitor-fra02.omnitagjs.com | tcp |
| US | 172.64.149.180:443 | cdn.indexww.com | tcp |
| GB | 23.46.72.29:443 | contextual.media.net | tcp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| NL | 89.149.192.196:443 | ssbsync-euw1.smartadserver.com | tcp |
| GB | 23.73.139.56:443 | a1970.dscd.akamai.net | tcp |
| US | 67.202.105.24:443 | pixel.33across.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 3.212.19.99:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 172.111.38.111:443 | tracker-use.ortb.net | tcp |
| US | 34.237.74.196:443 | k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| NL | 35.214.136.108:443 | user-data-eu.bidswitch.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 34.248.137.99:443 | match.prod.bidr.io | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 198.47.127.18:443 | imgsync-amsfpairbc.pubmnet.com | tcp |
| US | 54.204.123.228:443 | sync.srv.stackadapt.com | tcp |
| IE | 63.35.37.71:443 | jadserve.postrelease.com.akadns.net | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| GB | 23.73.139.56:443 | a1970.dscd.akamai.net | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| GB | 23.46.72.29:443 | contextual.media.net | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| NL | 35.214.136.108:443 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | 196.74.237.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 3.213.204.141:443 | qvdt3feo.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 172.240.45.78:443 | sync-sc-main-was.aniview.com | tcp |
| NL | 154.57.158.115:443 | eu-west-dual.ads.stickyadstv.com.akadns.net | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.net.akadns.net | tcp |
| US | 74.121.140.211:443 | pixel-origin.mathtag.com | tcp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.net.akadns.net | tcp |
| FR | 178.32.197.53:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.199.88:443 | dorpat.geo.iponweb.net | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| US | 34.1.245.24:443 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.111.196.5.in-addr.arpa | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| US | 172.240.45.78:443 | sync-sc-main-was.aniview.com | udp |
| NL | 35.214.199.88:443 | dorpat.geo.iponweb.net | udp |
| GB | 2.22.101.110:443 | e8960.e2.akamaiedge.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| IE | 54.171.51.194:443 | cs.yellowblue.io | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| US | 104.18.38.76:443 | cdn.indexww.com | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| GB | 23.46.73.76:443 | e8960.b.akamaiedge.net | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 151.101.193.91:443 | en.softonic.com | udp |
| US | 151.101.1.91:443 | en.softonic.com | udp |
| US | 151.101.1.91:443 | en.softonic.com | udp |
| DE | 157.240.210.14:443 | connect.facebook.net | tcp |
| DE | 157.240.210.14:443 | connect.facebook.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 18.245.143.68:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | d2w45tum40fmzp.cloudfront.net | udp |
| US | 8.8.8.8:53 | 68.143.245.18.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | partner.googleadservices.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.200.2:443 | partner.googleadservices.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 185.235.87.191:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.176:443 | gem.gbc.criteo.com | tcp |
| DE | 52.57.14.84:443 | ih.adscale.de | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| GB | 157.240.221.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 157.240.221.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 157.240.221.35:443 | star-mini.c10r.facebook.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 157.240.221.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 157.240.221.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 157.240.221.35:443 | star-mini.c10r.facebook.com | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 157.240.221.35:443 | star-mini.c10r.facebook.com | udp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| GB | 142.250.200.2:443 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | c13042a185d3327cf5edbd8bd33cb2d4.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.syndicatedsearch.goog | udp |
| GB | 142.250.179.225:443 | c13042a185d3327cf5edbd8bd33cb2d4.safeframe.googlesyndication.com | tcp |
| GB | 142.250.179.225:443 | c13042a185d3327cf5edbd8bd33cb2d4.safeframe.googlesyndication.com | tcp |
| GB | 142.250.179.225:443 | c13042a185d3327cf5edbd8bd33cb2d4.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 23.88.8.123:443 | uidsync.net | tcp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| FR | 5.135.209.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 125.8.88.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.135.5.in-addr.arpa | udp |
| GB | 13.224.222.87:443 | sdk.privacy-center.org | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.65.91:443 | n.sni.global.fastly.net | tcp |
| US | 151.101.193.91:443 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | gsf-fl.softonic.com | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 199.232.194.133:443 | us-eu.softonic.map.fastly.net | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.122.92.34:443 | e86303.dscx.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | images-eds-ssl.xboxlive.com | udp |
| US | 8.8.8.8:53 | sparkcdneus2.azureedge.net | udp |
| US | 8.8.8.8:53 | store-images.microsoft.com | udp |
| US | 8.8.8.8:53 | musicart.xboxlive.com | udp |
| GB | 184.26.57.200:443 | store-images.microsoft.com | tcp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| US | 152.199.19.161:443 | sparkcdneus2.azureedge.net | tcp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| US | 13.107.253.64:443 | s-part-0036.t-0009.fb-t-msedge.net | tcp |
| US | 8.8.8.8:53 | 8.56.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 52.240.245.68:443 | northcentralus-0.in.applicationinsights.azure.com | tcp |
| US | 52.240.245.68:443 | northcentralus-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | get.microsoft.com | udp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| GB | 184.26.56.8:443 | musicart.xboxlive.com | tcp |
| US | 13.107.253.64:443 | get.microsoft.com | tcp |
| US | 13.107.253.64:443 | get.microsoft.com | tcp |
| US | 13.107.246.64:443 | get.microsoft.com | tcp |
| US | 20.44.10.122:443 | onedscolprdcus02.centralus.cloudapp.azure.com | tcp |
| US | 20.44.10.122:443 | onedscolprdcus02.centralus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| GB | 184.26.57.200:443 | store-images.microsoft.com | tcp |
| GB | 92.122.92.72:443 | purchase.mp.microsoft.com | tcp |
| GB | 92.122.92.72:443 | purchase.mp.microsoft.com | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | apps.microsoft.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | images-eds-ssl.xboxlive.com | udp |
| US | 152.199.19.161:443 | sparkcdneus2.azureedge.net | tcp |
| GB | 184.26.56.8:443 | images-eds-ssl.xboxlive.com | tcp |
| GB | 184.26.56.8:443 | images-eds-ssl.xboxlive.com | tcp |
| GB | 184.26.57.200:443 | store-images.microsoft.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 52.240.245.68:443 | northcentralus-0.in.applicationinsights.azure.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 52.240.245.68:443 | northcentralus-0.in.applicationinsights.azure.com | tcp |
| US | 20.189.173.12:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.12:443 | browser.events.data.microsoft.com | tcp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.183.28.2:80 | www.bonzi.com | tcp |
| US | 54.183.28.2:80 | www.bonzi.com | tcp |
| US | 54.183.28.2:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | secure.bonzi.com | udp |
| US | 54.183.28.2:80 | www.bonzi.com | tcp |
| US | 54.183.28.2:80 | www.bonzi.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\330e5b2f-9fad-48e1-898c-108000fceb8e
| MD5 | fa5afbbd11045451d88896204cedf4d0 |
| SHA1 | 528463219d6906b885ced1f10e1a143622fb5854 |
| SHA256 | 8d756bb693c29e5348681b749b3361aedacd05f4ecccb4e379d47145cc85c811 |
| SHA512 | f4d82ce43b53e19897e1874d19681a3b4a5dacf50c3c597c7bdaef08a0b847cc38720bcaf54db1079150a37e58c0e650354c7be080677ae768aff1ba052bce9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\c1f1166a-f62c-4a23-a167-6c470ee041cc
| MD5 | 85bda5771aeb6df7ff0abb53be749c2b |
| SHA1 | ddf756b530bb78daff9f03542283f404357b2bc5 |
| SHA256 | 1453784a4b7d619eb63cf29afe886e7ae3542e6a3e7e726b964997bb54986415 |
| SHA512 | cd86f58c1ff0f7e42edf676fc8d2d0fce7f4917219b955e86eb390603d2714afa9d2f98d5553bbe1f12612cc25a224baf4e662c9b61124af3a38e6e7380cf53a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 48211820d21744ff9496e4453cef01ba |
| SHA1 | 102cee1467e3f364678fcd3771a1b39d808054f5 |
| SHA256 | 0f97aa1d333df07973ffdb972bbae6542f8d177f8f8d4901b8a33548a218878b |
| SHA512 | 7490e2042658387414318676ff275b7021c3fae565ab4bfb95e9838ff91a6cfde2d71171616ed0fe10bf5d7cc86cd88942e0826ea21d38d9a2915c11047effee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\6a271384-3a83-4ead-b312-f26594cfb467
| MD5 | 7a5845964273833f59460e21cc4f21d8 |
| SHA1 | 77cf08c97a9a796f7dde2055a07c5cbb2e0826b0 |
| SHA256 | 557e3250c4628255178158a86d0f5c92dab26af212bd6d3bc8b5d0107db8095b |
| SHA512 | 670a7a02e85f42c42cfe40538c6e7b1c3d1d874fe44a7c54448dccb28b9edeee6a5bd465b5297ae0b990ff7296e3b8496e09775ed74fc425f3272f60637d2c5f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 81de3d045c3ee8c899af31316ef36521 |
| SHA1 | c2fd8abe606c7d733969b6f597b09b47f83c47ff |
| SHA256 | a2ee3ecbc902b763d45b1a82cb0e8ca6706ef1bc9544b60c94fa031a8221da98 |
| SHA512 | e4f1ef681dfd0dc9e2ecac2122f0df6a8ba7eda5815a3e34668ef6775f6b53a27755c17ee8f2100cdda51728913be1ab25e62e42d8e5d66f1703311e8ddfd529 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bc3fa889bac67ee7cfbc686d1b1f9a78 |
| SHA1 | 2672831d58893e6b10eb7a9a57eaeb465471d8a5 |
| SHA256 | 067666955c46b32c07e3e9924ee902b3d9f77068f50558654889f4eb36b9e202 |
| SHA512 | 421933102592715fdbc1c06c93e2dde5c7f4adbb615dd0afefa5b23a65d2809b2cea46bf261cab6ce8159ffcf5c8a6d21a2d93f6569957c09521a993903b1a8f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\activity-stream.discovery_stream.json
| MD5 | 598620ed7c532938c2cef772c1dcf94b |
| SHA1 | f6123e62cb99d3cd0e2d6b5a942e1708b1e6aca3 |
| SHA256 | ba2edea2965842ea9b0ae717145f5f433ce9ba1df4d53a3563dc303de6e1f611 |
| SHA512 | 19223d843ec56359ba4cee22c85a268fbaed0d5b460cae463846c27dcb762ade231cd7050cfe1a2cca7fb27ffa6cb7bb4ac3b87fe038f455dff12070fd724161 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs.js
| MD5 | 2986c92531680d18942c170b4a3f1584 |
| SHA1 | 4be8a7aeb464dd2d858a0652836c3fde328c9951 |
| SHA256 | 2aa207a86482001ae852a4d0ef6ee499ec3e75aaa4a1aea1417668efa44726eb |
| SHA512 | e775d4d7ab5193e1b8cd027097dcd94e9d5da3108950a8acca9741a7245aefa35e76ef97e93bb7c41afe7a227366476ae76c804a2f34f0c8fdd7c7ad4e29ebd7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs-1.js
| MD5 | f69ea7398f3886d65e11244d5a148ebd |
| SHA1 | 752e2143b192910c9ed09ab85df035bfec24762d |
| SHA256 | f72f38de183db71faf521285da9632c73ff2bf870c7a06e3390b203b1b977581 |
| SHA512 | 8a31afdacea4cffc3bb0d8e23ffc592d40f867d6f0857f0da4e53873745d16c91d108acd780d4dd75317ffa2a9bf106ca538e4e86eec64ff2c7e77631d79a168 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 60d05e14f945bea69b2a70a47c9a4773 |
| SHA1 | 90e982ab538f6aaed809ea928ab68e1ada883362 |
| SHA256 | 2aea1d45bb1d9ef6843326f9361666e8e6135ac1847b939806e291b71d4fa62b |
| SHA512 | 2844d1c63eb65402b4a33136b4403b750d172d21de3babe9bbe9bc88d6eab3182a05e93d16cfc7de33af314df74502eeec6dd20d4cf67f23efdbfe34ade28702 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs.js
| MD5 | 2c06571fd5965c5e0ed55a2857673a4d |
| SHA1 | 7f9750378d47b1b443471222d6b71c5de5301077 |
| SHA256 | ccfa6ad2407bb644ab0141764bd1f9fffa1cdc3e0a6f80b4a67ed93f98cb8ae9 |
| SHA512 | 7481737a810208b229d49a055826be55f33624a285a2d847bd0bb01afe5c6a7a70bb0e6572f9184370166d85c12109ea6399df6875582aada365c00a7c68c422 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\AlternateServices.bin
| MD5 | 7f60b6ea5d0d6306e9151a112c5be7b4 |
| SHA1 | b3b7baac8a4521cb5f84d6e647e66eb7fbd4bec6 |
| SHA256 | ddfc32c4f856ff5abf7392189f20b50dd59a0fbd559b580d09b0b1db3440e817 |
| SHA512 | f0aeb02384bedae60a3b4d718d409f3db95111ff269cd81f389992ee2b4bcfac8889f6d0c5362c1c798671dc09347f43ce140f17de4dfd9caf938bb44b8563ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs.js
| MD5 | 58e36424730035ecac1744bff68cdef5 |
| SHA1 | fafff8b2bb9cb8308c5545610275abe1ecf7b551 |
| SHA256 | f720be9ff43fac313545e7d36aab3746c24ff8417c1999c53da92f9051222902 |
| SHA512 | ff258aecbcf105a055337926795ffa8f40fe1b25dc429e14e99fee7757e88274a8f5c3770c1d1112f783cfcc841441834e690e1d35b6609ca8c9b4f01552ff49 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | c72e8164a8e1667d57de7245e0ebbdf5 |
| SHA1 | 39a14cdc1eab08657f6c6b359f23d2a1903cd46c |
| SHA256 | b9dbbf3df3ffb542a7acb928d6141dab8a0555de9b330fce042e308b6d46f525 |
| SHA512 | 40272f27939f2e06be9e55a4a01b1f059997e2e15a0a4a5ed895b945f2e904c1f7b3bd18e248c585e99bd6e08d64e81d4e140d9655055e385446ac54ad2feeb3 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 3c8a1c21e6c07c4b45554302921ff707 |
| SHA1 | d60397cc77e736e40bea96136f3d6e9e6a511da6 |
| SHA256 | cbc40125e11cea5e1f928b002aeba921b7dc6139bf6be837cd114168a8d0d5d8 |
| SHA512 | 67efd95f38629b449242f58fbb4edf19c0406f41c919d6df8a00f95383bb446562ea2204ff0a63f70cdd1ae5407fae215bbba29ee90260600b1e2a183cdb2169 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | f6088f26fb3b08dc0f564053871ca0aa |
| SHA1 | 28bad376da228908c1b111e9f07ca61c72b09291 |
| SHA256 | e06759049bfa4e6d6f09789ad0b54ed18bf795a864d417a0ac38f23b73ddb485 |
| SHA512 | 43a13d7cd5f18f512dc5dcf414e4a26a4371703a52a3d81c1bfa55180fdb6812d809ab3953c763114c22f530edd79c10f5811d33657eb5002bdf9bac21b12b30 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 3081c859592bde86376c14af2e9b7f5e |
| SHA1 | 92523684446a4b69f65bd84f4bcbe70eae2bc4d2 |
| SHA256 | 358bac0a018f0dc33f307b49c8d0d432429694020d9b4bff307c4bf8dcf4d6e8 |
| SHA512 | 2b5e01a2923a19d2aa4d076e5f956b30416915ee450ce7910a809f8e2e829df3093d0d5161ca377078a69925d0d1c77b43249ad8c0cbf935e7bc9e377aa2036f |
C:\Users\Admin\Desktop\ApproveComplete.xltx
| MD5 | f7457e8d33e641806675b565098fabfc |
| SHA1 | 72f88fece4c627c9900c9cc2a2a6b33c524ed241 |
| SHA256 | ab7802fbd413b10173df0bb73cb90809be47078edb5e5ab50e54fdd495671d0a |
| SHA512 | a6c0bd39c80f3e3283465517c98f9bd38788f4a92b5b8f70d59119795307d5a6b64b36467891aa8baff247547e9b741b77a44255ac866496d32b49cb67d40a98 |
C:\Users\Admin\Desktop\AssertBackup.snd
| MD5 | 13ea1ac7145c328d5bbe046fd7c9b8e2 |
| SHA1 | eb212fa3170210dc7d9ccb37483e5f599127ccd5 |
| SHA256 | 77ce35f6daf4a2121b526be928df092f589abf3f92716c003fcc57f499f15e6f |
| SHA512 | 758f1558768ca9c21990c1ddaad3152743380add4a3d44837e09c54b5bbfed56d135a63da4ea3d2c3a65482ec93c0913325b2958de7f4629cf0c302db738c3b0 |
C:\Users\Admin\Desktop\AssertConvertFrom.mp2
| MD5 | 82e2a4d2344c5fcdaeca5c9f746f0f69 |
| SHA1 | 14695bcf12225d1de308676b31d10eb7c1b6f6a2 |
| SHA256 | e026dadf77651bc2e118828f319817214318bc599c0779022952657094a0929c |
| SHA512 | b4b62e55b8be4cd7aa59d43ebc66114d975033ff0a1edff3429ef4ae0b6ec49df212b5c35af46e7a98d441af6bb205c4b4ff99efe1b1d3c1fd896b6f37738fb4 |
C:\Users\Admin\Desktop\CheckpointDismount.jpeg
| MD5 | d3cdad068ce24d06a154dc6aaecd4277 |
| SHA1 | 28adb30982af3b589eda68d2bf8ba377e231aa55 |
| SHA256 | 3160399c35e05fefad198766862ecdb17bda3a02bbdd8a02d48c87ccd1fe666e |
| SHA512 | 68d6fbed5e9684b100e8a2b45840c21f05a2f6937378575d85a195b350e57d04c353b5437f83238133bd47262c4c6897d420d91815984f2a364b1f3bf7e98f6b |
C:\Users\Admin\Desktop\FindOut.aif
| MD5 | aec4d73da76ee14a446de5e633f6e1e2 |
| SHA1 | 66f374960be7cce3168011e5aa0089b9219bdcf5 |
| SHA256 | b84cb619e12900b43338f605860b346d25c269247843c048a31b2a84e0648b77 |
| SHA512 | 7eae95f21fdb849390a4967badb1c5af1eb3acd744f5bb5b2c8b2b27dfb5bce680cf4ab8e9a246b20a394d1bbd1fa769b2e948b6fd348602824ebfc14257a008 |
C:\Users\Admin\Desktop\GetUnprotect.mhtml
| MD5 | 82abe14e78e3002654edcbf172130d80 |
| SHA1 | 94731a0a4f7a60977abf4beb72e6c55f05437f5f |
| SHA256 | cf9b523fe0dbab68752c730e12198669151f523a8bb8261b687a601334f9b998 |
| SHA512 | 3f4f9222ab9464124caee1ae355dfbb690c687706aafffea9c768f084467b22bd4cfee6913f23616a08b12272db43ddf9760da601b1342ef507e4f3f938354e7 |
C:\Users\Admin\Desktop\RepairInitialize.ini
| MD5 | 1a7ddcca129b7479cb72ced35cde5f33 |
| SHA1 | aa942ad0e5f6ad69dd9873b6ab502d06abbc61a3 |
| SHA256 | eeefec55e5c3b0f5fb8ed4e6b18893e4c378b32c19c514ad547cbd12cf35254e |
| SHA512 | c80736d42a224debf48e311b7871c1bd0007ce173cf0162025bc5d240db47b486b1f950102c4e94a6c16c81f6ed35313c957d72145e2ca526453401bbfc0982f |
C:\Users\Admin\Desktop\PublishAdd.odp
| MD5 | cb094c1532dadf3695ddd0def97b7984 |
| SHA1 | c4637f7b30dea343eeac27c41716de705fa8ed22 |
| SHA256 | c6fdde57c8ba3039d1428194f3f0bd86bed5737aa51424c20efa13464db74e9b |
| SHA512 | 18893d8a26d6c5c9503a9b1d37e70c0ca3004d8fbad7889c962544b25ea40e6ac6c52bb72cf652158199511f1b02eaf298fc0f366efe26333675a684a754b292 |
C:\Users\Admin\Desktop\DisableSave.xlsx
| MD5 | e8207bb4ac525ed0aee01d8fda0cfc1c |
| SHA1 | 2d049d286a2382bb8d09545d507739e3b9bfe53f |
| SHA256 | 3bc71b9e3ce3658f1b6faf0ee396d4cd90c89f3af724dfbf325be76bb638e784 |
| SHA512 | f0687337f0a00542e8accba8a46b4a3c5da59f0bcc002571dbadc4789376ee926863e3a93e74faf43490626dad2f54338f19e1e82d966192d6c344ea4dc114a3 |
C:\Users\Admin\Desktop\HideJoin.docx
| MD5 | 020fc7de40480a21b22be81299f94be9 |
| SHA1 | a8fa092afcdab9256882c5af1fdf39229390ac2b |
| SHA256 | d30b8aa5c1f3a0874bd77281dfc1fe2f9c1fef47a39094cf29d05211097b859f |
| SHA512 | 7bacf3361fe0e5941c8e4c547351b4a4e5e72b4511c44139eea687bfeddf056acd6343ca17611a0130890d0032136ab3475f0f74209ce57b7147a41ce6e96712 |
C:\Users\Admin\Desktop\RestoreResume.xlsx
| MD5 | d758e918b23a902a4ad1446a114f1f89 |
| SHA1 | 824b5aca77662b4e0aff371776fe188319d88ad3 |
| SHA256 | 3a55d58e4398150207ce9b2016ac556b07bed0d0e4faa649ceef7672307338bc |
| SHA512 | c262308e5097a55f83d8a4b143720105a890d8a5afac538e4fbedd7d8d5eaf858ba5be622c01bc6d6f25edf5aba46b2d93f31ead1e83d24ba6594213a1d0409a |
C:\Users\Admin\Desktop\UpdateExport.xlsx
| MD5 | e9cd88e071746c8403033d721b9314bd |
| SHA1 | 7e0d9accadeabcd29883937bbabb64137610cc6a |
| SHA256 | f47c9191265e149933386f4cc8996de56f397085fc4c15b26ea6f483765b1f81 |
| SHA512 | 34ef3f6cffa126a73a74cd943c7802196e2830346d92d018cd3fce5caf2c09ce210802becd229d9f186a4a9eb7ae4921430137f3ba2d855d87312b50851f8657 |
C:\Users\Admin\Desktop\RestoreMount.hta
| MD5 | 7f04b670476dd7b4a43e6c060d950368 |
| SHA1 | 23693688113d136cf9ac374ee66b1a856cf6f189 |
| SHA256 | 55818fdb88e465d7c586c7e83f98a14bb848ecadfcbd5cc3e0caefa1c2343f70 |
| SHA512 | 068e338fb922120ad55873a720cd778927dc1217d34e0f67b883b21c1f25566266d857e168e0901e118520390fb230b0d24bd0feb636368b91dcebd96e43e1f2 |
C:\Users\Admin\Desktop\RenameInitialize.dotx
| MD5 | 63027676d89ac2520dc766e777d7f99c |
| SHA1 | 9562f005f2cffd335abefcd78860ff7d747faf56 |
| SHA256 | e4b64bb891a46fe7e5b94094573ab7e18bc8e601617a23b2ef22182af643db68 |
| SHA512 | 15ffb39337fa2007f0fe117df0e9d9cd20e65358fa8d6d0bf3f48c061ada58b56f150ce1442e292f6b69b1d99b1210b96185ae2973881c9ce19418425f2a9d0c |
C:\Users\Admin\Desktop\NewAdd.mpg
| MD5 | e4a5a87a0304f3a672529e4c0b4078b2 |
| SHA1 | 746f7b1328996af2f14d9c7491a79b44734e0227 |
| SHA256 | 7543765f366ea8750570165651e1237eff2ed81cec41bf03d9eec9eec4c6c7c3 |
| SHA512 | d4ae96eac99f285932b7c8e58178a2e74544659411f42930e7dc5e358c74fa9dd0e6cb129903452b7502738518150ce5cfc0d7f97318c092992b4883c884ee2e |
C:\Users\Admin\Desktop\LockMerge.crw
| MD5 | fdef48934b99035a347ec0ea8898066a |
| SHA1 | 7e2d470c2dd59f673671777438626e1a63910caf |
| SHA256 | e0b77d6eb22a8666c6839d44b6132ac8eb14c4b9aabbb9b46bb4453096607d5e |
| SHA512 | d18402890aecdc3d483d9d5c43ac6fb5ae6513dd8461ae1fb96cf12b2f59d2e81dea3105376b0238e3eb90286374b556a292374a2b42f206a2bb53bd5d432259 |
C:\Users\Admin\Desktop\GrantSearch.jpeg
| MD5 | 18874c9bd51d93c623f7f43e5daaafc2 |
| SHA1 | 9222f6fb86a74c0feda7a94d4ea09ca9ba4fa254 |
| SHA256 | defbb140cf0b62ce9d51c3132141753260678f98c596604da62beb8fd5aee3f4 |
| SHA512 | 8894bb18acaefcb4be1d54e94a594ea656c392d7994f610e1d5998e6b6d43b94211f1e3f68762a72d0020dc2d8a6850d7a8974cc7e8f1d1220c02010193828fd |
C:\Users\Admin\Desktop\DenySet.mpp
| MD5 | 8042e8501d23ecf6aa531aecf8e4f18b |
| SHA1 | bec3087227383654c6e8819808f0dddc5ba414a6 |
| SHA256 | b173705a9d6ff3c8e5b3295d1f9e92bb5d3f70e87c2453271da50fb6fdbd00a3 |
| SHA512 | ede47d0433299c25ebc8e7872c30c83f57d6c3e51b7e2b79714d6ea13f50a0813d7daad99a0aacc888827a321fa09c568f78a1f0e01d6cc59ef7276bf342af87 |
C:\Users\Admin\Desktop\ClearConvertTo.xlt
| MD5 | 13b9adc9bb35f98de80c7fea2687bb09 |
| SHA1 | 4e33a8e9215cc98055ef269df854bb91dbc362c6 |
| SHA256 | 1477a6f8527645d3a797791114128cfd4d27d1b3d155a8d12ab880b2c3dbb0cb |
| SHA512 | 7bef1b627b0057668c29cd9223e85551bb4bd7e392c32be5a29a2cd858f9afbed2afd51e07c6a5642122c8cf113336bf121225067728481c345d96329fad36e5 |
C:\Users\Admin\Desktop\WriteRevoke.txt
| MD5 | 46322d05e9409fdfcfb8ae8c1e6d301e |
| SHA1 | a962e59d7d9df69e016016471928a572fc767afa |
| SHA256 | 62e488e6e1ba49de8cb482b647cda704705d3728e48c197e3722608d4699c07c |
| SHA512 | 7ff65c2296b263471f346d7d5ed3bc54db07148f9ba1db17e818c6cf5ef475ea3d50e38d4a4aced3edc4997aed12b97584d8168a3710fae6280d129e343b8b0e |
C:\Users\Admin\Desktop\UnpublishUse.sys
| MD5 | 5358cf7d78cc051a27345e6402a31508 |
| SHA1 | edca4e8e29ab79ee2a1dfc6a6051e7b72b39378c |
| SHA256 | e2c7bd10f24160894aef668b0d3e761dfa00a53a89cf4e114f279c6e6f48a713 |
| SHA512 | 0e754dd08169d91a84941779f1d98852ddda68294611066a977f18c72d59c4144fccdab37126a33d104e62f331ea7df1332ca8a33b83011c43a7f210d61fe3ee |
C:\Users\Admin\Desktop\UndoReset.xltx
| MD5 | e5b744f96a218a1e01c91ef23bc2e7dd |
| SHA1 | c7c3e453fc1a4c4035ad756cea8ce33c0dd4fbdb |
| SHA256 | 2d6998e192666f423cb0f58871f90575a42a1e5b792652d2877e2fffd6b1a422 |
| SHA512 | 5f7cb91f232e7ca59c3b308a6421f30166ecc87034c1335482d7f71744ba4ec3bae2c2035f21519838fe3db80f68b5725f24b6f75d455f79e264f4aef8b27afc |
C:\Users\Admin\Desktop\UndoOptimize.emz
| MD5 | 70b197668ed8b92cf9e87471fd977bca |
| SHA1 | 4ef282bf7ceb4aec45841f6f6de682694281189b |
| SHA256 | 92fbd7ca82ce665a03c0bdd3cbb9d189d890f901763476fed11b97fc8004042a |
| SHA512 | c443e7e77cc7cc36e32c97112b791e7fe86fe1ebe795f9d5da2d4d052d7e6f15acddf664ad37d1cb7c335d20e80c4b7aeb47bd151b66d7f36b174c40ec36c2c2 |
C:\Users\Admin\Desktop\TestMerge.htm
| MD5 | 5c86680b243313f3f6252833587d6c58 |
| SHA1 | 2214eb501fec11d7687c15b48b1b96dfb770d443 |
| SHA256 | 864699085ec693103b6a7662ea60c342c4cffff2d6dbbb06ab07aebdfeda10be |
| SHA512 | 39ad2de6aa619fe6b242d0a7179ae8a996fe4a7abd09edc4d7c933f418d3a0c7281ed0a29b7fbefae9fa4ff42a764c7dfee7f0f1e3b7ef14226bc5bbb2e3c4d4 |
C:\Users\Admin\Desktop\StopWrite.edrwx
| MD5 | 26d85c67062bc3597542b46282acf633 |
| SHA1 | 876bcaf6f26dde9909c602b4943d786d19510ad7 |
| SHA256 | 85cdccc32396e03c791c610f1b8d39c8a2a9bbd10b369ebfbebc91c3d1897c4a |
| SHA512 | 2ec9338089884228c2cf9cf9767d2a644f589deb63a9c5b7acf171ecb7e8bc9cb6d30b4019e08494f27a7231ca4ad128d2876028a02bd0214a0a12f65a22ee83 |
C:\Users\Admin\Desktop\SendRequest.3g2
| MD5 | 922105bf014db11263354c5f5d573c12 |
| SHA1 | 3415535c15a33eee9637385b4ceb65b087640713 |
| SHA256 | 531c233b63901181144914369b2fc4e95d784f070b38f08ef0d5cf3b626d86cd |
| SHA512 | 1e7f0113355f697b058a6dce11e66c8732f7bfbf124e54c9a1ce3be97fbd7910ff8f9fd40d67ae3f6e4bd65c37e0183c8b86caa25b1ff5efd2fcbd08e295d6b1 |
C:\Users\Admin\Desktop\OptimizeSave.wps
| MD5 | ebdea2752eef6ba98d1e1a0b58f8b7e2 |
| SHA1 | 1d5ac0879269c476233c15f277362e0a485fb965 |
| SHA256 | 87241da522eb89931105ad88c8f1600911d2bb4b9b1e071b0d14923f8229c4c6 |
| SHA512 | 60f3b61d10e64f5b882575a27f2c04a3841bfb254f7b7a8c662e08c56b176e9975aae949751bba0da26ccebf30fbde0247e34710efff177ea1428d2d4cdb6456 |
C:\Users\Admin\Desktop\MountConvertTo.pdf
| MD5 | 21bc83dd4d27b95f30186f40102e7d1f |
| SHA1 | 4141dcf3c0b6cec333919b7a3c6ea90489dfa18b |
| SHA256 | 25c92676240335c00ccae10950476d6544f286f4c6bac90ce0e0400d22ac53c4 |
| SHA512 | 7dd42b777725ed1e41ad769d0f9226e0c185bb198b7d8c1f3bfaaa48356aeecfa91af90a42e97e1780566a6e891e44356b254f38916f74731a406266a32b3ab1 |
C:\Users\Admin\Desktop\MeasureRedo.mp3
| MD5 | a70d04b7dd329a735b441ec47b7e8cfa |
| SHA1 | 0843355a47f32dea9ef9e9b478b8408477277d37 |
| SHA256 | 79fdf9c90c4d0c6d71b9be480afc713641bcca953e3b38f910d07f3589e09d3f |
| SHA512 | aed4b808b679e7b0c4d953c54a26edd542f9ba5aced0992d51cba9366cf3a2a0471e2b255b32e3087081b1505f457914eb9f135ad665ae6ff626938228057c9e |
C:\Users\Admin\Desktop\InstallCheckpoint.sql
| MD5 | 4196cf4aa21e224f6372dc2ce4337fa0 |
| SHA1 | 753880c2e894d2c6b5629355bdf534fc6624d6b4 |
| SHA256 | 7670f231f831fafbde0cd2d96957e6d07d979a0c7dcabecb874b47f607f1abe6 |
| SHA512 | 9ae4c44fffdef39c1a15b889b19f8f0e0afe42363d9252cecf9603af4387d6d17804239ec108614d4b3b18830fe869ed32cb9e4c163b6fd570c2935ba801da7a |
C:\Users\Admin\Desktop\GrantSplit.mpe
| MD5 | 85483b4eeb3f6ff587a1bce4c67c1d75 |
| SHA1 | 58c72c5ccf1a6002308732086a978fa6ed1c9fc1 |
| SHA256 | 24ba20610b78472fa0108136a804edf946cc7db5a4eb593d7583190457e01502 |
| SHA512 | fb28a2397a7587c16bb1cd2fd2363e8ed1d6e34be2f6bfbab7c7a32483e3197bc94c73c44f5cf1cbb1f69a7f7cad346f1ab7ac6960bec15301a76f5e83e0c631 |
C:\Users\Admin\Desktop\ExpandApprove.dwfx
| MD5 | bb43c8d1670da1a2beb02a20e60cb868 |
| SHA1 | 7301dbb20faf170b80840347d966ae5c327247d3 |
| SHA256 | 3feecd780818e5ab4c2188dadbb142a95555f93b435aeb757ccfc6abcdcfff41 |
| SHA512 | 493478eca3b7ea2ef4d8ceb92f94457f0b3ab1733a2de5db39c7a28b7cce58b0f7fcd133349445aeaf7023aab82ec80209a13127c75dcec30f0e8de829fb0d7e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a9242480b4c2993aab62fda1c9c63ad1 |
| SHA1 | 23ac5d5fb620dff4364c721cdb0be3546a6b9c05 |
| SHA256 | 946ee8630d693255a35c3726daa81355ff4cc31c34bf02303f86293220a05bf2 |
| SHA512 | e9809e8f4ff98b42f9204384a0eb91436ff15b3d0522f6d2963ab55e9fb799f40141b294d195de75ed286a217155b105c3258c98f8a7c888da2f33d43d3b5640 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2ed5923a193ff8db83b2a21fba0a2372 |
| SHA1 | 306030a75733a26b1c638f01e2da33d53a479b87 |
| SHA256 | e225e0c06bf798be0d6e0b6710d380d545f2994492fd99a35eb43474fad4810d |
| SHA512 | 62f379bd8503e90cc251be1d4b7c3c3e9ef81041623f1cbb12f24b842bc496eb5f381df5f54d372efd673e38e595903e81ab964751373f3e2587a64739fb180c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0
| MD5 | 6e57c32cc7a5c3ae6d75a38e6a70b455 |
| SHA1 | 029d0fd9008ea085206b1433cf1fcbde1aa0dc6e |
| SHA256 | 1f376e291fd172fd501eaa7929b6a5dd7b3df35a09e45e536468ad90b64afd2e |
| SHA512 | f64d29f83b1d0d310a47db100bc8f6a5f4a12ba5e4473b9c85576df42cd0afbb7b4ae1078660588f2ffb05e6a3318c3e623587a1237670b26067077951f9c171 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\AC6959268E349C7B5497A3867D6DCDC4D543431E
| MD5 | 8571ad988bdf741840136b5752a3c0c0 |
| SHA1 | a39584df89c9c71917589eb923dd2f65c6dcf607 |
| SHA256 | 5a63605aca17c76eaa105513c39b4ccdf402a371d6a75880c17f5a3d0e40b45c |
| SHA512 | 23b9d00d614b3979275f69277b62fb47b3b26f4cad710622808b6ce3deea34db1efafa437931f6c550c693cbf3abbf0fbfdceb36c8d971ff377bf415e2588645 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\FF405EA908A0CDBF948198368567C7EC073C7A02
| MD5 | a8047cbd50ab49aae0d2db77919a8bc9 |
| SHA1 | 22592d37421d776f5c26997441a81cfd886a905d |
| SHA256 | 71e8935d4fa0d70f0e1393e644ccb5508c34a7a3376c6c36acd34d2eeb653491 |
| SHA512 | 2f0aab26dccb2df0e37482a3e2ab45285ac92d36d5fbc8c1a2b7e6d6145e79b119fe3161a57ed02c8af5daae42a14dee61427cb99bb856892322df27735c0e6f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7
| MD5 | 4e07f8df1c1acf3b2ff0d83686917814 |
| SHA1 | 557109084cb3d1b2628a7318247f30b551215cce |
| SHA256 | 4c866562aed7ae9b0f10eb4f00a011652692287dded4a7d5bb0575e22864b4bf |
| SHA512 | c42b99adbbbb71bd1e9b3f2f7886dbd275f2eb580df26879bfe63fefe6e9ea5c98b64e5dba6035f2f945e8cc45e8b984daae3379667e77b6a1d687dacd421d13 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\7F30F53457983F11F2D61636C9FB5706ED9AB60D
| MD5 | f292b548782e9316a1e00a83bcdc6688 |
| SHA1 | a46fd5d16a5e4c8156db7fc4dd5b1ec005a3e079 |
| SHA256 | a75e4fd6581d3eb84e14d932f928a66c4e66a514d03a7658de14fbaad12c6e3e |
| SHA512 | 3d16d82a4e0a1eb1da20bccb64b429d98092c7a2aed7b9ae0e63f87331db55da98ec19bb444f0d76a5f5dbc2e7ff9ff235542167185878f6c6bcf4cdb0f70278 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080
| MD5 | a0883e38fbf5b7018006d0c93bb0fe91 |
| SHA1 | 39af47d6c96115ce170a2c67f4e777148d6772da |
| SHA256 | 0dcd6b6f4ed5b87d8296416a62f2fcc371cf6aabc442f0483a7dfe5624ee3a00 |
| SHA512 | 328275c33ee731fd10ecadd77594ef3d12873fe63a4dc660da9ebe71ed8f8953038a96e369ef0e6758642ead2638716bebb74ed65c1f4496571f955b9e9af6ce |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770
| MD5 | 2c8cda18720e6a92f6c2fec129ba8f7a |
| SHA1 | 228b9ae3204e5c362e3eabc2d14428786f6e67e1 |
| SHA256 | ab11960df8c7e44239df9163e312993d66e039a6f8b297062ba2e0b42cef3489 |
| SHA512 | b22f62cdf54561aef663b4b6efb8e6efc4989c243634c89856d5fd420ae182852e2c31669f2c6f2fc041aedd7e6cf35b1c68d614fb10720b7f2aba7a2eb7f69e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\6DA69A746F9687E1FF413119EDE7AAED2F9783B9
| MD5 | aeed8a20a4125900d8490449d6afad0d |
| SHA1 | 0aea9c38022a72621ad064f864ed58708dedbff9 |
| SHA256 | afc966a33f3e69653d94caec70f12d0ee9326fa5f0653fed74135263e675b110 |
| SHA512 | 4a13cabe1d108ef61c5b9f01e6e2739719ea9ae46a6d183c582cd19bd5ca277be72c613c3694999e1c86a36a96a32324eb36fb519affa3f29ca0003d59cf7b5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 89740e620f587a08cbbec09e05051695 |
| SHA1 | de6c958c4492c869c686a80ea2994e38a8512046 |
| SHA256 | 56b29258c51e33c6b8f5159f1168644e1231532531a3cc732ad39a4d1cf802ca |
| SHA512 | 6144b13ce5a62f246d7a6474aefee16c6f35cface5f256240ad5493891672f897e58c3100b52632a200cbf38c9e0f4298b27a6da919b738994f077b7dcbb1c20 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC
| MD5 | 8872ff4e3df9d2217ba188fb525e8289 |
| SHA1 | d5a0c7a33104b07a9fb8f94bef657af89d2f8a5a |
| SHA256 | e51ba93a80af30fea024904356ab870042048dd7a2faf016103196f302baa39e |
| SHA512 | c771a3a717b65c36461fadf4d21f6f6fb3ef9d51243079c75fcc355e29902e99fb1b77cff96892ff787fa70c4a11c4a46503b78dabe4e1dab874ab0ff1afcd3b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\1F31E974FE26ADF455919D56BA89637647F97DF5
| MD5 | 5490c4190b05b05b4c68948abb91e29b |
| SHA1 | 7560eb4c430a12584980c9dc171ecd628c1452d5 |
| SHA256 | 5a91d80978dee7ee343b0e44b1f27863b72bd31a4e43b4737cfab400b8d35ae5 |
| SHA512 | a981cc98067a25d430cd0f518d88f3cb2e49aee675df116a907876ba12e7ecd2540379cf2036ead0f1930a9e898f48bbbbacf71bd6697f2a1e56c53f6e3cc38d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\3CFE3D7A893AE719A2229D03193B1C953688F8F0
| MD5 | 05c6b1d9d14a72d911a9feeadc1e04f0 |
| SHA1 | ee9b5d7091ed416c7d6acb75d9d3f96f3150df39 |
| SHA256 | 76ab3b81b30f2eddaa46247ec3e1d221f94050e8fb9ee35002bf3d3e29b454ce |
| SHA512 | 5c6f123a5ae56b5cb438082f3a66a4b6cbbe387bd3bf9d68e02b9c95f381d6a79d13ad1247d253ae793054b2935889e0e4754f4e9cbd5e8cc88c8f41dbdaae67 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\28E1E5D29F93610BE7D5613D8B8DA1CEF9A67587
| MD5 | 58413369d5fd35e53fe1f5c339f53e53 |
| SHA1 | 04096a1294e8b407fb0ac6c1163ce68dc7f6290c |
| SHA256 | 1e0b2aed9b10873447e8479fd041380787fe271cd8a56cfc56a3e1862fcff36b |
| SHA512 | 8a0bcdd69ae5c19c4b494676fb913fcf3ffaae2497e0d366deb4a0123ac1d5ffa05509ad5478be34b411659b025c5bc9137e802ca3ab33f17be708e8451a7e79 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\121BBF69B3CDEA1AABA5823967030769C4433EED
| MD5 | ed906de28ee80ac2577bdd9dc66858a2 |
| SHA1 | af97d8589a08499be5905ae33913fdd4f5946e45 |
| SHA256 | f85c92fa83a22ca6a4ec81cd19c99deae40595ff24aeb8737308477c229c3671 |
| SHA512 | d1b3274dd058534892e99e507a14985fe690065b398490e6c08040153ccdc3959578546c830e7cfd2f72edde3a906d04ea7c6a9e3081cdf900afc02121a73ea3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\4CA2E679CEC293F142684E37B6B4D5F01FB00E81
| MD5 | dc0a9d30845c7c5a39f8ed5cc6f00798 |
| SHA1 | 8be7c527d829842a6ac3ac73fcfdaf34f68a27a8 |
| SHA256 | 634964c01f76d244d86e95988b74b94fe0d6f84cdaf84c2a8644ffad09b59738 |
| SHA512 | e557be2064f959d3199f84b3af810d23a3092a8f30b753939d59dd849868604c1d9ebfb21ffc15d671efe9d426467fd61a6cccb22e34dc65ccbbf67093b8df9e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\56CE90C55E132F8439D26E777737DCB8BFDD8A32
| MD5 | c5f5a0492470dd0748fc9bbab7354098 |
| SHA1 | 60fa7b2032a2bf10d95ea1d0bae1c908d5b5f945 |
| SHA256 | 1d97a4766d8bf9acd2907c67fd11e8a183e1cb1371b29c763ab3e165d49af57d |
| SHA512 | 2c55e65cf5b1fac88af85b895e12b2306a2b68df3ba18abc5f14092a6a6ca8e85c71dff2b4940121e8f841017313b5d6d16cb437ade3ff61f9325a7e2bb0ab91 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\4263B1A2D70C7C417487FECC88693B6E7E40E2B7
| MD5 | d99912d3a08dae52d4e31b42970b0857 |
| SHA1 | fbc040663f812cd1f96c0abb6b2111d66ec592dd |
| SHA256 | a6bd1f4c4741ddec10855de133f9ca51fa6a79566db073870e922a5e6f377314 |
| SHA512 | 3d03cb76bfda716c03ab7c5fc51e18977324dacc8fd2537d9a5fd3d8066e3c4808023268f060ca899ec32c8ff0bae1e04b08c4b4d42cef13488609c5989bd0a4 |
C:\Users\Admin\Downloads\MrsMajor3.0.exe
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 13fc2faac36f64339ab10f08cd6258fb |
| SHA1 | 37759e9782cf4ecf6911c9a677ffab92f8e4461d |
| SHA256 | 245d95ff7741e8d50572e58b2b9453cf900ea7cbd82a63c46cedacb896194f82 |
| SHA512 | ad2534c1f509d7ecd3d168a4a1081037cad1ae9bdd38d57dafcb5e85205d55f07556f38a780b1a9d016663a086e802b3a68d36f81ac1d4266b8d817de03362b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0492d7dff0b50d700fc274e735647a65 |
| SHA1 | e38b4236dd1de42f650eef151068fe27ce8fbe66 |
| SHA256 | 262cf93e254b41bbb05f89e9e8eb9591eccb6ded69ecedd9c2f063e1d92b9423 |
| SHA512 | 82426cafad3fe6e1aebe3ef81c702737b6a064af716e54e63a1f94b3e338edab66d071590b179004e6611f0d4caf32b0fa5429a00bf71c815e794ef941949daf |
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe:Zone.Identifier
| MD5 | dce5191790621b5e424478ca69c47f55 |
| SHA1 | ae356a67d337afa5933e3e679e84854deeace048 |
| SHA256 | 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8 |
| SHA512 | a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 91f83be0a831a1a52ff9002daf7cf63a |
| SHA1 | 14aa6ec82efffa9293336224ce41c04a1a579d9e |
| SHA256 | 512cddf56c252ebe2bfe74e745d3e6b66870ca5bcb10e537438f75873e6624bf |
| SHA512 | 48c81f5b7bd6480b44c0f2357d3ed2ae0a331cc7d19a4d24f80081a499d6da0139017ceddbb394e03b7d82e5938fe92349a7d14ca5e027d9b6e8c108a1dcdb52 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 549fe2023b6235b426f2b5ba343ea81f |
| SHA1 | bcab390317e3ad439892eaeaafd8007d073b3f88 |
| SHA256 | 3c8d590394db8fc121d8f767011b6e0054ff8ec5b21c73696abc63abc1b77509 |
| SHA512 | 0d54a9f3bb8c3e0e9d42ce6ee1cca4033e38a2a75804ca912e89c55484c05c7004c0116ccd1f1f65e515b78d158a4c9c83b69319b5870600135fee08ae99bd68 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 37fb2d7a1fbaab9a434cc1c59785bd52 |
| SHA1 | b738619ff5f02a7f828fe0f33f547ce0b8790709 |
| SHA256 | 7e91909ab7e07d371df23deb3144874f6df0be0f3cff8e991b8ad660b749d257 |
| SHA512 | 278aa03c0058d26e8be6e89e77eb59a1b3a9b3580a1fff920a43286ddb9c99aa62c00ae5c3902fe41eee32f1d3147c2a632f1cb3dc1aa8d02a9d369d32642774 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\jumpListCache\QWyctSFfHv6JgFCgmygwImcGyKQfCScXlIVZl3dp8e4=.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b2a2a2943cddf7d6ee68faa0d5d0250a |
| SHA1 | 6fc53d965a84192e3d0e0b3c3114e5c5aec603b7 |
| SHA256 | 74531bcbb7d29764805f4fdd1a6732a31db5613efead73e1901d0753ba720ee5 |
| SHA512 | f469b69402aa89f5018bbe5c5df91722de395c5f015eeb8f5f9ad47cdeaf06fd8b3d2adcb0f2a0a8e32ba8770bed57c81e7b7eb17e99471fbd6469af9796e181 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6cfe89014808444e96d458c26450dc1d |
| SHA1 | 36a885c3ac9e959286d594d2fc7983e3a94660bb |
| SHA256 | a559acc2d783e682e27359ab77ae0e4be8544f9c649295be4bb8d79b52b00d1f |
| SHA512 | 0824ab34e1e9af418f5ee40de68277a2989974f5de0177a07c7dc4c50aae1aef5d62ff4f8195b1c75423ad439af944dbeb2700098db0f2669cddfc0cd083655e |
C:\Users\Admin\AppData\Local\Temp\FE23.tmp\FE24.tmp\FE25.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\FE23.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/5020-1430-0x00000000007F0000-0x000000000081A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/5020-1437-0x00007FFF48550000-0x00007FFF4869F000-memory.dmp
memory/5020-1438-0x000000001DE50000-0x000000001E012000-memory.dmp
memory/5020-1439-0x000000001E550000-0x000000001EA78000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\147C33CD322F70E8435B53B609CA6140A8E8739D
| MD5 | e8a35af31d6617cc581c6196781dea12 |
| SHA1 | 29fac44d66bcc882ff68eeb8647832d0d217da61 |
| SHA256 | 24b213a02faf3a131e2b6a29a64978277b5a9a41357fd8c8d912916207e3cb0c |
| SHA512 | 02772e27ec7735cd083be162cfb815e2108d1a0eabd3f0b2282d75c2bca3a5771254d7f15831d5c9d5e724efaed80196d68a4db43dca333fbfa0d569a7d5b455 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1717a0f0bf92de244a2f144a66a7200d |
| SHA1 | 3e06826a40073d5bdd5fb5cba136c0b84e23a12e |
| SHA256 | c8cd641da0192e641ccc9da6bacf8a53e759eae883139eaed6eb6cd973d0230a |
| SHA512 | db0af73c0e49b5155c221e29277ca498dd9510bba9e064b31184c4203bbadffaa4d0c6e2494dca97eb5afdbfdbbb7ed0f1415cd7946a204c3a8d922a20daadce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs-1.js
| MD5 | 0eeeb5ba1483c2555a2142d1e62408af |
| SHA1 | a9dd6bc8a5f1b22c283ae21e0b8670e45af6da11 |
| SHA256 | 0310787c95e8b82d905833d5ae5bdef7e92fa1f912ed4b9b37cbff275bd23653 |
| SHA512 | 3a502c0fe7e2ca4cbf8b5158e458fef5a752edc25a84fc6b22b50991028e601135ebdd188eeb09ed35289e1031864cfb3d6d5a5214dd0791a14f9a6ceed12447 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8f7b321d38326a124b230f941f127121 |
| SHA1 | 547c874d325c08f4444e93b94a2dfebe38e5a17e |
| SHA256 | e495624fb8d54f55b4271d3b424e4f0a508d21db61a209776c9e96697b1ee3c3 |
| SHA512 | d499e1b540b2247dc22a8f6ec993fd81f71d0d260789adea533141a157874d3aafe3cc3e12bb762c1315c766ae2c40951ac3e6cc35f010ed9e10d76fe4458663 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 77324a8c61ed3fa0012bea6d7e78eede |
| SHA1 | 5345005d83473c794f737a979061fe1ae42d8799 |
| SHA256 | 2b1d71bb4fc49a6c01d2865f89697af84b62924209390f8740b62f14ebea7adb |
| SHA512 | 9c1511c28ca10c6f5a48d75c145915c1c6df340c5d1695d4a79375a104d6bfb6fc98a843d440723b6b05d52b18a8a02bf5eb668b3011bb9c8f4b6446b8399f60 |
C:\Users\Admin\Downloads\BonziBuddy432.exe
| MD5 | 06d87d4c89c76cb1bcb2f5a5fc4097d1 |
| SHA1 | 657248f78abfa9015b77c431f2fd8797481478fd |
| SHA256 | f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc |
| SHA512 | 12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 068ace391e3c5399b26cb9edfa9af12f |
| SHA1 | 568482d214acf16e2f5522662b7b813679dcd4c7 |
| SHA256 | 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485 |
| SHA512 | 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03 |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
| MD5 | c3b0a56e48bad8763e93653902fc7ccb |
| SHA1 | d7048dcf310a293eae23932d4e865c44f6817a45 |
| SHA256 | 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb |
| SHA512 | ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
memory/2480-2272-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Windows\SysWOW64\MSVCP50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Windows\lhsp\tv\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
memory/2480-2613-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6fdbe80e9fe20761b59e8f32398f4b14 |
| SHA1 | 049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f |
| SHA256 | b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942 |
| SHA512 | cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9828ffacf3deee7f4c1300366ec22fab |
| SHA1 | 9aff54b57502b0fc2be1b0b4b3380256fb785602 |
| SHA256 | a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7 |
| SHA512 | 2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02a9e973306160dcfb6388e743e61968 |
| SHA1 | 1a1820349c711a8880a94f3498fda67d416db60a |
| SHA256 | 009f20f7357b7523bd504479431165f3086099d334383e113a4c7bc54f745c3b |
| SHA512 | b963dd45fc6335b9270a318b2aa4efe26bab8d6972403666fd4a85223b158c4adcd3129bd7e4784604e493f70134cb5f479d661e14caf98936326ed6655425d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee489b6a06eadfd4004073960ce0073b |
| SHA1 | b431bd4a6ee87cc49ca2b997c819d51e97b4a31d |
| SHA256 | 6ea8f358ef24788e27e1918ca794820eb2f7f44f6c1494b79235510d78c45e93 |
| SHA512 | 9adf97ae2bc7e12de75403de7dfcb8cebd7e7d8125e3dee637401de07758f66cb9bf023adc9d14a65baefbc1c32bed8155ddb2ba18755e60df3920286d5f009e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb56a204b486369ae2efd25feb522d67 |
| SHA1 | 0a167e134f919832f1acad0624315c84d849d3be |
| SHA256 | 47692941aa4660ec1b9b037ccef331de22301261389396f93617e0f35f27b314 |
| SHA512 | 89396806f7b694404dfc2904d390b105e5084eb858bfbeea2da13b911ebf4c67fb1eacd9244f9dbd1e15c1d9dea426c68d7401114dff72eca178b3534ff237c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dfa9a772a30d691ed118433cb00eabff |
| SHA1 | ac7b2ef4e7da3fd738b350b780fbb47cf64ed494 |
| SHA256 | a6775376c48491fc332ec379cf58a8693f1da7793007cb7a786bea8644bac655 |
| SHA512 | 4c60c49ba5b0014599c3db05dedc38f52da9d88b7cb27f5fadf4056d3b472e4b39602880a8d03dea7ca6bf50aa9c629f30dcd739109f02e72c894bcd116150c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6a354c3d35444b4852cc6b562ab3620 |
| SHA1 | a97539fccb03c0ec4db11da1ba88377c60f25e40 |
| SHA256 | cfa84c9f4755c6b84d23cbcb2af259ef4a1d803a10d961938b0c933791bab541 |
| SHA512 | db12087f14dfd55e00e13586ea7c3902e4617525278e32f6b9f9a3e8641de4daa8b3af716337c2e27964ce54d11617afd4153f4a68f9bede773137f946d8011f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f8d9e6e84542e59b4c706caa7a0c247a |
| SHA1 | 8126f6afce7035619e6b95352d8635091eae27c8 |
| SHA256 | 43b7e2ccd4e1fb7bdb1ffd85b5fc098ddeb1f05f1849718617230d702c16eab2 |
| SHA512 | c498fe34674dcc477ba6ae82a4006f0d53426853c1788dbc5e513dd48ffff177c25128967687804e04b427fd726b1ae6f766d2aa4ef0fc9f122e2cae8d31d177 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 82b4624a853262652d74adc0891adcb2 |
| SHA1 | a2e9fc81879a85fa4f460db47e286f442d2340b6 |
| SHA256 | 205c6d59ff8722ecb81e7a25ac06d31e5efd9ee9c013dfe9f03af36c88a25b27 |
| SHA512 | ad6c0c1eda62ddb707149590d749f3cf5b264be23bde4a5d8ef70c7b787c530831b03c0087790f3471fe3252b51c1086888534cda561e0a5c3a88b28698b2aea |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 697ab63503c8b57fb22c53a9b35c815d |
| SHA1 | 62596a1c93aef4132795ccd4d0317abaf805c29e |
| SHA256 | 81569e89748fbf8fba35c6e09186d81900da32d91d3e267d33ccc73a142afb5a |
| SHA512 | a33f3727c37cc6a3682f5ee3844645e449976dab91f925f8a9485a7b338de567fae2eb43dfd51868138ddbda054697308c6b3d9ada7c16eed6a07b3a47565145 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\e3defd3f-7381-4739-ae33-1f2dc46572c3
| MD5 | 8e82bb6c6e617410b851ebe29d533f12 |
| SHA1 | af75343734db1371fcd35e726526ee50c331f5a9 |
| SHA256 | cec51a87c604fcdc573d34c3e6c2feff76b3992aac6e020dae41c4218d37beaa |
| SHA512 | 584fd97e3627411ede0b91914d1e9d6892b44da72962c8b123f1dac5064d27e3b845ebeccff85ff98d0549fd28bf6830027125e0021f06f2a58a565d019bd4c4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | be7038ce78e6ae8dbd36b44f4a6501f3 |
| SHA1 | 559399c923fc9fca02ddcf6926999fdf7cb78d1d |
| SHA256 | ecefa82dd5140ce29383f8a91af28ee0ebcb469a121ea673b0994e603a2d7d8e |
| SHA512 | 88f435c025ac5382b5c17d17fcbdf84aa0daabf4855ce1d0b4bd7982bc4dab8bafe4f5e06284966e6ab8ec8ccd4eccfdf24d3a48086d2162542f43b6dab177ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\e1bb9602-5c0d-49ea-b55f-76008322d5e6
| MD5 | 4bf52852c04e9630e9c7ea3c972e00a1 |
| SHA1 | cf2d3282782d8a3a505a50d063d751d9ed249fc4 |
| SHA256 | 58b7147e22a5f5aab255b939d84b1b45538c35ece2b02fc373e88e9c95ad63c5 |
| SHA512 | e8704a42c8dc8dce2d03d372d6543f2509475d132f6537a0b90a78d0b56d9f493179f92dc1da1c8f69fbd37913b714303ac64c4f4c9b8726ed50bcfcaf887438 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\0bcd7bc4-5782-4083-868b-6be7480db03c
| MD5 | 330f6363cf00730963f13b85d779bf6e |
| SHA1 | 5f950e34d99e9e7359b2054b09b4104f193d5d54 |
| SHA256 | c76b2a8669a6a4a3076695e0b32f05a84530d8c7a9f51da3ce54084f21561ffc |
| SHA512 | 15b99ea876a3a75ec2d8053d6440541a0095f314b271024c670b70bc6f9290d59cefb89987d4257fc967e97bd7fb4791a610b08662f2d8338311faa49600391a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 478f603c4c51a001d44e13daf5eac6e2 |
| SHA1 | aec67c9beac40fecc4946fe6dd75728894c87b93 |
| SHA256 | 376bf803367a3b1c908d241ea755227d8970d2ea519872e9ae1ed5e4e0112f84 |
| SHA512 | 971aa2b81cc5c743eb401ddb3a3781e442a8969e106a82778d145f549f5485e28284d0117d38b5c89ccdfc5907d727380f42b9e35674b5060f497e5285d1b4c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs-1.js
| MD5 | ec861f347815b29d65cda9478c4f4ac6 |
| SHA1 | 17a037ae944f5aa9dfa0ff027c056fd3ea53bcf1 |
| SHA256 | 484002aac6bfb54007b41c2ea2481de9ea12b628a76e500c60bfff599a8a9e3d |
| SHA512 | fb954e1e570130b370d6a8536e54a446d6f00071d4cb951492f1e8ad690d3494bae71e60fa94dbb37dbc41ed67c25c5ca8b35325f0424bb255e699c43b4daf17 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\startupCache\webext.sc.lz4
| MD5 | 2418a3ee9e6f112a1f70f3fbb45f1f30 |
| SHA1 | 9fa005f0fad1cc2231ac7d683c1167d495573d00 |
| SHA256 | 2716868e7c1c1a715e7ce1e27833933a6f6f23d85ebbbeb5f6ab47aa98a1d0e5 |
| SHA512 | 813accea05d53637ae63f5acd2e52d33998f5ebb0a3dda5fb5263bf0e929470ef632138a5fb283fbdc9f9b906b5e6242f33ed52a1a95bc1e0302dbf20c4d7406 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\AlternateServices.bin
| MD5 | 7cce04a3da6c5e683570ee15a3da8460 |
| SHA1 | 3f43b4d76a1d0fc183d2abaedc2ff35413b657f5 |
| SHA256 | 36c271eb759d243ce9821fad5857003624b9f791c5f2baa7a7589c76d71a6a88 |
| SHA512 | 8501d269f2e4940e45e6d828668f75d2aabc9651090ac40dd35e67224b34be58e295f49355e4c0d1aa3f3b2b2f597e08cf7e0090a2ccb8c1941b25e799a475f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\1243152E7867EAA24697321508C34F9CEF98EF1A
| MD5 | 66f8d69a0e5c4d2910aabdac14980b28 |
| SHA1 | e8017a2785345479e235f1d7f7f7affff407e951 |
| SHA256 | 5b56a5b35ab5ede7fa854eea673f37c818605df3c65cfa8eba7dff6d19a93407 |
| SHA512 | 4cb0ff2a9dfba15516ae6344d144e29916261a3ecd384168049f1a2db0176c319f23e804cb8730c78f41b7e0742ce5fd751c8a289e0cd0fd9e4d3db7b051e0a3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\01ABD05F24B7C929E9BBF7B620E2289C4EE00CD6
| MD5 | cd835f89684bf8a2a57217ba9592170e |
| SHA1 | 1029e03897b94ccf0895de6f962546f0638e18de |
| SHA256 | fa4a05d8cd2473d89bc5e07049de1e461dcd369ecf1aea0c136bb5179dd30501 |
| SHA512 | 4e03cfd06ce4ec114b92c15dc2d48f8af5eb9552431a881a4107700774aeaf9d7c797d40e697c585f1c0a47c409453f207766b19e3fc62027ccb5b223896e0e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\72CC7937764E446E107EE110D8257621129E0413
| MD5 | 246226a18e95244c9b5a2907789dc75f |
| SHA1 | 2f7c13f605bfae06e1b8e8020c7f74572d8be8d7 |
| SHA256 | ddddc4e3bb0c1af0c1712cb527e7a8b099338f96d471749a1652e4abf9adb24b |
| SHA512 | e215cae835b1077ce91ba75b3d7eec259fc2fb0f667b74f78f9b54929c070a38dd615ef50e761fe998d6989b1658024501a58740646978c2f21b0574e2f69d2f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\D105AB5F954C0907C9073BF810F90A3C36C6D3E5
| MD5 | 72e1093b898a7a101b4375797ec56921 |
| SHA1 | bbd32691fe80772c03b5343ed1bf8f11ad6a09e8 |
| SHA256 | 8f6533330caed42ee8ca2a5aa4a195554c4ed8b050852a3ab91de61d50e8b47a |
| SHA512 | 67809f5b5a47c60a08da2605cb6e4efb66de46ce3db1b6e2b57eb26c9306647127c6b8ebd5e60e568688510a103d7ebcd7233494b069bb124c9ef1e7553e1b29 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\22687BA94136A0C02D9DC84E914E4B03A2985D05
| MD5 | 228a7d5a4d210265475961e5e40a0e15 |
| SHA1 | 1e633cbc34bc3c5ad5d18f1dd35c75c497d25965 |
| SHA256 | 359273303a41afbc31ce66d38e2a94c7f073f4529d61dee557a1e898b01d2ed0 |
| SHA512 | 65488bba35a423da4a1c5694d9b5e940c2c2be94a5bbf53cbd8667839217270609984b658799014b0fadadabade812fb00420b65d137defab4ed6b049599b624 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\28137B1FF368A8704130B996D2AC119598F8779B
| MD5 | 19a33b0af0bd600d2e3b905afda1936a |
| SHA1 | e5f9bceace76db66295fd05f844bc323b9401285 |
| SHA256 | ee808c42347c31fca06444fc43469a79301fa9541172038c9af00f50258edf1b |
| SHA512 | f16ed1690d408a9b31da77c2fc2fd58e22a7bfc66b528c02871e0c64bb84904be33487c789d4d61aff158cdd2e71e06e124aa3864a2efb26e90c88c39907e551 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\BD518506D48E5D9A2A1A812001B343D87149620C
| MD5 | ad05596adcd96541904b7e85b8c28001 |
| SHA1 | 0031e59ff80e1ee85087c7636a17a9be8f8b5776 |
| SHA256 | 376db744203d578d3c4763e167b778b02b587647dd5cac50da26633851461cf1 |
| SHA512 | 69ce0d598a86d5a64d6de424d460b7a4d32681e9f6311b86742de6975f19933504f5390ff95f4429dd49e395cb5cf3b67e10a87046f50551467cef8f51413740 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\80285EC16EDB2FCB53FE4D6500B0396AC776DCD0
| MD5 | 6ecd857cf79cd3fbbb5dd9f4fad361bc |
| SHA1 | 62ad4dae8dfce89069ba0371e3b000d4af43528e |
| SHA256 | 3107e9139e1da339abf5ee0b3d5f43f9b175de69a22e0e7a86727c7092728ef2 |
| SHA512 | 104bc5d42d60fbea4ce4c3f6a4053619c86bf9e3703ded9ad8a0583f0fa0ecccb17c8544198ac9d6741e02a402806abb9051ea2c0369f8c5be27b505b3603fa7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\E44D8EA2BB95FA202605B58E615B3400B72A14D2
| MD5 | 9037f5016ea591c20c47a6f67142f5f3 |
| SHA1 | 20365163f6976085d6325349fd9ded25f7bafff4 |
| SHA256 | ecdbb7ccc50c675558dbc468216d38e1fd588085191d8ecd03aa4f9ccb01f493 |
| SHA512 | f0673c01a2437c32508795fddcc7e33c114795114dc574d8ae9ae75bf2da38a457e3dc747ee3ea818f839faee1fe044ea7a359b47c959f2c39484fa6759a892e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\BD5BDA6CAA71A9585CFF4439E6C1BD696837BD13
| MD5 | 9f0ee5e851c2fa6cd667fdb9b837da73 |
| SHA1 | b036cd7f472e899ee95ee27f22a545697764ae64 |
| SHA256 | bcdd37177c2f226cd1bef1a5e80ac6666f5299fe981ace280a89dc54d95cf156 |
| SHA512 | 793734623c395e3ac8d91ebccf015ba7b0d308728ef30b75d09d873f0058cc66906c2e545383f44c0083d1cbf997aa18ab9d18e36acc9e2f19b9e67593dc2aac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\D5274CC9487F5880FB0ADDD7EE2947C8EF06120E
| MD5 | bc8eef1d7a0e8e4bd1d200becea9c12e |
| SHA1 | 252b2d0c72dec27bb97720ac53da8ea594366aa7 |
| SHA256 | fac53a7049871109355a459193b57aa6425ede6e50800a3c7138a4222f5b4a1a |
| SHA512 | c2f055adcc6423d71c512a6ee81c5a0b91a02eeea54fe88bf530fe673923c403b333f6630b834bc86204dd347761411d94495e922b39b91941aaefc7ceeb932e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\F54E7030F181831909BFCE5EACACBD3D867BDC0E
| MD5 | ad9e3306274caa0aab201a93c2a91b3f |
| SHA1 | 0d321a71448da89693a997c418866a89fd427180 |
| SHA256 | 8d425b6eb2127cd678153a3a7ca4bc09735c30f49dad6696842a89e69f576776 |
| SHA512 | 8d2addc45700a4275260a6506f0b356c3b3cd91325b07d1cc29c42b69db1cb8d5767ce344c1f439c5b04f034caa17436a2144ac0129621622a5577eba1a5cd36 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\45C13727B6DB444F70F2FAA20129C63BE433735D
| MD5 | e3101ba1ed763afb29ff31b56a9fcc7b |
| SHA1 | 734d784f756e186fe6095d3c321661f4341b1fa2 |
| SHA256 | a0ff9a48f56771920c7f51cba6a31b3d006acf8e8c8a75eff6f92b1343d9b8ad |
| SHA512 | cae3dd3cdb914fd65c1d9a79d8ab20afb883b60c77ba8286ae6a13ab564cd302aa48aa669807766ec861f03cfb9e386e9af781d01c398b98ec709a1e074f07a7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\ADB77CF89BB7C3EACBA0400910D8956D4F8A5D23
| MD5 | 6a897fed797c772ca17f167d82ab16e9 |
| SHA1 | 0ac69d91edebb9c7d2b39f64637f61c375f187ea |
| SHA256 | 23ed4f5be4da9e481b77373bdeda8e61e087769bbd81188bacaf8da5561c5ac5 |
| SHA512 | 30d3a02461b3838327906ae9c79aa8041f80058dad784804e42502fca2d810f79ee138a06224d1ec300ac5dfe818353005c20957215387f1a50ca6a5bb1b3873 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\CAD1414BC30A3580B4299605CCC55ABA9A6E1725
| MD5 | ecfc4601011626ded98221a321f78a49 |
| SHA1 | b18bd513b6c311daa71513fcdee99884765ced39 |
| SHA256 | b4f12d8b28884a8628beea0d61250d3c2d4a4f9b1bd0dc8d055837ebf84901b2 |
| SHA512 | 774cdd13e1e83571a67f73e98c9d262dd85c3b4672fcd5a654eb2ca33bb466f27f7fb48b0b50b5855915846b8f1089821bff2723a877bf5fc13c2bbfd1784703 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 36e1dca8745e3333ba3dbe9e12164a96 |
| SHA1 | de054cf30bd6233b1c9177eacfb75ae62c1f0b92 |
| SHA256 | 3d543df2c113e0cf5f5a0a034c157c9b93abb0b73f5ea30285653a16e41bad92 |
| SHA512 | f590cbe50a0603af2934fa7b4b5dcf129c168ce8497ea4e8173836b1961c0ceb06bbfb85eab31a3c641f68ef7d33f57047e936cd13fa8c08bad651a75b99f51b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\DBD78B5F0DD5928F802E6B4677A914D2D6B73B75
| MD5 | ef1b57bd8ec665ade6ef13163ba8923b |
| SHA1 | b778c44c962d925adeffd378a0498eeace0b12ea |
| SHA256 | 5e8ab624cd22f3bfd04ff14aea84a96032f7524edf8b71422958a1b09d0a4eaa |
| SHA512 | 3c440c0523b9fcdd5992c2600ab9aa4ed28573a3f3a49fe92918ca307023bfe5cc9698d8f36050b249a3b561e6c264915e6ac773837dc30cb895b8d76ee11577 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\8C12AF4B1C85B7FB688CEE04E1D26F39B449DF0D
| MD5 | 2dc7a5c38edd09a771f18d4b4f3dbe22 |
| SHA1 | f2e4c4c9afbde5702d68e52173c1590c93e644d5 |
| SHA256 | e1c56ad8a9afb196f88dc70f0d7edf24133e6c6838fad540f32cdbf3319caefd |
| SHA512 | b9baefd5bf2605c0117c30607c530cf155d4079756ee346bcb26a078c6243c4c33464478c1e322e3834435ccc02aaead4aaf74226ccff3dd00ab4e5c1cf78191 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | af72746889388e4929003610999e431a |
| SHA1 | 0abf06273abd670272f1a94389c3884108dce07e |
| SHA256 | eda7ff91289dab2a67572709e940fb5c352af8f8b7fc1e248f294abed316b15e |
| SHA512 | 12461299489ab89215278daf28367766c962551b5ae1751e12ef3b185d85f0b23d184f2019a461a46b753925ca187640cb9f087131aac059d66032f49724c2c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\storage\default\https+++en.softonic.com\idb\556220133rrae_su.sqlite
| MD5 | e524b89795f5e6665e9a9d82b566805d |
| SHA1 | bb7b9ce9db3371aecb0c4a3fb9ca343c5d62f247 |
| SHA256 | 6a456725e2502b0478f25488b3858a0856f7906ac242cfc92e10af4f6b7023c7 |
| SHA512 | 86eefc1b7561e2d550ac5caa43c349c227450c172d75ed109ea55c748194cfea7166ec7b2ce308121da9d6c874f9b90370fc146cdd8f17c9276c756606ce7026 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\crashes\store.json.mozlz4
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 00b539b3bb419548abc1bd7b34406af6 |
| SHA1 | d6af79a82e337c99feda462db7709a47024cb33b |
| SHA256 | eb6862f62be3e99afb4dd8a0f34d4ecdb4ef806a9f17256386839fc673da5514 |
| SHA512 | c0505eb978844b99fdfe86d967d90d9403113f2c0e422b16f3a545cc55a80c295d6a1b83df1583af421b7f3f6f562be070a1f3ac156125abe8d408c150ba30c8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\40E5BF886058FE0943199ADFB94F83027FC8F8D1
| MD5 | 029c604ff6e25828adb22d8479279dc7 |
| SHA1 | 039bb6aae2003721f32cc886fe8bf9f071be34ed |
| SHA256 | 3d05e2b4ed7a95ebe43f5f8833a5967de62cb232752cb545bce615632d5d54c7 |
| SHA512 | 7bca80c1e6f87c22a9d53806402625e9092ffb956b90f8ed2f73f4d8cbb6edcf90ae9475de36cff45b0e635d5d653c2378d105d796794c8fdeb92ac673e5ec16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0d89b54b979ee85ad0caed4eca396157 |
| SHA1 | 9f0bc7acfa9e7e9e96176b6d9ba58f65d5c44948 |
| SHA256 | cf523c43fa152651856b4941908e70d7969a6378fe1c34a25d6f14e094a281c9 |
| SHA512 | 65eb233adc2117f70783fe2fbeb298692b98c11f195bc496c6fbe12599a87704f32596a53f10557af4c459e3981e4cd5af0a276f0703c19a0cc61d082937234c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\storage\default\https+++apps.microsoft.com\cache\morgue\226\{aecc7ea3-bb7c-42cb-ad62-249ed78491e2}.final
| MD5 | 790c5c7ad475f87b737a3cdf125af607 |
| SHA1 | b3f03ff152f1d1ee688c0857d8f6545b0c75a199 |
| SHA256 | 6cd970e87cc9fdee528f9cad280b338344637571b342704d75db0e4111426a72 |
| SHA512 | 1215f5ba22c928aac28ec29ca4589c20fa9179221f9f6da38d44ff76ec6deff9a402d0e80f6f67fdca04bbd4ce512ed7503bc46612d3dfa6d14052d08bfda5ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7c8f4af956d757434e091947bd14aaeb |
| SHA1 | 955f26b43c7cb0d94416ad36027dba0deeb00461 |
| SHA256 | 9f026f0d3c54c48cda202e3a0fc93b7f67389fac7a55ff55766282c2520957b9 |
| SHA512 | b0047c7ec2a986ef02dad39c9a75eac8c78cfd31f710111dbcbd19d09fcb2428e269de453d333d2d2eaf664a4798be512004fb2f80574ab02555bf08786b6172 |
C:\Users\Admin\Downloads\TranslucentTB Installer.exe
| MD5 | b8e98d17b580162756cfe7ca7e669eea |
| SHA1 | cb6c6d79ca2f7df7b941d5cdddcb3df53064eaa1 |
| SHA256 | 5b779fb72ca183d646e522af01feaceecd302ed3c2a8bb85dc8323fe5cc212ee |
| SHA512 | 881b5d33baa2c83427091aa52e7ec5f8749fd77cd8422bb33da384b71e99db8cd8526cb8d6a41a40e19eae3d6c7a539a6d736e10e17eb5bd523b5cbea730751c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\downloads.json
| MD5 | 1647a5ca15a5fe082c9bac3872ecc9e0 |
| SHA1 | 3620897c603d50d19105518236bcfdc3ea395121 |
| SHA256 | 82dd44234ffd64cfc35bea69dfd2c1bd9850e300960d63b0fd77fd2a4a163ce9 |
| SHA512 | 03917214949450b0c0bca2c07c96116f64b3621539ba55fe6d543cadca3f77a769881e3c411663484d474c633c6ea3e706b9e33f1dacdec1f1c639a3b3c0efa9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\D3AD35CBDEFEAE786B275EC64890815CEF5D7C7D
| MD5 | b04d9327dbf63a1768443d7a46f9ded9 |
| SHA1 | 29b025ced6b3543a613f43336a42d633587ffe1c |
| SHA256 | 028b2bc7cdaa6bb8db743602160e2f69f1e83796ba4b25fdeae5f4641abebbae |
| SHA512 | 638472a7add80b7826f9fc741061e33b97be9aacc331d5a85904579bcf7dccbcdccf6f6806f57f2f0af93d958d94e55bf40f7a64a1d7f800cf3b8eddd6c3d0d3 |
C:\Users\Admin\Downloads\TranslucentTB_V2024.VcKZwb4l.1.0.nupkg.part
| MD5 | 1a349ec9fd696f53c22a71506cb72ad0 |
| SHA1 | d21602099b4220b02dbac4d54f1e5cc0ea1bafae |
| SHA256 | 3665054442f8066d77fc4c963e1a8f50e7081689fb1ecc0ef7a27ed63d6f777e |
| SHA512 | 8a6d53889576f6d74bbda784a79720dfcb9856c90a856ae315e71e11fdea341bd6c0c0cefa5a747b3cdad32375e35ef668a85744719881930510ba70900c8267 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 94a609f4beaf7ec174c01fc8c5271f62 |
| SHA1 | 50819ea2ad2bb3be244210a64b9fa984ce536301 |
| SHA256 | d0d56e411076b5dba712559461fa891a5d4b92048f29bebcc8132a45c2d5cda8 |
| SHA512 | e8e5c4758a91defc6d1f1bbb859bba719d8935f16f85aca23101a59a95a99f96a96e832d3e13e7cbf64f362dbad3b50b01ca955aecd0280ff3cdbed469c85bda |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f8d9755437882ce472355870416fb7e4 |
| SHA1 | 5120f77b30e6a594fc548467e4520b8617373a7f |
| SHA256 | 25b5fd00f34e6fa508a213afb22ffbc5f38150de38546d9fbd90781574ede949 |
| SHA512 | 3282c2177680784ecde53837a3a6cbafc97b5fd5d2e585bf2845383565f2617cd041439ea93e47bdd9e7dafcc4bce15652fd67d9f0404707d567bad64f78e135 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
| MD5 | 0e150de49058fd0d360be24e66230484 |
| SHA1 | 72fc9cc30e91888e19241910a23961e73b766e7c |
| SHA256 | 8c4142aaab816985d2a0a15be09260f0cc751eba9ff077de4d9eefbb5c994064 |
| SHA512 | ed7ab7da662ef9d1bab4e1375dfd07e35b45cea1b9eef4ca601e67ac437823a2890a0cabc6e59a3f372a5d5e025318151acb29db704fa8e86bc7ab2f7d834b11 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs.js
| MD5 | c3475bf39da0c0f1c86e7b5bd19c9fa8 |
| SHA1 | 8997eeb368e975ba9fa5fde869483ef6cb263650 |
| SHA256 | f1da18cccdb906d77bd1baaafc58d800648a0af5cd6aa86f1ea1514e13baa031 |
| SHA512 | 90bf56f53205ca0d01f82349abd7776954fad62b6ef21998935c7d4aeebb757972b81d19e6f49246cace4b9603a26713a12af1225527a36906df8ae805910e5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5e40d298be282770201f8505aa6cefd2 |
| SHA1 | c2820e666d0168bd7785242a19005768cc4c2bc1 |
| SHA256 | 0aeb73f9441fad429f479413bee9a322b1ac124c85f42d979e7d8975dd6bf715 |
| SHA512 | a7976bd146cbc6ceee3133ed8263d9c29f45d3040e540ae08a192666b47e9cb729f0f75512643fc67dd6fbd90609e4517059b5f19e7bc865b9dfde77747139be |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
| MD5 | 075ec463b18b81fd1b81e44a13adbd03 |
| SHA1 | a509734369326c85f361593a4ddd5c59ef6adf4f |
| SHA256 | 2ee07fc7c66b85b7689d179ddef42884f088917e4fd76b1158dd3758bd0d6332 |
| SHA512 | d61da17695ea55c65d3be34f5fe055562ca6183ced89ee4f6bf1baaaa2f4441412b675235b401de5446c195e700c93744a27dbff2544db1d10c8b005b3710383 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0efde0d57b5882f3808b43270864515d |
| SHA1 | 7bf30bc952b15d91b935eb9788c4de941729809a |
| SHA256 | e4705217ad696f4d23842a54c38e21834d8b143021074ead8cf1075b4077c096 |
| SHA512 | 74f5c407b47df01674023cec0c3a05b5e2c6c7949f9ee53cd57931faba9b858d88aec565e87e7293e4cc5cfc0e2a070bbda9de50406a3958299bd3f95b24cef9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b08c2534521596c0a2fe9b02b638a2e5 |
| SHA1 | e3caaf5fc84b798d4ad70dd271e22795936d3f70 |
| SHA256 | 5c4c776d6eafbf0b3b6c76738ab58bcc54ccebf3a8cb0b97ed2b332e344afe6c |
| SHA512 | 347308ba39d09deff36db8da87a7ea478fe240b9841388f5d937aee66a43454d32248e0fff4825df11374af4be4aff86cefd846b2b56041627b1cb1c0b043e24 |
memory/6764-6283-0x000002084CD80000-0x000002084CE58000-memory.dmp
memory/6764-6315-0x000002084EB30000-0x000002084EB3A000-memory.dmp
memory/6764-6332-0x0000020868800000-0x00000208688BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tmp4EBB.tmp
| MD5 | a10f31fa140f2608ff150125f3687920 |
| SHA1 | ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b |
| SHA256 | 28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6 |
| SHA512 | cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12 |
memory/6764-6345-0x000002084ECE0000-0x000002084ECF2000-memory.dmp
memory/6764-6346-0x0000020867510000-0x000002086754C000-memory.dmp
memory/6764-6358-0x00000208681F0000-0x00000208681FE000-memory.dmp
memory/6764-6356-0x000002086ACE0000-0x000002086AD18000-memory.dmp
memory/6764-6359-0x000002086AD30000-0x000002086AD38000-memory.dmp
memory/6764-6355-0x000002086ACB0000-0x000002086ACD6000-memory.dmp
memory/6764-6354-0x00000208681E0000-0x00000208681E8000-memory.dmp
memory/6764-6370-0x000002086B700000-0x000002086B888000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 44082a56c4e7e24eda2c59270d210167 |
| SHA1 | 7ce7d4713aaac1d66d48503a993633260e5a6607 |
| SHA256 | 7c2f534c9b015ea34738d1b9f3a7c2b24251e6e96e36abce4bd0194a00b545bd |
| SHA512 | 4f5afdc5173e904738eb9eec7a808aa6e9d350ce5577a8e778b074374d54d9e6e424fff2a275bf3c22e75f3a78198f7df4902e0c36956780a631d22aebe57d2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fe7969d314c11b6df83dbb97e918433 |
| SHA1 | bc24bbd74dabbe3fd4601cecb4bda00feab1c5c2 |
| SHA256 | 2d6a1e7be7fde64500470d6034c45edfca62970854083cad662878f69892bb8c |
| SHA512 | 2f265ee6a7b357d10a5c7d96acc3f7f2ecf408d86ac61cfeaecf375ad9edf9ce9fabe8c1f78258a4b33fbf72be0a90e75729a3aea0f97e33b446f4357a005c5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ea0e91bc35f054508f3a80de9556c68 |
| SHA1 | c5e96f516e7ee62bb06c409702a694c3176c4953 |
| SHA256 | 41afa6bd43020e538a33b6454d9adc583fa4da440534bba286dcc5038d2abaad |
| SHA512 | 2cba92e146afa55ed7078d1534dff5000f9a880fa4bdf805549b8059c4e46403532c19fd1a25b30bcf46ca1b8d08da4d1160e5a352ae53feaddc9711fb45594a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 301283818d2a757719b7d2a98bc71adb |
| SHA1 | 4a394235939c429cc75a48a91da0dc811014d38e |
| SHA256 | 52a598e80420bd233dac3ac3cca21be5a687434f1b76268212269ee6e94b7489 |
| SHA512 | ef48bddfc3f9e88c1e87342fdc4f0241375211ac4f6f4bfa1b07aed03baa6cb1b7a8595aa973c37ad1c94099775a5574d4cec8d8013b4021446b4239c1f194fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | 979bab4c9062fa896530ec4073c8d806 |
| SHA1 | 48fd6cf195dbbca686810c9d7c7936e7e3ca3c34 |
| SHA256 | 4e184f67d694eee28b9d6ab43a8c8fba654b67da76b33e4eb9996ab69b55f51b |
| SHA512 | 034411449c5456006a67d0f96929038f0abf068f5d095ca26078e381dd21751abd42d661f8c07df1c4ef5e3f2c90a4365841e21f1242301b772d3f8f1db63fd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | 402fd215ac48175f74aafb6a1ab253cf |
| SHA1 | 747caf62001a51092f48a1eae93ffce6f791d559 |
| SHA256 | 56b9bc5d9a5a944ed8f288399970b127ade0eb05bb8deb8d44347abf89cf0993 |
| SHA512 | faf99114369939836674ad9e888206809c6a03c2d4e1974f0b0b4ca000555db1e54527b30a5ee16bcbab413effd47b10833a80961dceeda8b10135926c6fa99e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | f96095a826f4c8a4ee231b4534923cb4 |
| SHA1 | a6d554aa3c24750774b58c35753057fa9a288c4e |
| SHA256 | 7ce5db2c03325f509eb95bb72890220e4055f3e44893b1a7ce1be4ff8a247c77 |
| SHA512 | 6ad4a5033487d55fd9168968f9a956df0504ebd0c7a557b9a5e03657c37c08e78d7bdf3ec20da19408a02a642b0f62b73b878ab47d609b4cc070263c65041ce0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 8bb5fed5dec9037d8003cc90b375729e |
| SHA1 | f56c3fad12f9f9bf5d814572636ea3166a08d0b9 |
| SHA256 | d005975003d74fd1104e0b406e901661d921fd0dfe2f7b471799a12fa8e85d50 |
| SHA512 | 8fb57009b20039e909b24ca669da31aa71a5cb4b834cb5f2f11e47a637f4ae57d6c102480ef72e94abef8fe24c878767b2fb7deaafc584f42140bd40f372e9c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | c158c475d200ed257b28bd1065aaed0a |
| SHA1 | 61f0fb73a428bfb2f1cefe4570852001077cb412 |
| SHA256 | 89167c1814e734c7f738b3a9ea1d9aa91040c7b13d6f8e66bbe9beae4e25eaf5 |
| SHA512 | a707cf0a0fbbf83c28025d4b709300195158234c947b4a026d811b1a27c504701bba3cd4f618b1326169a0c3de7c8bf17f8f990a22306263632170fdbef72aa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | ce8fe1690f6c80484ee4d5c768b9c36f |
| SHA1 | 172f6e1c627b5911579578855fc3de09528e6257 |
| SHA256 | c8913475c4e19d2c3febb15471ce7dc80131caabfd9ca403707f6324989dc1ee |
| SHA512 | 9c76be3a5c74e8b920e57826e055047cafee3486d873ce811e669fe4e22c04a69ee039172b71207c8600050e784dffe3c10638eeb89be443f182feef82df42d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 48019141bf74a45b29964cc0bef4be3d |
| SHA1 | 3257fe8e20548955d23bef24e87a610a71410a64 |
| SHA256 | 53625ab15c7b5f431896ec61ab7d936254640821815c36138288b117e74c8c53 |
| SHA512 | 8db40d306b8970167b3a64e7b61702d5eae70025ec639040ea66acef6d0102d7ed79a7470952d3a9c025f6ef65a7e2ace72f50969fc2b53116d56b8c96b2602e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 46b151bbc5a21cf5633cdd813837ab8e |
| SHA1 | fd262fd696c4f34525514007248b575679d490de |
| SHA256 | 68bbe068d137224d5bc3a3f2c1e9c1ed7445e9215aee65ead180e9565b86658f |
| SHA512 | c1a3a1f73db2cb7377b4b534d73db6215def50fc2ef325670d042352d995b438263a557d76533803c7c10ea9c90a6dc6dc0114dea7ce8ec1731856bf7189637d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 68a05a85e03aefd1bb77a43e57305711 |
| SHA1 | b9c484ec663c1d989a5020dc859b91d0ce81f6ba |
| SHA256 | 1ea2e4a5d64ed67374207ba04166d4b0d3c37e59c4451e855f6b980634bc9963 |
| SHA512 | b26da58f173bcafaff6c063665dc37d6a4e16d45909bcc418dc6f6957f6bb1a577515648431193e2bd1d910a3f5f32a02a296bf6f89e2e876040cdf6e207a5c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\be6011d4-f5fc-41ad-b24c-d37bd0c56f65\index-dir\the-real-index
| MD5 | 82ebb88a436caaffc4f536efe50d5ea2 |
| SHA1 | 5a077ff639e7a2671099c176d3d93e31a84dd7e7 |
| SHA256 | 9391dd1a7286301932468b83044a51d7499e4a5291355a5b3b0e73bd2a506985 |
| SHA512 | c4deef09fd0bb1b65e6b470fb9c5223a91fada59b9f3fd5f8bfe1a454bbde71b29736b652b564c76bbec1e125efbe23b48910d34d3ba87376c3b128282ee39aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f1550768fdfc6f5ec529eae55f02a842 |
| SHA1 | 0aec34d99327b4150af00f441f2eb530050dcbfe |
| SHA256 | a65836db7ce1d5d12fe875777b092771786d372c91ffc2afa445027a765ddd54 |
| SHA512 | 849e8404be359d95237511f98b2c2479a17578fa183cccba48ee1910f9adc95fd55ed61c48985d3c4c0eaf669ad5a2c5d933f14755edeb368c650c1c82fe016b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5910736d3776f86d432aba19fbba661a |
| SHA1 | 5f5b4e506f35c593d93a523b1f6acb1f6f372d76 |
| SHA256 | fa5f9f96018de443c19ab7478f16a875e18b63d00e7e70a60c4ae2167d380239 |
| SHA512 | c2ef9294da252e67dfc55ce127a8b31b41003c883662e86040cdf7dbe6a1d26f238cea31789893969d9d50e54a8c66a4562dc4d8a488aeb5f1f5d4f013e39009 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe619c8d.TMP
| MD5 | df19750b99e54555018e57451a0bdd2e |
| SHA1 | 2fa1fc31faf14265af19be04c9b7defe681bc238 |
| SHA256 | 64f3f6ee3bac64b7dca5cf48d926b5a400060aa0d55dc146680bef69e0f8a736 |
| SHA512 | bb05ade3de7e304215da3dba602421beddc92bee77189bde0767bb1ba41c495a8f5417451a6ef7ae431cefbc11ae59fd0c69ab49842da65c248e02ce1e7ff773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\be6011d4-f5fc-41ad-b24c-d37bd0c56f65\index-dir\the-real-index~RFe619c6e.TMP
| MD5 | e2c1d7df0ce4d269ac750dc85b1ff287 |
| SHA1 | eebbbfe541f2ee694205c6c973371fa278778df0 |
| SHA256 | 2c3f514a988629f43c097a2fd4d4fdb2a7068fa168c388b4c8d590e81ea62ecb |
| SHA512 | d21739ed1204c64eb51f7eee894cf59b18b0b16977ad87f679710fc7a9837a919c4fb8d08826bc23a4fa00ea4187fba74dbd508ee91d027e2c8f8e5ea5d89b56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\a0e826fc-bb60-44e5-9122-a394e23cb802\index-dir\the-real-index
| MD5 | 5f0ba53936dde9c9bd99ff3beb332632 |
| SHA1 | 552cfe29639ed3c5c9ab0130e0384c3a229e51e9 |
| SHA256 | 51740f36b8abd44faf23c2763ec16997c41f54335b37e29d6f02a2f8ff17a6f8 |
| SHA512 | a37442aed46d319fe2ca8ec0845277bb1eb05ef7ed275e3dcac16e253d8f6295e867f4f645b31dff280c017cab6b24b1b2d84a5ae43182ca5cc3a02d1179e1e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f659f6ab5f3558e7ff4daf4bcd327509 |
| SHA1 | 05370223731f126e8c686133a2617aeecfbe912e |
| SHA256 | af6f04f53ad836259148340e5a23b14b37fdfa1d3178889dca543497fdd0bc10 |
| SHA512 | 6aff28d87305541c57426f4ef712f63bed0057efb2001328e4bb8084e504808c1fa965822bb465634252e3b51877a409ea5c1142d91fd1fb34948b3fbebbf164 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\a0e826fc-bb60-44e5-9122-a394e23cb802\index-dir\the-real-index~RFe619c6e.TMP
| MD5 | 443fc58616f7c7cb4dcaff63b01e02f8 |
| SHA1 | af00f9601d45a0d02de21ef4aef83eb76caba968 |
| SHA256 | 7a96f77bea12b4e4cd2def9a84c37e09ac0eeefb6e8005a085e35c4cd0d97398 |
| SHA512 | 4612def2b158260627bb7b04f401bd5aabf56870e3a743dc4e26a620bff008ee92523fbe4acf0611d8146e75c1fb6684600b4bad23102f39a10d8d4949bb3b28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | adc3f3a0c0386bde2b74a0e8b1959b55 |
| SHA1 | 72529d9ca63b1b9929b992a43c21fe2ca27152d5 |
| SHA256 | c78dd4c031e25d07ffc461f6189420d3cc06928080b26e62ec833b1b54e287f1 |
| SHA512 | 35e57f6f0b56a4a96aad8739e234affa1289278713300fe74faf06fe36e99928f76b7eca25caf04e3e3fc425a4fda24dc54926cb6fffcd3dc02d371c51db4170 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | 6b3c615f931d5e738b87c3f62859a68b |
| SHA1 | d2cf903a74225b8e12d274ea03de04d766c7b4c0 |
| SHA256 | d9cf4761eb0d6044068b404a5755d82082e0e06f1fe5ea6b483f21262fe036fd |
| SHA512 | b9e2fe44f07b9adc2c89a58e5cb32df0eee4688b24a0da54b30c887fb12f9c3b7a79c7bbfddc4f9c24d896dfc1d61e9a7fe23b9aab327d6ab43349f7588a4ee9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0af539df51d75e44be50aee02f9d94c |
| SHA1 | 1847b780a04e4c173f2af1726c976d4594de719f |
| SHA256 | 4251feb108f58f0c22ac514e22a6753294e6fb63eae2fc3e43b5083d3e746d6d |
| SHA512 | 43d6f8a40bb5cf2815204085b54f6595d19b87674fa5c52565b812f272dec10f87544544ff316e08c8882d58cd145d751ebbad49f5cd35c2cdab5bf0bc188235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0c1e67e34dd0c8aecc6e05cbb7155b14 |
| SHA1 | 91749368c81ec10a1cbf306ce0fcd5d6a0e82705 |
| SHA256 | 80468ec8ce1d6cdf3eea6726aec1ad8ef1d99d7674b5d78ff878406a85c2da3a |
| SHA512 | 27684378f20eea7ba9c6c7b7a3fbdca3af58c92ddbc8c07865cab40ce4364cb07b14592aa839f2f7ef10c23f46ec95bd329736202d24b80f0d5f795dc4fedfb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |