hxxp://google[.]com

Resubmissions

14/10/2024, 17:05

241014-vlsk8azdrk 8

14/10/2024, 16:35

241014-t3y9navclb 8

Analysis

max time kernel
1219s
max time network
1218s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

discovery persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Executes dropped EXE 6 IoCs

pid	Process
5784	MSAGENT.EXE
5292	tv_enua.exe
3812	AgentSvr.exe
3568	BonziBDY_4.EXE
6236	AgentSvr.exe
2008	BonziBDY_2.EXE

Loads dropped DLL 44 IoCs

pid	Process
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
1592	BonziBuddy432.exe
5784	MSAGENT.EXE
696	regsvr32.exe
3432	regsvr32.exe
1940	regsvr32.exe
6064	regsvr32.exe
3924	regsvr32.exe
3532	regsvr32.exe
4556	regsvr32.exe
5292	tv_enua.exe
1600	regsvr32.exe
1600	regsvr32.exe
1000	regsvr32.exe
3568	BonziBDY_4.EXE
3568	BonziBDY_4.EXE
3568	BonziBDY_4.EXE
3568	BonziBDY_4.EXE
3568	BonziBDY_4.EXE
3568	BonziBDY_4.EXE
6236	AgentSvr.exe
6236	AgentSvr.exe
6236	AgentSvr.exe
2008	BonziBDY_2.EXE
2008	BonziBDY_2.EXE
2008	BonziBDY_2.EXE
2008	BonziBDY_2.EXE
2008	BonziBDY_2.EXE
2008	BonziBDY_2.EXE
6236	AgentSvr.exe
6236	AgentSvr.exe
3568	BonziBDY_4.EXE
3568	BonziBDY_4.EXE
2008	BonziBDY_2.EXE
3568	BonziBDY_4.EXE

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SET5478.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET5478.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBDY_4.EXE
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Regicon.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSINET.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Intro2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\chose.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\fix.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR	BonziBuddy432.exe

Drops file in Windows directory 56 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msagent\SET4D8E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SET4DD7.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4DE8.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SET5456.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SET4D8F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET4DC5.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4D8F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4DB3.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SET4DD6.tmp	MSAGENT.EXE
File created	C:\Windows\help\SET4DD6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET4DE8.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET4DB1.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4DB2.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4DC4.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4DC6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4DC4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SET4DD7.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File created	C:\Windows\msagent\SET4D9F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4DB2.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4DC6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET5455.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SET4DB1.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\SET5456.tmp	tv_enua.exe
File created	C:\Windows\INF\SET5468.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET4D8E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4D9F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4DA0.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File created	C:\Windows\msagent\SET4DA0.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File created	C:\Windows\INF\SET4DC5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET5454.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET4DB3.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET5455.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\SET5467.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET5468.tmp	tv_enua.exe
File created	C:\Windows\lhsp\tv\SET5454.tmp	tv_enua.exe
File created	C:\Windows\fonts\SET5467.tmp	tv_enua.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentSvr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSAGENT.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tv_enua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_4.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_2.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentSvr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFC9BA1-FE87-11D2-9DCF-ED29FAFE371D}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A981630-37C3-11CE-9E52-0000C0554C0A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6CFC9BA2-FE87-11D2-9DCF-ED29FAFE371D}\VersionIndependentProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCommands"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ = "_CPeriods"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D31-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CLSID\ = "{35053A22-8589-11D1-B16A-00C0F0283628}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\ = "_DYearEvents"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabPanel.2\CLSID\ = "{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\Implemented Categories	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\VersionIndependentProgID	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5A31F2F-122F-4615-A9B7-90841538EC7C}\Programmable	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24830770-5D94-11CE-9412-0000C0C14E92}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7F-3917-11CE-80FB-0000C0C14E92}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\ProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID\ = "MSWinsock.Winsock.1"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5A31F2F-122F-4615-A9B7-90841538EC7C}\VERSION\ = "1.4"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Control	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\MiscStatus	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\ProxyStubClsid	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA478DA1-3920-11D3-9DD0-8067E4A06603}\InprocServer32\ = "C:\\PROGRA~2\\BONZIB~1\\ACTIVE~1.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\TypeLib\Version = "1.4"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{22DF5084-12BC-4C98-8044-4FAD06F4119A}\TypeLib\Version = "1.4"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24830770-5D94-11CE-9412-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\Version\ = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\LocalServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\BonziBDY_4.EXE"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07D0E280-EF44-11CD-836C-0000C0C14E92}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\VersionIndependentProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B1BE807-567F-11D1-B652-0060976C699F}\Forward\ = "{916694A9-8AD6-11D2-B6FD-0060976C699F}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSPanelEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\ = "IButton"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\ProgID\ = "ActiveSkin.ComFilters.1"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F4900F5D-055F-11D4-8F9B-00104BA312D6}\1.4	BonziBDY_4.EXE

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\42.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
4788	msedge.exe
4788	msedge.exe
1120	identity_helper.exe
1120	identity_helper.exe
4684	msedge.exe
4684	msedge.exe
4948	msedge.exe
4948	msedge.exe
7056	identity_helper.exe
7056	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6092	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6092	AUDIODG.EXE
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: 33	6236	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6236	AgentSvr.exe
Token: SeDebugPrivilege	5108	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
1592	BonziBuddy432.exe
5784	MSAGENT.EXE
5292	tv_enua.exe
3812	AgentSvr.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
3568	BonziBDY_4.EXE
3568	BonziBDY_4.EXE
2008	BonziBDY_2.EXE
2008	BonziBDY_2.EXE
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 3324	4788	msedge.exe	84
PID 4788 wrote to memory of 3324	4788	msedge.exe	84
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 2012	4788	msedge.exe	85
PID 4788 wrote to memory of 3128	4788	msedge.exe	86
PID 4788 wrote to memory of 3128	4788	msedge.exe	86
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87
PID 4788 wrote to memory of 848	4788	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd660046f8,0x7ffd66004708,0x7ffd66004718
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,4272797545247464996,5433001761105022944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4296
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dba5a9c-b0a3-4216-ab89-4fffbc67b616} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" gpu
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ae4648-222a-4741-94c0-231510ad41b5} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" socket
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 1 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {777ee77a-f8ed-44c3-829a-7d933ad94fe9} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:3356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fa06306-60f4-4c2f-a60f-361d869c2a1b} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4892 -prefMapHandle 4888 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cd0f2f2-7d7c-47f7-b350-06b65f5bdcea} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" utility
    3⤵
    - Checks processor information in registry
    PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53673587-e914-4a50-a4e8-20c57dd49cb2} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc0fd4e1-fb35-4391-a4c7-ff97a2c0b611} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5788 -prefMapHandle 5796 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1aab8d5c-ec2f-43be-8890-f4640be425e1} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 6 -isForBrowser -prefsHandle 6140 -prefMapHandle 6136 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e4cd1bc-d54c-4cfe-9381-a8a7b9933d0e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6552 -parentBuildID 20240401114208 -prefsHandle 4480 -prefMapHandle 5024 -prefsLen 30453 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31e3b13d-e9bf-4bfb-a6b4-6cd22bc7adde} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" rdd
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6472 -childID 7 -isForBrowser -prefsHandle 6552 -prefMapHandle 6676 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de1dbb2-d5a4-40b7-8321-5b036d623db2} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:3508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6860 -childID 8 -isForBrowser -prefsHandle 6864 -prefMapHandle 6576 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75aaa0ba-a5b4-4f1f-a68c-ba70fea2caf4} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7056 -childID 9 -isForBrowser -prefsHandle 6980 -prefMapHandle 6856 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b84c022b-498b-4816-83a1-d0d6e81ecdf8} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7356 -childID 10 -isForBrowser -prefsHandle 7328 -prefMapHandle 7332 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e12b3a27-b55d-4a14-9d3b-dcb46eaf970e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7584 -childID 11 -isForBrowser -prefsHandle 7504 -prefMapHandle 7512 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26217d69-4bf7-475c-800e-494f1ecb315c} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6516 -childID 12 -isForBrowser -prefsHandle 3852 -prefMapHandle 6056 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bab48a0a-d5a8-4897-97f5-2ef5a66fdd58} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7748 -childID 13 -isForBrowser -prefsHandle 5856 -prefMapHandle 7508 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61b9c43f-64b3-47fd-99bd-866b442bfd9e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8484 -childID 14 -isForBrowser -prefsHandle 8472 -prefMapHandle 8476 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41c903cd-be9f-4dbd-899b-62925a94f8ef} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8756 -childID 15 -isForBrowser -prefsHandle 8812 -prefMapHandle 8380 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ffa7281-3494-4f8f-b2e1-c4158c946f6b} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8852 -childID 16 -isForBrowser -prefsHandle 6896 -prefMapHandle 6912 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fb8f98a-ce96-4214-b532-7155eb79b7b2} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 17 -isForBrowser -prefsHandle 5532 -prefMapHandle 5528 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6582d90-d3de-4228-9cd0-7e631aa8ec4e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1396 -childID 18 -isForBrowser -prefsHandle 6912 -prefMapHandle 8492 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc418362-2391-42d1-8d35-66006baf15e6} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6816 -childID 19 -isForBrowser -prefsHandle 8344 -prefMapHandle 7516 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20015a33-e5be-4b92-a338-c57421393c19} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6176 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7680 -prefMapHandle 6856 -prefsLen 30532 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbe82fd1-17ca-404f-8a54-b66e6bef8ffb} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" utility
    3⤵
    - Checks processor information in registry
    PID:1096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6740 -childID 20 -isForBrowser -prefsHandle 6692 -prefMapHandle 6724 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7ac5f45-7633-4b67-bec8-525a5fd36f6d} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:2636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5116 -childID 21 -isForBrowser -prefsHandle 6860 -prefMapHandle 7440 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e053e1aa-ccdd-476d-afd5-344e4c90a88b} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7060 -childID 22 -isForBrowser -prefsHandle 5664 -prefMapHandle 7576 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad83eecb-9cbc-4caf-8ee6-bb5be38c92b2} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 23 -isForBrowser -prefsHandle 8356 -prefMapHandle 8368 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f92c6dc0-4b39-40aa-8df3-f2350c45b040} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6188 -childID 24 -isForBrowser -prefsHandle 8316 -prefMapHandle 6992 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49eb4da0-fced-42d3-993c-b49ed7eddcf7} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:2188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7256 -childID 25 -isForBrowser -prefsHandle 7016 -prefMapHandle 7288 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34c16e69-e493-42f1-90a1-b9e948954572} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:4144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9004 -childID 26 -isForBrowser -prefsHandle 9048 -prefMapHandle 9000 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2682801-0b76-45e9-ac4c-c9015f3b2b5a} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6296 -childID 27 -isForBrowser -prefsHandle 7440 -prefMapHandle 6704 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4edbb49d-d53f-4ba0-bef2-4f6f56945c3e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8772 -childID 28 -isForBrowser -prefsHandle 7548 -prefMapHandle 7060 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8537e620-2dd1-4e6a-8ea1-3767d31feab3} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9196 -childID 29 -isForBrowser -prefsHandle 6436 -prefMapHandle 7440 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bde65d0-dc1a-4393-8936-bf4002664ab9} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6176 -childID 30 -isForBrowser -prefsHandle 7376 -prefMapHandle 7232 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e976d7-f377-413e-b209-d7b400c5a78a} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7152 -childID 31 -isForBrowser -prefsHandle 7032 -prefMapHandle 6444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b82e3d69-8d29-416e-9289-43662433bc06} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9472 -childID 32 -isForBrowser -prefsHandle 7276 -prefMapHandle 7032 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05c5677b-e6e0-412c-a1a3-7aca52658236} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -childID 33 -isForBrowser -prefsHandle 4356 -prefMapHandle 6136 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8def7ea-bb0a-434d-9bab-283c05e0abe3} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 34 -isForBrowser -prefsHandle 7100 -prefMapHandle 6472 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34cf2483-31f3-49f5-8c4f-7ef4d98a89c2} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:4888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9152 -childID 35 -isForBrowser -prefsHandle 9416 -prefMapHandle 9536 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3546fa9-06b9-4e9a-bea3-56477b622a6e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9528 -childID 36 -isForBrowser -prefsHandle 9656 -prefMapHandle 9624 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f429940a-54fa-4d05-ad4a-33e367a9391c} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8268 -childID 37 -isForBrowser -prefsHandle 9064 -prefMapHandle 5568 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ec19ddc-1638-45ef-8d02-53226a71afc6} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9344 -childID 38 -isForBrowser -prefsHandle 9756 -prefMapHandle 9760 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0e0b32f-7362-4163-84ce-4c463ab97212} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:3760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9332 -childID 39 -isForBrowser -prefsHandle 9312 -prefMapHandle 9308 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a63a436b-ec37-49fa-9549-93c866d16aa0} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9128 -childID 40 -isForBrowser -prefsHandle 9396 -prefMapHandle 9996 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe303335-846a-4b9f-bb0a-cf5312771f9a} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9560 -childID 41 -isForBrowser -prefsHandle 6840 -prefMapHandle 9056 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64775cfe-c9f6-4b48-8b1b-413e07f41da7} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9328 -childID 42 -isForBrowser -prefsHandle 9336 -prefMapHandle 9512 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dcb528c-34d0-4961-8be0-59f723c3f993} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6504 -childID 43 -isForBrowser -prefsHandle 5632 -prefMapHandle 8264 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f3fe02-066c-40c7-857f-8303716abc64} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9088 -childID 44 -isForBrowser -prefsHandle 7072 -prefMapHandle 9104 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {506f2fd9-132b-49be-bff2-b141c3c8b6d2} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8968 -childID 45 -isForBrowser -prefsHandle 8264 -prefMapHandle 9104 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad5bcd8c-3996-4327-95ba-c7eec8186692} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8996 -childID 46 -isForBrowser -prefsHandle 9424 -prefMapHandle 9028 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc822e27-65ea-4474-a410-42305056e380} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4036 -childID 47 -isForBrowser -prefsHandle 7236 -prefMapHandle 9408 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d24e5a6-9753-4510-ab1e-5149f4eead9e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9020 -childID 48 -isForBrowser -prefsHandle 9944 -prefMapHandle 8124 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec67f9f6-91b8-4179-81ec-435b1bb7e14e} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9936 -childID 49 -isForBrowser -prefsHandle 7124 -prefMapHandle 6060 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01955132-934c-440f-8216-b1db697e71e4} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9932 -childID 50 -isForBrowser -prefsHandle 6964 -prefMapHandle 9072 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d693e95-6313-4136-afcc-641a38316daf} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7416 -childID 51 -isForBrowser -prefsHandle 9800 -prefMapHandle 9100 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81f35d23-dcd5-4143-b43e-4569f0f572f4} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10452 -childID 52 -isForBrowser -prefsHandle 10476 -prefMapHandle 10460 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2e9ed7-4d2b-4952-aa7a-882a3a48713f} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6924 -childID 53 -isForBrowser -prefsHandle 10704 -prefMapHandle 7416 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a965b08e-9767-4176-9e64-8ddc9d36705f} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7416 -childID 54 -isForBrowser -prefsHandle 9084 -prefMapHandle 10664 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a7ea0b0-aea9-4559-9890-4b48ac34a904} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10524 -childID 55 -isForBrowser -prefsHandle 9540 -prefMapHandle 6444 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10afeafe-4ab0-4dcb-a16a-321820d55020} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:3960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 56 -isForBrowser -prefsHandle 9160 -prefMapHandle 10344 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96d7ba1e-7f29-42e8-9525-f580a796a8ca} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7100 -childID 57 -isForBrowser -prefsHandle 9460 -prefMapHandle 10056 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b482c732-1676-41dd-bd68-91e5e317afb0} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:6840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 58 -isForBrowser -prefsHandle 10088 -prefMapHandle 10084 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c123f1-a876-468f-b903-cccaa1905faf} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
    3⤵
    PID:404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1592
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2920
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5784
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:696
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3432
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1940
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6064
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3924
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3532
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4556
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3812
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:4404
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5292
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1600
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1000
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd660046f8,0x7ffd66004708,0x7ffd66004718
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
    3⤵
    PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
    3⤵
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:6184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:6840
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
    3⤵
    PID:7040
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
    3⤵
    PID:7132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
    3⤵
    PID:7140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:6564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
    3⤵
    PID:6536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
    3⤵
    PID:6544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:6552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:6520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
    3⤵
    PID:6604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:6588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:6616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
    3⤵
    PID:6652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15145734221190588746,11817043024094877786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
    3⤵
    PID:6740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6520

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3568

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c4 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6092

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6936
- - C:\Windows\system32\RunDll32.exe
    C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0
    3⤵
    PID:6824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

Filesize
7.8MB

MD5
c3b0a56e48bad8763e93653902fc7ccb

SHA1
d7048dcf310a293eae23932d4e865c44f6817a45

SHA256
821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb

SHA512
ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

Filesize
391KB

MD5
66996a076065ebdcdac85ff9637ceae0

SHA1
4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce

SHA256
16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa

SHA512
e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

Filesize
997KB

MD5
3f8f18c9c732151dcdd8e1d8fe655896

SHA1
222cc49201aa06313d4d35a62c5d494af49d1a56

SHA256
709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331

SHA512
398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
068ace391e3c5399b26cb9edfa9af12f

SHA1
568482d214acf16e2f5522662b7b813679dcd4c7

SHA256
2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485

SHA512
0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d67230b13e26928c7428ab64f32e827

SHA1
fd9b1607bd12cb40675fe838e8b223aa0453f2ac

SHA256
ea4644ec6201c3e2f9c59fa9657ba9ca283c899e5a0e24f82c2808860f344423

SHA512
c315a36ada2de16a78cab34deb450df4270b4f13e44b76afc4aae3f44c796ba6edc8be5264f1fa0eb338586a10b2229545a47610f3cbb19d9f78bda3064ba15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6da483fb2d9b83e069958de35105699c

SHA1
6bdab4268001b987d3d19306df5c9fc9efabe500

SHA256
cb85b1134c603e09678d982fefba16d61faf942e9b781ea1c85eec8e8c3c4c4a

SHA512
e13d5fefc2b0592f98092b34ba34e2741eb4b265fbb36018284e5945ba5409f5bae8635ae446592eb775744e5206c376b2b2a8aa73870be5bc5ca5359119eba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\40eee8d3-dc85-4932-9b95-81e2f76b721c.tmp

Filesize
372B

MD5
a370087327aaf9b5d56d0dc06672d4ed

SHA1
d9706412b9b788c69951a0f775b369245286bf55

SHA256
f335ddddf7f5bed2bb80840f69c1dd45158453045bddaac494949c0c28e5637d

SHA512
ae5303fe72c11119825fa996ac7edd01fa1019130844e56b8f75718df5ce1d31b235160d12d71e146a6b5735ca0d5e3463bc13222670953b50a2be0d0f1f3a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c11ee07c34cde17950126b1d865470ce

SHA1
f37e841ece5f76570952367cf4b240c744e845b8

SHA256
a81b15c5b845e413348348f48c04c447e730acb15de7142f8fd06822816738f9

SHA512
949ef8ed5d7246fd3f0e1c3f9c551b12fd0665624f3b232b48a5ab5f99bbd185b7397d50585eaea814278f1787485d760f019c438967cb298b2996ff75df5f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a5c050998bf0ba9221a7602d3f28c686

SHA1
90ed6e1ee154d348eeaf3afaf59d8d62411a528e

SHA256
33f913d175f3b1bae692eb39c735edbdeffa28237bcfcac1db80c06a3df10a79

SHA512
e502841877328866c12a18bb8cf786ec4e818b5c7339394992292f0149415c95547c3598f92df121ff36a10edaf9e220f7134baa6dcfe4ff14768354e31aa06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
f6e32416f120670ea86e39a55cc62c93

SHA1
2e0a8cfe4f3c2139731dbc866e655d4571c09128

SHA256
4b96fbed7730dba162c467f7bbef2725523a68fb50b1dcc3014024c55e5df222

SHA512
3c21704965c1d66050d832ae45e66ae2bb6a621dbf15b577bead89053704c2a918c682055481f9062aa07a001462ec89c93a718822a4ad8637ae9e8d1f5991de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7e8ab03dcffda7bd250aa26572c45846

SHA1
ea9dcf31b0f2ffd090f6687d27f570b48fcc10e0

SHA256
4b168a96bb9ce78314b1f753d22ea5806fee80fe2595f2f7999e01a65871a419

SHA512
18a7348461d75e05bf40be79b451ecd013ad7a40c17f2b61537a779f3e917f99749850f35a9a7c44a4187e5e6161a41ba60c2b0fc1077687b4fd5674490701cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
632B

MD5
b553c73810432df606d6371e1a0c77e0

SHA1
f63e8d671cb4147121387c3b5a4a366d7a61febe

SHA256
1bd198b0389dccebf68de250dd0ab9d625d8f51de2e8216a56f7b11e9f98327e

SHA512
77dca2290c63d47ab288b34a55d64d892bf45651595b2d3c7720af7aabc3a0f98aa1bab1cb48313c06a040ef65f8ea9364eb32cefbd91202d175195d048789c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b3bf647f97d567c2ff2c61226a30c9c

SHA1
30edf7176fd0a264d2702b2d735aa9f1cebf546a

SHA256
f226909e150479ca0e59d0f24630c1dcd64efc2e06f264725677816e7a60ce5a

SHA512
096196fc030172ae0efb4e9d1ca61c2cadc4bf3c767a4741719f000c7e3d7882feb7a8f3cd129a1e768615308e6e991dc55b121342d33cb40f3c082422e02394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
362acc023f5d24fdb48d567189fedf15

SHA1
4164f790ca83456c289e8f14333f57fa4e8b67eb

SHA256
a64ea6a0476a07c364a2170b276eeee29449adbbb44179a3dc63311ccf27a69c

SHA512
b15ca49bee8d0a295139ba94fcaaffa1edb22c0d62e0749e85b8a487b897f2ac5a6b9c0137807c70080c5dab608f0ec71776cdb0e72d9aa1eba047c2752de64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57b36c545a4c26e69ce682efda91237e

SHA1
6c3bd216a0e37673ae5134186d927246699abb48

SHA256
de9cf4e5a30b018ec3cfc06969b29147846bf071b30cad8ff31bbac0824f7771

SHA512
a98f330a4c69c2a832ed03612469d1f3c19ae774f6662bb4ac93064a0c902f2c600f7d3f8a7ccf806295d21b69830bd37f2bb4beb6805c0dfafc95e00418da95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53af53a13b4835ad8fae04e311c1d146

SHA1
0a21d6a9f80139d86d2009370d98b271baf15ad6

SHA256
6ae631191a68247c8b675306ed6b417cbe921552c6f20da1e4476c215198f732

SHA512
34151499401493d8294501ee364a74e952134bef819d1549a5683e3df79c24116d48c81bb500f2dbd19a57aa574de20a198101480ea5bd5f0805db7df1caeb02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bfbf1c36cb0a3d8cc9400bb27bdc98c1

SHA1
1e629a6579b23429406424563afdf07083741efe

SHA256
1d137555f15cda5828033b9d796b83cdc6c968e18308468ff4f9d77b2358e73e

SHA512
0337eb61645fcc3a43df4788b79a4dfab82884240c9036f08cd7d1fe9e1e24835c3f4094df4e52f415d78c583cf41ab8726ab3da80da390095f159c059b19387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b90826b7e2d3218584be3bf2ccc809b

SHA1
795164f448ba7c9bb8e55414f6f23efd37ff2f7c

SHA256
237929c99648c30343c036c0c785b56a242a2c3deec86455ec93bdf6ac1ee0f1

SHA512
55afa8f29deba54db73eab931531e88603e7dcff097e684c4cd2fb17a0237031533447a6fd4dfccdef9909f75af43ac1cc67e9564c485397a20946158a16a88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373399113267159

Filesize
2KB

MD5
19ff8aa3a9ad06919c4c98a1c773c63b

SHA1
3b0a54bdd4c4e62717c05914426dff0591c93a0a

SHA256
721d3838f9a86bf039ef208a5b636dc7f506ae03f1043fdb6235d3e2019d5c93

SHA512
17b5569b2957a8ad69e16b85889f134096b2150dbe6568dff7987e08bd16712a8ebe36ca60ae3c60018669c2018deb6b96581a8c0970acd4848d64a79b455835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
b64901f3d22950c692f61314aeae21d6

SHA1
0da0570cf1406722f435711b8926a1885b830cb6

SHA256
c89c29db19fae55539ff82bf60b3337c418b2c0b08f9699ec9d63d5f723c0a73

SHA512
d44d5cedc449856960a5f7f1b7446e837ae9ad1e679cdf2793ad3b0859104d531bec217461dbd41cc43a39701f5e5aaabab983c585e7df2ff6917224df221bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f797be50f82c2faba2430eeba90e3aa5

SHA1
dd2fcc7d62d0b041bce437b84123e66beee7eef2

SHA256
b4795039f4aa55a87f043f07149664d1230b6a23a4ca6adc4db2fc8b6bb29419

SHA512
ede12ff73b887b8e84d58ea5d38b15956417e74054dcf00c2fa61af55242bbd4e7bafa5c16d776d9cfef22b0683a048340057e6f70511847a4a8c50aa8a951d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
b22a2ec3518db7f9a59c8e0ac0ddc3ce

SHA1
028c2221e3f4a6c97767827ed888761c28d36127

SHA256
74799d84c09f64a0ae00e6e3cbfc0948497a788e9749bc65105cb85918db64ed

SHA512
7534569f193b730694aee606f5ea5e9ae9bdb0a1c78b51f8c6129b26712f8fd2e78f9b74f478ad26e9ff978280295f24f8d602878215dbf066052f925a1523eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7d10c348b25b49e926ddc05021265124

SHA1
7aa10b38d0452021ce092a6b1130e3d29e74e7eb

SHA256
d62c671829390a2fc906d7b1c359a03922ecfdab998844ead84e918b94ae1a17

SHA512
9f8b248556fe7e9d88e9fd15665024651176886a38408e0323424a9aa293648afebd3d9794fcb3ed6cb93126cdfc990520bece6319bf610e508f3805cd9ce5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
5be3eadaaea467ff50bec427f26ab6f9

SHA1
56574db1b8ff51dd923115cb3e0db57e079ba8bf

SHA256
c3073cd56ff66643c7d255bc4e14601c561bf8d937b7f22b76479fa88f469ca6

SHA512
58b04167a6823e14da38784da867a08f00065a45ec79f60ce3b5126ca86c635e87c09c32d0c0480d641e1b37f1a2cce31ace166f9e9867bf6218d59f3d66d6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c3eade16a311f3b3952e4e27c876cb1b

SHA1
f2a07ef3d5f63000f6a2cdb8e003689a92eab6a2

SHA256
b078a601b358782e4c4372a26a202400d52b82c64df597ade64b2cfcd3e21218

SHA512
a6554330505103986930357de42029c320c762270a0f52d81dd0105bc6cf0da9a6faab44de1268be5dcd75542b3bc4ab0da39e0819ad6e0689dec1f0f91e6fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6cf7f3a88f820c9975883cc5d182275a

SHA1
555317591c4473cb25a41b3527551141703a7cec

SHA256
78d59c8b16a96384ce9e9f546fe02e23b6196ad31c0bfae333837ec1eb280008

SHA512
706a43fe558e700d1b3d94d6c77b7e3f2a4b5b1c91ee11ae9ee13e4a82318411a452aa52a43d9b7e0b3190a9e8717c257dd4294a2b17339463a2653d79a9992e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
075dcc98dac513a672694f746b52941f

SHA1
bf54b547bb9cb295f39321963392a227b8f3b7ed

SHA256
55d430145da7bd49af0d760a002f717f7b5c434e27e9706662c592c39f73c655

SHA512
42fa1fe3011cb936e8bcaa0bb1f7cc66b76c4faa6abf2258571e2a952e6dd7559ecb0d756036c720639a116b9ee08985126b743fe07b5321096b10ccfd3adb55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\15078

Filesize
20KB

MD5
f3462a596859a56d995bb98d2e11d911

SHA1
311ab80b3c034c7c10e93663129a27e58819e54e

SHA256
449e469ea3504dcea38a186cb490a5f5da26b1c467c671c4b8e2d8f68c92a494

SHA512
9183a0557478f5cba943eaea46df5ca7d2cac94c0fff68a1be5e19bfbc41b06fc439b6f68e18e026c39f57bb42ba1033b1a4b1d1aab31d59639a7edcc5564b0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\15699

Filesize
46KB

MD5
2303590b6db1e47d2bdc05c4dcbdd39c

SHA1
5190f0b7da2faeabac7db9aff58d258afbec820d

SHA256
a65d12cf82958cadf7533684871e9a9a5dcac503f0572622f4e9f2d10ae3e3cc

SHA512
a73931f350373714f08e0f584777a2d7f500a9449a32b159402e92e1408633299cbc816171265644fae281d8c38c3d485add950523b188541a5ee333e70fa903

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\19924

Filesize
25KB

MD5
7496335744dcdb0eaef06aae9752f7fc

SHA1
ea0e3d9aae1a9e214fb980b98f0ff9f1e9282d60

SHA256
8a0b06994c30e95883fa19cd927dc12b3231e22ae341f48e51e706e07531e864

SHA512
f33c47e6bb0fc84191c93baaf9a636e9f779619e3a7aef746063bafe42558c8a9ffc23b2a53bc0147560e736a5b0b920a5937a432e4ad34017a49222690d825a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\26710

Filesize
15KB

MD5
67b2df7e6db32e4b46b1bd9169d356f5

SHA1
829957bbdb1f1223448a2a4123f027b9ad6e03c5

SHA256
bb37002278656fe933fc38f3d5349540d3c833eadf0516f8529565500cb7265d

SHA512
fe876b97082c0775892bbcd524653e08c9c25bd91dacafb11fe3c9a6d50791377d1fcc36fbc4837aeecb6ccb3c6818d9b379f58167f79a747c5b57bb5c020468

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\034C931B5AD83C665F2966DF9600F2719C77120C

Filesize
29KB

MD5
db28c9412481040a094c44677e48639f

SHA1
d334f516f68df4dff9ac275fc98c83e8038b8014

SHA256
bffa69ea5639d5dc7dafcd01e092584baa3925fd897cf27a82aa2177b7278fea

SHA512
75749e4de198186983467b54dbfc7d91100d6f004786dc6e7ae29ba8f4e5a1b88cb32efb3e3cd930525f5d213cfb4a55ca29c84da1c7722951e8840aed8b73b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\04B9F0FB7C466980A18B81686266C55B1664430A

Filesize
993KB

MD5
16c078d2ce6af99bdb0f01653ebe5713

SHA1
f31cde7d88eed76e23e3be4f83d0c82fe5d675c1

SHA256
1d1f3ace7a1f2fd910bb2ef7e20ad34126b5eff5f5ecacab4e6158060176bf60

SHA512
0ba23dc5946a49fb24cf23b3a385507d21d0471ca4eacff53d8fd8cbcc9b3aab273fdfba64a34e25c2a607d910a96ef1ac1239f63b9ff10af50c002a0b40a448

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\1299FA42687B2EA2BA25EC3FA42E1450155B73B3

Filesize
25KB

MD5
fb4b178cd0945d5e149ef5bf73ee13b7

SHA1
713ef67ab878abb6d9a7b4c22bac4e1459a1d3d0

SHA256
e0a54b9634b37413aacf343678636cd58507454be4e0a1a0d0af64ee5d4fd33c

SHA512
29b98b4994129f55dabd419bd757d66743f3c87961e77b9dcc412fa773008c879eb3e338b7f6608d8393a8d537ec954934b502a74c234199100b095c7d4d2acd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\1D0B56C0D1378A8AE4E6D8F2B942D96BFECDE10F

Filesize
759KB

MD5
fa910a1423fada1f830ce99c16a0cbcb

SHA1
cde454b68e5cb34c241e125b823fceb8b493a5e8

SHA256
21f53f2fd4d684ac9e6fe26979d5842d6dbfeb10b6a2e9c148ac1c4e516115ef

SHA512
6f9710a181a3cf3d4611331db503a49500f638032e1a0cb63e3646002d0e9e82368c9829510c9b7a0c1c5c3916e1035e66764ff4d53a9f920382e1db862e789c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\2016B8B28647B502D533696329A8ABA70F115E84

Filesize
171KB

MD5
d0886a88277813ea8eafb3c40532ce13

SHA1
e8e020334e2f08645d6a90e0c5d39fa93d1b3137

SHA256
53ee6c613c6e07771bcd8b391f735509a9a3b51f79a20027fff4caae0885c236

SHA512
ca6433dbf26bf778185fecd210c9f7f21a0c0e5f2875d4a39d14f9b4d3519a462ddbca2997aa1af6aaa38032e1e7e165b2bfccb302263f27518ef26b8bd3f952

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\275F34C89BCE04887C1A2DDB0AEE3B0FFD398A8F

Filesize
18KB

MD5
3000b036b72efa0501c4a7dd7aa8736e

SHA1
d1b7236ab35486a52c2d407d358bddb6cb09d71a

SHA256
c5155f35a3b80bf4bbaa9b09cb163c28c2ae2bcf81617e8dbf00dce80f1125b2

SHA512
4f592d12d6a30d074ea8e9f956a1d913606c2709a6ef58445795cd6c7ff133e31c65cb640991528d715fbb53446c2ef82c775c536f4bbe9ec80f5f53deb3b21c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\285FDEC5553CCEBE771431338B073F9A6CC1FA79

Filesize
288KB

MD5
bca32adc4a2b6c431fc384500936f606

SHA1
384a065f2b9a356744994cab24255c73733e39af

SHA256
30fed87e0a0875510d41c40a2bcc603a6fbd0356dd759434865e1209659de35b

SHA512
7d92ec078a9dc2a8412a8977d91c43dfcd1c399d8ff0b4f8625aedeb382ad8c0847b7da01e4a4b4f0c642338a87c5359707250a2ef54b141d63a3771ff5733e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\2D826BD682ED46E2B50DA3AD49E455C6EEC72FD6

Filesize
72KB

MD5
a75fbdddb3a7cd1400bc685866ac1769

SHA1
735d90bd5500a5ab8a0c8d6218b4d88abd13afef

SHA256
3d4dabc06ad3eade5b881bcc2e6773fb3dcc32f8581784da70d269cf08f1990b

SHA512
ae43e02b002014459c2d24addc501980293d2cd76b2c6f72fd4d6019758678ce8f63b493bfba89ed4e9f1cc5f025396a8dfe32b2fe139a69bbf2944c5d043d51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\4BB57224F34FEEEDA870E764ED5DC7963662C8B3

Filesize
152KB

MD5
6cfd127a9b580b5a5b13b1b77ba5bd6d

SHA1
3afdb8b08843e61f76a5688e7444139a4824a3b2

SHA256
1ce68a60d9feadffbb74ec9ff666ed1cff4022a10f2ab1cf69f912aa358ec0a1

SHA512
c82c2fa3ad45d6359a32a26cb20e5a1adb1e061899575036c3d640280d6089e2312bab83397b35106c40b20e96b6257ffe22971ce5c86979b45ef0509dccdad2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\56C00EB2A3709192404B1FD1BA6FD610F45CAA9C

Filesize
59KB

MD5
80eb145672e661c9a6a03bf434803335

SHA1
131fcf72c5e085ffbfcec1332c08884f17033465

SHA256
6f3bea65ae3fdf4b761f20b45ac11555266800ef9fdfb22db1544bcf69fa9258

SHA512
5795634da82d21c7b8fb162cea5ba3842990a408ba90ef84bb679552a5a33608e48d2183f518250e298dc9e8d49802d19e05f3d63128433aa9348b4eab6a9be0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\57134DF2C71C25AB84E1C66FCBA616B9C0F2DC0C

Filesize
17KB

MD5
0d01dc4e6abd89f33e9fa51710b26aaf

SHA1
7110f07ca62841c586556af96b6dafc63c845435

SHA256
ee43ffcb0872dadeb1b98b4d3e3b34e231cc0f4a1d1aa7dac379d34c5ef0355a

SHA512
fc8a2acc9fed95b251ad166bd6f7f3ce4f428fde2785cdbac298c6f16603601c3832c68d3634ff2d7181c07c571fa7e073c875187249c1d08f42e41a0a4a75d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
0c22ffbda6c9e9a61daaec8575c75466

SHA1
841de4fa3037463c65ad53c9e44d6b19a112ee7d

SHA256
0f614b1e1a12a79fb5cefdd3891fe123190319c4a4f908e03d4c9f371db5a886

SHA512
ab6634374681930e90ddafa18c2ccf6918c21418b05f1cc1059c0dc207fed266dc1bf1c6b9151f3b2128d9150ec808d75f478f2936b13a5111677bb376ce760d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\5BE1A021430B86174FDCBD623D7BD726CE2E27D3

Filesize
134KB

MD5
b475179d8674147b439ec9cd8002d03b

SHA1
e8d451ae6c363c55f85ec8688dab04e22f33d820

SHA256
8a3f6e809ac82b10d59d2517c4a2ca687a51dd45911881925d78286ca8c89262

SHA512
e3495c94c7b3bc69283fde6a7178ad858db028cb8cf385f8113e426f911d0df259ba90ff99d0699f7ec7d2d877fce8fe8f9bdcf69545e558bf93dfccccd62f8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\5CC19E1E4C190EFDE1B3A58FC101ED4E7205833B

Filesize
5.5MB

MD5
85a254d65095098c6fb9c81b1959ac27

SHA1
e0dabb62e5ea87a951ffda81b98ef0439b780e7e

SHA256
83b413247fe04bbbf8214473a8658166aaae8635cf16b21a5be14b40b1e2cf48

SHA512
1f58ce6928aac2771ec7ee69fcc2f2c7802746547fe5be4b9f467918df5e6c032799dec2f60132c2bff7a878200250bd563148e9f8d6a69efdd80f3dfb7adb9a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\5E9E1FB7B97CBCC83D1919ECADB9611C8665E4B9

Filesize
54KB

MD5
cc295fe99ef318b3ff3ef285a81f2ae9

SHA1
b810e3057fef92d600fd8b01e1b8fea3d81e5036

SHA256
0f8adece611cd1bafe7d35594cff2bcb401be0fd4f328d49a18d8167b62cf1a4

SHA512
5f214d9768e95e6f5e7a5b779e566278b6a87b7c18bad27551e0cea5ccb13c04ed3edc0224f6b2e404341291ad55646ff69bf12f22b7fc7042b6b3e95366f180

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\68BB6A7DBC3DAB27B1D38B4A0437AEE669648CA9

Filesize
164KB

MD5
0507019a4d9d06acd764dfffe8d82300

SHA1
138949540e0308402a3650b9d018f76863d75ad8

SHA256
f90d3c38b815ec08c74e18b499c02da087741fb99f59088cd05e47c32e37ab81

SHA512
7d59b0a0d2b01babd6d7ea02e4875bd9fe829ac57306f222a6ce283e0b070b15be6a17092b5180c5460cfb80863ced9c08f262577ca14989b50f3f79966d5c77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\6A51A55AAA27CFEAE1F6033B6222968D12F73A02

Filesize
61KB

MD5
4377c131ded67f30711380713950622b

SHA1
d28d6cc8c6336628b41459a21a93b83b0aab5f30

SHA256
cbcb1a305317426291c7446a77285928bd59707d4fbc7077bb55829753e2172c

SHA512
a135f6d3cbd953e3bd3d56583eaf00e2b98095ffcb6db0eefde3f89e497a9917d0c517161102abf25d9fadd7a4771dc27f7bf2113372e7b076a06d8fff678ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\794BE47F80E3A0DB4982BE861719CBFC51EBCB8F

Filesize
215KB

MD5
ab61b439642d6556c64a3fe128142f51

SHA1
54d85b23215bde6f63a2deb03d5f70a6ab58325f

SHA256
73253b7a44292b3f709e35bde7430190f68706267f6fcedfb286a3d0cb19b438

SHA512
b963d678f9e558f0905482425085d946d825fdad5e1f8408c33e55e905714d54acce9336155abe023e5b198071035720b0ca592c6a2ee72897950913fd998926

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\8114C96A9E48C3FC28062C71DAAAF4C945B54AA3

Filesize
151KB

MD5
2b5c6da1b535de0d399ad231a0b0aceb

SHA1
9c43fb9b39eb7c365406ee9887b5cdfe7d41cb60

SHA256
8cea891da40982cb8368bf1873f6cbe5d956bd01406292b29cf8f6c7fe4fe958

SHA512
2ec57c89d1aab543f2526f467617b83d793037be43a46753d354a9ceb3a567d8ba846f25b77f80a2ada6d0d712015952aa93b572ec9511656a8e0a8de28d40a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\815C8CD30998264D8AC9537F73E7E933861677FA

Filesize
2.7MB

MD5
80194d977e40a89ed099bc200dc5f3b7

SHA1
5937531b4ecf3808662406e92b3837ea896a25b8

SHA256
4b9cad7ecc0b95e526e67ac180c12c0b18472c387731ce68b54bafaea6d872c5

SHA512
989ca9dde0ff7b9a351b6ad6c50fcb4c49e48841a58800a1c4e6d17a8c49d506ec07a36358e04790c4843275eb20c5b796c1bbf9f4f5661107ff59ccc28d5939

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\8CBF1DC02482BF88A38401B1A96D1E8DC622272C

Filesize
144KB

MD5
4470516dbda96b744b81d8e7295b4e26

SHA1
5b0021f7e44e49f6bda5332226181ef64144fa6d

SHA256
3b45bc951ba883ca3a70c066b08e8006c4315de8964b9f281f61c136413fa850

SHA512
44656bdf5b9451d01112c746c212d6570d84998f3765dcd1f36840877119ec301a3101760cfb05b22314ab379839ed2c50a8ffa983799fd1f0385712b88aa1aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\8ED32E072546F1C0FAB064EE064374EF435F5291

Filesize
30KB

MD5
5938ed13e605283253f849631149d6c6

SHA1
79a5fec17bb715471fdfb6ddb8fe115308aaaffd

SHA256
89e8811c367839bd5200b0d08485f4e3f4389a282e3305c06b34ee41787283d1

SHA512
ecd8d90fbe91784126e35a6ad555f8ddd858448a2527dc6a2074aae4b89b2c34587c26bbbcd693ac2b6cd6e22a3aed8e973b0c4aeb7b4a414e2c0f86b2c07c1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\938E59379D65D581CCBD6729CDB4B57705C813DD

Filesize
1.4MB

MD5
22d4dda80a371fc22e534f2345ad2598

SHA1
b27b9b58be8bb3761cdf8072685a5c244aa6843d

SHA256
75f1625b5adcb1a0acf0a929e5f372bc0516d94e32d6a1c7ca8e92003c620238

SHA512
0896e3ee1318c846e6fc1b25601858d6707ea41be75a16fba17b861a60c781ed5651aac1fa7debc93a6d2ac06f98efa1b5239a90450ab6693b4975d5aacef300

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\9B31E2AA823871149DDB7D7BF21958A5B4CFC38D

Filesize
42KB

MD5
179feb68ea2242709fd96a241a3aafeb

SHA1
5d2119b5fa7a0ea7b0904831ae8b6552378b2249

SHA256
f4783dd0e55b5abc9873cd6dea120f293e60b6934967553301181969030a143b

SHA512
008a1f3586994ed0c8098a2e5a2cceb06347208ff5cce2c22b26c0da64fccb66ee7f7492f10542b35c93b15a99f354e9f86b54c5dffccca9708cd42ce6ad2152

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\A275306CF9BE2E63E485B50AD964B293F184533A

Filesize
224KB

MD5
cf0edec0664712ec81089b3323ef000b

SHA1
0550f9bc1589eff7d9c3553801693e67ffb75fe8

SHA256
f4fa5c302e83f43e52b8c77d3ddcf0b8574f07135b0a69219629ebae9876c554

SHA512
29a26651f5659eb821c4f3d157c059c21042830112e101ce15e1706d35afaa0de424a299ba87c63f99f91078e22a3c7f4e08fe9ad6058e8242388bf76a533696

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\A661707C7DF46C711C0539CD05AB544C70088B9D

Filesize
2.2MB

MD5
b549af1c37e44d396916e9975312c183

SHA1
01f194ecfdb2280f26fe9b88bc2aaeed11854809

SHA256
c553a6470b5e2e48e1e911df4e9529758db9694ec1fece4a25f6845a81710547

SHA512
b04e02cedfae928c49e111a537ae6500c55816b8a8350f5b9b52df861f21f8b9b1812d7d2e7e8c948e01d0d43425a2d5578f614ca801b7dba55be40aa590822a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\A6F130A93CBA418EBF9C40F6048294B44F6BAC8F

Filesize
18KB

MD5
317f43ebd4949398a37fe4a6d933355d

SHA1
ab935f7020013c32e1836707eca0bc9d3a745a9b

SHA256
e055ed2f55ce866e480fd45ba1359c6f1efde63251932da7197784ce2b00456a

SHA512
ed33f3a6a7049e1c37aa93086bdd6b83422678639abf5d060f30278b7bd7387e15a6607a53b4fa38f9ce8ad75bb28fb885f682b8db18d64ae03fde6fd3ba4720

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\A8597B0C576BAF74504E9BD98DF11F015A0DAC49

Filesize
109KB

MD5
f27a06a188c287473824436317d4e7a1

SHA1
5a7b694491d8feec736437bbd56f9d433df4e82c

SHA256
f1420a0c1884e3a5873dc80571ac9442ab1803061817f594dc325800a417bc9d

SHA512
ee31dbf392420c843097d1271b65d57299c7a6673a14db0eb9685741d443f49a58635d4c72a57450e883f6245bc230e7714940bd4240e74719a2369a0e367102

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\AEDE5F68AF2CC8A2FAAE61A0CF1623C189FB65D0

Filesize
197KB

MD5
070e0fbe14bdc29806545ee0c6bf81cc

SHA1
165bd91702973039a847839ce6bb893e60a3c0fe

SHA256
b3d4187e67e296cb5975585131f0ddaefdd166447505d66a0d19b30f3acc5c80

SHA512
9008447a619fc2027be75311812aa43f74f43daad9f6aa3f834c529274c84ccc6a4d08e6f4781a1dcc60cc7ff1e67abef5e87506e15dcaf48132972848c8163e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\B0012BA69432C84724196A552821C63F6F71B967

Filesize
25KB

MD5
eed33d1faf4d3bcb4d4798b2c8ae6c81

SHA1
981053619c7a229e4f8b73e64a78b05582f3b64c

SHA256
cba6a9391cc2552f869f6c1d9e580abbe06afbed61d5c98936ca14962e3414a1

SHA512
bd355886460cb13cbef85fbfaa7f9b118b237af9c62814ff6d8e19c65e443f316294ceb2345e4175c1d67a067308fdb350113625682b5653b0d7138bbec81b56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\B5828FB7F4A1E55AB23A7BD2583B87AC746240E0

Filesize
61KB

MD5
74df6e62d5d769a21ca276009dc04b34

SHA1
6502609f8389f1c7284272d3f5dfafa834efc501

SHA256
3962e3e98747caa0b202d1076164af9addc67224068d1fcca005ff67bd4d13f5

SHA512
9c3b37b960e74bcd49c7e09389847597d1bbcefe90b78c55c2b147bc78892a6bfa68ad9f3a3436b58ef63e2a24dc124c9a0c25c3b9e42d2e9eacb04249507acd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\B90770440095FDA5520EEFFC3A27A08391AF1B4B

Filesize
2.3MB

MD5
679ab0a0d6eda7e7eb81024746c2957c

SHA1
c39f14e977ad6dc0259b5c20e38ae97a31162c42

SHA256
acf86e60988b4e5ccbb1811cd70e374d42d60eb80ddcf9553bc2c9b7d0a6c969

SHA512
496e4b13d2846f35dac744da42a90b2d74f2a76946264b29cc1dbc9787a82493b8c4aa90dda53b39537e2d83cef0eb242c2507fb2a619a244776e9759c7d2a55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\B95CDF911889F12093F05B0B01C612B4E70AAE55

Filesize
20KB

MD5
d755246b4366ba8ce99b6334e78f4775

SHA1
33c4f0baf23b2dfe03dda58890649b63661d9c0b

SHA256
d130ab1176ec49c04f0ab6344ae57ee3c6b083ddb0dbb289602f120f83049f2a

SHA512
80f633b65c7fe393fc32d43870216308948862806ff5849a30efc2036f397c62e83e223f1a53601460b835df601e7045e0685ef3970dbbabdcbd709d9350db6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\BC8898C3D5AC2552C0C6B783DF0E59A316CC686A

Filesize
131KB

MD5
ab253c933cfd5492a203ace010f172da

SHA1
69cbf89bac4c6c6bf5f79011624a95360db00f37

SHA256
9b85ad581b982124937abc8521d8f516333a64ffafe92fa46ba96f7808c57019

SHA512
6bde455cb92c3d18b362ff63ae7995a21f0eaca261a415df89b7924f1f9ffb4e1fe68e81e9e423b82f8dfced924598f6952d2f3c534dfe75dfe8edd758189942

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

Filesize
13KB

MD5
dc3b902d7798d39437ec5d51f14e3e3c

SHA1
e4712c16e110fdc6794e64cbc03342e7e0fa88a7

SHA256
5788e12b8d21d944d03d477d4702eee886bb2808aa9c98347ffe8c9596edac60

SHA512
4612e35a2954d175b151e43cb82439e426049a0f3cdbae026f8175210ad44ec01af6867d8b766fed382618bec1df7187e68fa7c3b50dfefb0b107ba631cdecd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\C60CF5A10023C9AC4FA6F61FFF536791F3407408

Filesize
5.5MB

MD5
336561b16995ee333c53e6d21f3caae4

SHA1
bc3c17436558bf2a50581a94a6d7f8cd46a5543e

SHA256
57545c43666c6f846786e275c21eeddfd278c7f95f8ef1d3abe726b1fc25ed34

SHA512
bdcbe52fb33d36992d009bc95104bcefe5109359ad52540fb7656b8be795226d5f56c21d588e09cb3cf79d8138a10ed4528edcce390834d1b1fe4bb37bd582a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\D245FBE436B2A3D13A248DA6DF04CA7480AA5DF2

Filesize
188KB

MD5
4a521679b07796b5c0f7a0f3b80de468

SHA1
7bc68b6be3b26437862465ca966bc2a470539699

SHA256
aa4fad27e93af517958b657b9e3e25e2d1634c18db6db44940392167f988c0e8

SHA512
320addf3e6b4459d4a981ade0f47dee00ff467212d1edeb5651369e21543ce48196af8e3f3bd477febc0a0fb65a493bc3c1360c130c54cc17fe1e709352ef370

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\D369E4077D6640A3E56E6BBA31D641CC6D638696

Filesize
14KB

MD5
f25f1c9e4052a3b4de56bd1c628a3c09

SHA1
11ba9f7f56a9a8a765333f5ef7e6380ca144b3a7

SHA256
a764bf1a6e052664aea57b52cad127f7a72dab4fed70e86970d1b709dd5e1608

SHA512
55329756d882260a6ccd75b9cc510d7b6ae14edbb55f9b26396150a2b8e855d9c0637692184bdc52ab823e3e98d561deb45710abc66b229c01220706faed7b6c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\DAE473B6412DDA5B6B2CA6BA7D90B0C9798D21B8

Filesize
140KB

MD5
a04c48521bc5b841032fc4e81857a627

SHA1
0237963d7f2d9be4074a743f16b592cd15f6efd7

SHA256
c7fa6dbcf11854589e256672dfc343fc245340e6bd2af354008809a262dd25ab

SHA512
a85394e2f1cb7852bfce16817a77b3e7099b76458e03278075576a39304d872514cd6b03dbdeddfc36c33f90f673ca6fb5c05d169abdebe28b382fb5f4ea88c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\DBCEE7D3A43E9688C65EFB8AF89C9EE914DF2A63

Filesize
102KB

MD5
c1143103ace0d49ec57aed07e12c5a35

SHA1
6a9debb29d6019626a87278077c69e08519ddcc6

SHA256
59c822ff780b18ca13f8ed865365978032b858f63bf3fd44e556503f88bef23d

SHA512
272b8b197c58b9129b24feb87215e9df3fadc4ed4df9d5fdb1337e71bcf448acfd824b800b921b63ad913a61e35950081f5414c0387e7866f2594d177c5d08f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\DF2D037CB7C3AE1CE58971D26A86E9146E5A080D

Filesize
9.6MB

MD5
4f222b3db06eaf2a49fc5d5ae23ed05e

SHA1
2326998abad46d6ea463895f0f55a5bb225fb561

SHA256
c660baec3738c96262fc1518d84cabefd10a77e1863aa24c9648bc94ada129c6

SHA512
6347db8af11d5f5f5bc0733fa22a3dc99438728eb4118ece01b7e4651efa85bc22182ca4dcadaa22b33f876bb4a5314ca30d16eff6d1cd9d71ef55837e2b3f15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

Filesize
20KB

MD5
70dfab80880a6a9413d2275635db51e2

SHA1
7d71146b3ae80a593e5ec5cce60285b974c49805

SHA256
020faeb4949c0b76e1f0feabfb01a2b775ff23b82dc078ddabc2773de77f0f70

SHA512
5f756b43d715a04b39328224de2e89b8e0bb612bf9ba12e09c707040653d4a7590dd3915dfabb4c4082b8867a01320b0e340083102f1d067823224d750c6d7d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\EB9FF096B9887CF4C112561F339EEC2C7D8B8B3E

Filesize
14KB

MD5
05f6af2f69344ba0821996bca9e4d670

SHA1
6b00827f6c1c4ae6ad12256d59e5b1d4bb5d48d0

SHA256
25c3176d582ee02e365c7cab690b949a9238631e5f5f439c5e7ba1928aed6af8

SHA512
dbb2b51f9447884cc0ce1b05b9d867049c19ea8d083be84fcf08460a3cb8a88743e655aae55efa6be22c974d8577f2268ea9e5a0a403374f007ae2377505c055

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\F8F9E0B1178D0CB1D6A543A16949B703A9606EE0

Filesize
563KB

MD5
2f01b0d3c49614d59fcfa154a2ae4e02

SHA1
15c4225813b42fcd26e0629e96b1d6ba3a135bf8

SHA256
1ec6bd06a680c9d3dcf8e1a6fa4b63c7714aaf74f0d1ee1f8de89da911076de5

SHA512
edcd3fea076d32f7fdca67c1620444dddff80b42905a2edd58e0cd7ddbf36b0d18a683970373d8646ff5bf6da5d9200d9de737fe334e0091a5f633b65292b98f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\FC0101104394AA21DBC87E535DBFC158AFE9AD7D

Filesize
13KB

MD5
fb595599c417c68fa5cb7550c8c432ae

SHA1
9fbc8149ad55a45a26fc067345117b933aef9f15

SHA256
820ee1aa26ee2d1281532b7209b86e85737c0a78b51f6f60be5a1f45010eb59d

SHA512
caed30b406f8d0a98959486e801a3aba8af46671f3670eef40af7dca51e37af0d55241b0e6b23f199a5a8fc2a5e66add1f7419157f51c6fa16088c60f37e9c52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\jumpListCache\9oUTDT_SR+qOfI6bljRkC2Y+LQnSk9NK70XO+7XaHJQ=.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
63dcf038cccd5d4d04a4312336ba08fb

SHA1
b5ee1c12bb5ad4c853c9d6348f5a1d06cfd45f0e

SHA256
2422ce99eebdc19650d169ded4b0c3f75ec3f5a72a92165cf934e8d9bb9fdaa8

SHA512
ba777d2fe1072487e09639ec4504ea0a11b2edf49760c273d4c91fcba996f67d8d9afff63afb42d71f8e82f6289f7e236f20fe2c317b5aba59be6da0314ba43b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
9fabacfb600f7d9c409039ccd9433e31

SHA1
b12dceb6c453b0ee55c2c7bdc58c25cbe89725c4

SHA256
005aa6401f5da164832587e3c774c7929134569d08b4f7d0d41059bf91c01276

SHA512
d13ec1a8e123a2814cc6cdedb63ce70a5487eb2663055f5c70609d1612143971ddebbe65c71835ea19aef4080a6ff3b85236e5410b8ad07bd94844d28989de48

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
29c7a2ab0af38e636fc90386f84afbbe

SHA1
e3b1473b0692c3912671ccf114374f253aa363ad

SHA256
c82e04e0af5d9f02237d6dac2d8ac2abfe5ec219fddd9128a748a51e50abf706

SHA512
5d9fc70343181aa2da94f5c3c84ee960cbdfd9c579c13e1769779d592c2016f74380683dd97e41801ac3e90833beeb863da882557a443fc72d8f94b0c5191dcd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
d2a3c2bfe217c145af7d06a9ace360fd

SHA1
99d094c4cb66ecd8fadb29dbd25e086cc1d853f9

SHA256
1d86fbc64c975833a9c7b8d49c59e130c46692bd48d82090abb2a0e38cf613fc

SHA512
fbf35c0b387222c2b97879f700a285a11db7e9d69e4ff91f009b81982a088591e0578211314f67c4f7438cdb17535e078bef3eed33592277ec4fb1633a72bfd3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
c6c75a834b8517e7d5b77aa7c43e9ed0

SHA1
9734fb8f5873f30f3336e43dc134cbe01095176a

SHA256
e88b4eab0af049a2a96557e44f36c77b6bc98dce920e061d359b90fff9d2b0f6

SHA512
4f30e4f3920ff49a600a45c60ceb8d3a47a4bc859d542a7af970b6e317f1c4ea9209cf5b1d30d9f973eeef61218b6e035bcacea1cb5113566ded71ccf7cca9ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
02c2a8e62f0c61e1776bf97726932204

SHA1
36bb8e476127a30b9b3c77d78e5cb791f58790df

SHA256
5a9261af1a766c6db8c6769ae426dd306167bb837afbdd03f2c3e7aa24f75eef

SHA512
c549e4677cac68e67dea73b855a54e652f6160548670396c653305c460e071cc26fded68f25a959e3b3ee7aecccbf4384c80d818a5e2a8e6d685be9d7b5edb99

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
24b84cffba080fc958c403de509c35fb

SHA1
5485b3f3d78238c79fb25e1d5bfd07b349449885

SHA256
57591843ddef2b731ff3a0e1e9befabacd5d22528e80be285f4d0d7875af5e3f

SHA512
62bb3b1bee11efb444664604086d194cf643ad5a4657c95b64f968fe72611dcde8b971ce92508620f8e7795eedc550a00dc16b94f09d808c18c3a84a340b4ac5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
c013552e443ecdcd98583e2de28fae3a

SHA1
3181260eff64addfa11f53b5847e5f3a6e467e83

SHA256
91534e86750bf2128663b5462c76ae0f658751149d0934c6e34e8962c37ae650

SHA512
ba19d0a7bc87c2b6aadd7341de990ea1b1487fb5cbcdd28fac7d4813b3c3b031d9f2b7f75fd62ee677ae3f91d777dedd1bc88969060b50a26859ba1b7e0ebf22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
1d2651bd1c69b9c7b2b051d02416cc67

SHA1
3f050bfd7f0095eac3ee90578c4668402442c9f1

SHA256
7a4b4e860a8c489704860e473ba3d5b4dc79c7178693c4c30494f56ab758ec0a

SHA512
b03ebb1742d420b733be8407bd55f0a27fa75c3732b578ff761b4818d0a771c515aff5feedc0b238ce492cadec2880c672a2d1940145281fdcb7f9aba43863fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
80b63838cfe52c3c0f5ca63d9935c110

SHA1
a8b05e36b59d26edddfb4dc289bad1a1bc8d413e

SHA256
fa7d73b10ffc4104048af2ec30b4d2b3cc7ce629419d7e7ed45b52b821eb270f

SHA512
4566c9df9a6282931037977f7c4c9171f9e759c12b721f251fc9a667dd2df33e9c5c82f1b38d39e1a25292963dd33731cab8aac0439e32552da2b731d4e20232

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
8KB

MD5
b6086670620a0d0e377acfc02497b227

SHA1
9e7950e3cf3f99223bc3a5e879dcd801f1e60e6a

SHA256
61ebeef42e5c710b2b51f4f7503ea7a5425fd12b17851977cf7c7bb7f8ed86b4

SHA512
97565bb99f28f678e52cb6b12b758348c584531afb552f093a32037f5fe4de8fa890417c3751fcc277e181de94910ed528a6b5667545e1ca69773f57350b26d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
12KB

MD5
dedc629bf223e3523fb8ce42b08671c8

SHA1
1b1efb31fc75d465abbb93881c38ddfa5cca697c

SHA256
a2d01341e7c852a2c06008ddee5bdca621f483e4021c7aade345b0d09dc8396a

SHA512
0f6bd50f96091593658d38145a38fd7542ae0617a4a4a2b85278c2389c265b3cc444d223c9c72189a5056ec9cabcfc40c90cc79cca0d7ba9590977d5aad07d80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
94a8f7cd65f087780291abab00b5d394

SHA1
113b27b0b1a8ce81693ecee8f12ad1f61a7d618f

SHA256
54365ed256805734f966ff29be6bf9774638be3714d448fafb52a446809aca1f

SHA512
2cd8333bd4fc8dafe74994eceaab96d6358bd32fd4898a1ecedd56ef516d2d7232abb9b6062b150ed7fe4b46bcbe05c55af56eec8a0aced34678332698f35708

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
c55cee2b52329be5cb475d88148132d4

SHA1
0fb9e2f20c880ee839663c8748aba13dfe9d8f04

SHA256
e17b1b579e270727fc1021d2980f6bcb81e4f631566aa2325871dc7eea29a437

SHA512
b1e78b4d386f6661d948c8668c0c75d3e93d66c9a1cac6d037a11ace3522b9be0d4ec0e9771971a61468d4b18e8412d6d1314957cbe138b09ae760a4c8cedebb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
148KB

MD5
726d0ab6ce1ed6966d287e361b8d8f7e

SHA1
287442a2f23dccb8f4546ce0d95b41a6f558ace3

SHA256
9380383a36085d0d02ee262052cccb0d9129553023f12ce2d106cbeb3b4ca6d4

SHA512
1d1b91f7f247273b2e1261565cae2661ab58be6ae66f6b853240379714ef88ec63a372bcb276194c274dd78f92d08464ec352898207af5fd20f1b667f8f7ab4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
110KB

MD5
b39b66fdcd301edc462840efa9dbe107

SHA1
12b006b8a19e6a8b52aaa7043c1293b0d1b40754

SHA256
9edd738c174a7c89aa237ebf41d2fa9941c5bb5011719b4710cdbaf04b9405b6

SHA512
6d3e0b53504f0b98717561482f43eb0ab4f9f6b76e6f8d6569d67b72e0d588a6de55a846b00e853163b2031c7ba8b69e33881872ad7cebea323c6bcbfadfcca6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
110KB

MD5
80279e854f5373ec2ad09aaca0c22320

SHA1
2283379b6f7abb89cbe8dd53fb3052c61eaa4936

SHA256
c265004fe7868706313797d1f359c9f6cb259c0e32712764de41355b2c4a3d42

SHA512
c7f3b307d7476db98a6162d94b86dd6870600a95099cc52afa76c2dba876300af68892df7e2ddaa1916fbae72e1ed37dfb3a4e7db19b7fdff34c8cd2660dd085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
118KB

MD5
c0ca8163a3ac7a8f3aa98d72bf335edc

SHA1
353b30eb3866f2fa165271b370f50eb68a7063d9

SHA256
3038a44cdf516c5f0c5c78bca76d7bff582d6ca3ba594d9985410d73a3948661

SHA512
20c4a81414c1cea64834f9a29467f57a7fb37b2ef3a71cac40e6fa8155d84d2044c76308cbe64bdd267720e3233ae8d3b161602109f9c42cb28743085413d3ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
3ef83d459c8e711d64f3515ceeed6ca9

SHA1
389bdd106f9c96e11358522542e887b8014fb4d3

SHA256
4ee59d831c830e404c9134c49032937d1755700d0aff2430e7616865c87e5800

SHA512
9b5979698cbbfa0f3c3480eab3799be69c19050223cf6b4723956500cf5a527251ffe79b156a4b8e4e894da8a004d0ec1f6b30b119a2ddbc13279f476bd553f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\events\events

Filesize
5KB

MD5
4e0c7d9703f9d704e70936dc38d0ba14

SHA1
3e5b52a79235902e421547081c34174d96a5b587

SHA256
78c74f56fda297c285ee4f6f20bcf6773cb983c1cf6ea9adf00fb2bd5d05f9ff

SHA512
bc7cad8ce5e549d5e323044f4ac71411d9786a0f4c31838f1a84d21f81fe63de1a4ef369a1329e2952b001ef7b8d9bb16ce20de83d22fed72415aa44ef5526b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\events\events

Filesize
5KB

MD5
5ffafae90454a54da2f670519ab18007

SHA1
7be0ea480d53b3da772ce6eeb468bddc5bd11765

SHA256
a7d23b753eb65fe49b0c0cee7bf2fe7d9c06d1d08947492cc75c91bc69a0d58a

SHA512
755c1ed32e5d1c490e5afb07a3087cf2e15cea3cb64a16c02eedb00c382b3d7e623ada83af9fee3d08fa2400f3c33e5542686f3f60b445f0b5e1fcd959bad6cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\events\pageload

Filesize
4KB

MD5
337f5bc6da76fdf5a7ea633ba98a4d4c

SHA1
da68fc40326d592a27638b908316a736958d57c0

SHA256
36d7525590caa907393fed1be8039df057b58e1d99079aeb2db71ec245fe5ab0

SHA512
f56369a7455a35fc250cb61b40d78018bf66bd5eeb458dc43c06b25acfea951c83b90a0f041457ece55e746cfa6568aa5abfc16b284e05a5f3adc431befb9b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\00a403b5-ff32-41bb-9187-01f9ba6a2007

Filesize
671B

MD5
92e9d2e7bbe6b42b0e67726dbde1a598

SHA1
75f40940e347ed4a62303ac80c61ffb62d90d162

SHA256
cbf8fcce24c642917a0f958c24b5d63f650200d3de4cd0de803ea0b1bd3e01b9

SHA512
8f3f0c0a0d4be65ec771b195a9e4b69841fd0e44cb727d5c9c6b283724f6214cebfced38a4d7ea30997e5d4aa7e691cba8b078b51824c36cd016c2c98276bd70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\3077603e-89b8-49de-aa53-d04ccf5934ca

Filesize
982B

MD5
a065b7a51843346a2da3a8275cf50993

SHA1
f8b0bb31281dd41ea67c255878e4351722933519

SHA256
d6690951bc33b00bbe9b9693460308d480ff63ebc93887945b7fb108aabaaecf

SHA512
bb937bc873e29968b38c17215b8a36593c0b804612a963891d555af2c5c7e16a1cb0c0dd56f1e9766319600b2666858be4d4b7bac44dc5ea2ec1373b53eff767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\652b1163-1644-46fa-8fe3-6d48455f24cf

Filesize
8KB

MD5
2261a4b35a5679d065489eef27693708

SHA1
7c5c96cfd6b0b87d2b802c84f60fdaf399888a27

SHA256
0016bac2a412a3f3d54f10ac2577e4b3746355d1bcdd9e253a8c6d11b8db65b6

SHA512
ef9d3d8c6bc58a6ef5e52f02ca633fa44bf50dd6a5026ef2fb695cea233108f8e28c75c664050ea7510a8b87574566becae470149c326bc5577add039c8d621c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\6e1d1598-98a6-4640-b401-7a18ef3d74f4

Filesize
7KB

MD5
9988674fb5029bf0d08049ba2f4beed2

SHA1
0f129e394634c06182ca5e3f784e31cbbf5ed7e1

SHA256
016201cb18f7e591a7e7f08cced7396fd970b142c3539b4c322d52ada385d923

SHA512
c6182d2022994ac77f142ff94bdd3c5be21d7542928083ea9f443b7851cef2d843864eb848cc9ea9b7a4477388424d65d74748823ad265901ca48df6126d97ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\71628717-5abf-4d3a-95ec-b3bd212d351d

Filesize
847B

MD5
7809aaf9e9e0cc542ff4e95e4a4f4e64

SHA1
0b76b670b8bec16e16a061e91614ffead5adabda

SHA256
5ba3f1013298d7930b50bec11a920149c4bf994868686ba5ba896c908654c523

SHA512
cbb97f516a77faa7751c5935807a760446716c4c9e40da1a3998b13f7d516665a97767fa70ddb06001782130ceb6803e14e22870912a6569c7fc094707e17b9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\873422c0-1278-4cc5-9579-c433713e823a

Filesize
6KB

MD5
95a743776de14f3517aec678d7c8fbc5

SHA1
e36f26475a848969ea2d03ed1d98b6ae86f308a8

SHA256
da055a5458b2ae73ea26c44fbac4387a1338d9705c19e12bac63adeee4e8ea3c

SHA512
f165cef884fd5f18b4b256d8dc48aa7bbe2f3544ec83c6d47b4bb9e24ad98a8b40a8b355af2e5b7a4456da4af9e27a0ca8fccae152a37a01092dd27216436372

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\ba46c1e4-9c03-4426-82b3-6016af9c09af

Filesize
842B

MD5
ac6db88afb099bd4d569949d81a2432c

SHA1
f70b4dea4e76166d47bfb3c853141f98cdd9172c

SHA256
0ad4eae422dfe780a5d8cbb93a460a1e125e892ec06845a723109c9bd535627a

SHA512
49f0af556cc0175b1132f4ea6f16784edc091fcea7f206eb999729242e7d3d09f5d5f47ac034bc70dcf2c8787c1c9c13f7e9bfb1e144062f1596c512a55b9055

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\c8d9b1ee-c0af-45d5-9c7c-919f3d7ebd7e

Filesize
25KB

MD5
4b6a898ac441a95d292af38460aef65b

SHA1
ce2542986de42d04dc232f90af4590ce6d4ea2de

SHA256
4123c500d8cd704ee2ffb48dfd161733693187e58a48b6d417345331533c3142

SHA512
ba9b1f259d72d573765cc83ae7084394732ee59acf383bb600d0ffc2d14893c84b3016aa8cb7753128258268efb2a6bc64adb1abaf8189950f5517b27ad7c93a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
11KB

MD5
b617baa86d6181030af8e006a10b18ec

SHA1
50f5124ace495938281f3621919688c94eda6925

SHA256
dc40543aae393add45457e4fbc5b41db1c9ae2b478c5ed11ee3e1d73b8e49c48

SHA512
ad628d3f7c14a8a7651bcfe2c8aa9cc3a1a2133aec7ba3a8ff578a53994ff8416b10a603ab400ff8b6054172aa425edbf981d9528ed6c59a811979bd9334a7f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
12KB

MD5
ee19faa18c69acf6436725d3fb87be40

SHA1
2144bdf7c667057c750c2322f6f06fffcc23a721

SHA256
4a1ddd99f84516c35673c24b98833ea52e17088af38db7533f2d38d6aadc3088

SHA512
6f0d5c8151861ea25804d0147f29a031817077b7eec7e90085b8d9cbda534240f4fa31a6bb5d9eb98f16bfa46077c42c593c3db552b88d56e867a216e22d7dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
10KB

MD5
7713698743feb5d079c5b70da18f4ca8

SHA1
62f81bdc7b05b38efb8fefd86d2a83f6301ec9f6

SHA256
331d709abbac0c3a62aea71c7c488c49ebd48de3da74cbc355ba788e928939db

SHA512
a3aac3685596fe4fdccc4bf8b48c18015a97212084a3539f512db47a9f24ba4e7b381797958006077f29e3b86672f75dd0f548a7565c34c91c6947592ef19443

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3563c4ee97e280b9b3e1d4ff1c2745d3

SHA1
74328a08c9074b0ec9f94ae6e2d09e5a06e9e000

SHA256
6a64c8f602a20a9868640d126b7238050e637c510548af4f8a3f6a9051005b4f

SHA512
692621dffb2873a6957a1f3185a8d45ff2ca1fb5c3aa48d54a6d18f6c5648c29b89109a51d3f772c6d0874c6b84d335a471ed4da2cc7c607383f77799a1cbd11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
456112419b69da768f87b8f8ac761304

SHA1
075187157fdb77285751c9d5c2c606ae36327f05

SHA256
ca495cd84b05ac91290893b421d38b05a18bd752cce8d5dd8c86246cdc6fbe2a

SHA512
d598a0d1f1b7816b5cbfa5f3daca6e70a3667671c1e77ac170e84d6f0beef3a5cea6025cfb9c1101072a3972bab24e27c8f6a1dbcec47d031a033c99abc3ba19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
95f3e7568858fc345ac40f50ee5c0b5e

SHA1
7bb46743c0f2cad8ab7b16631f750c912139e6e1

SHA256
d8d460ca8d03413f70e65208446dc354ede89bcfbe804833713ff86c2935d75a

SHA512
203c62f9d766bbf47ba677da348f025dfd2fd15e74f9eb9f345dedf2f470a3256dd9f80dedcd50b33eedd2068984bb278a6d489cf242fa9883e542ca6ebcc603

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
7368651051ab4d2029c19336159a0c4f

SHA1
0d1468aa66760b089ad57ee883a12e9095aac2f3

SHA256
0a626970348f6242b614b1da3380c12d4dda0b659a7be773ca1d3893cd00aa69

SHA512
909b1d088e23f612e112971b3ba3bd83e59a30abf881d8e885c9332a58349f14910452ab0d29164aa5420d2bbd30dea91f722e66438d31086d51ae1752047405

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
e814cd7e7f181e7f26a5c070741873c2

SHA1
d2776af03cdf3e5731a4fc1b795139d92d33ec86

SHA256
5a2eb9d505695893c5848c783573bde7328b3af668659318807cddacaf67492d

SHA512
de14e8c6a3e94eb4bec0a41cf759ffd2a356ea4489d0b6499ef98a9f38b2014f6780f13c7d8e6b2b5a4158ae33d8a76aa53112058deddf13dc6c28af7993027a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
d769b70066698e38d033645b3687baac

SHA1
9ac634320490af2514dc02ad167ae9a8a154c555

SHA256
2b9b4511fdac2815cfc1aed233223ca2917362f9411df8246cb89df448f5d386

SHA512
0a9cf2e80942734a23928d113e8085cc344cce620dd3143ae3b303fda4f8d2c542b590db56f0e9ba40682aa00bdbba408e49ea896d0fe151f70fba33f03dd7f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
c3cab48d0e79001038e9a62010e6c538

SHA1
393d2143ec3a83f3e854b4d09b5e10e9353e4710

SHA256
43535a27639db9fc077355db8f602ef113e8118125275ed5aa1ada5930d601b4

SHA512
a607aee3a9c30eafd9e7316162c4e36e367c33748c4d08000483009c0804dee2f018a611d9e213bb11396f15b73c6a2418bc8f9e62c9c53a284282d48745a129

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
117a44c1988c76725666c3df2747a500

SHA1
7bd9b94bfefe18e32237c8d6e8855426f15fbbd5

SHA256
70b231926962d32b96c917e429ed8ccef059b5cc667fa86f97f276222ba9ce44

SHA512
8178c87933ff1f08b4ec7fa4817c25db21fd7643bbc37d14459bfcc68b2dada7e5556c41d71c774596eade6bb58906437bd4d16f4dd560d9b67f682b94ec01a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
39KB

MD5
5c946678793b01a0a1cddfa3465d3781

SHA1
e4f750796c81df7eed7e35d90ed8bb02b2f81ca3

SHA256
04a5cd19b4372ec469b820e46579134c4ff6f30cb85184952e45a2e1eba0a0b8

SHA512
83a9e7c3a9bc3b2c9fa2951d688524a8b5bdd757a3f1865bbba943ad96d8b792a4b473318c36641ac8254dfbf1f429b3ec92954a6ae19224413b4e81611df189

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
81af55fcec988cf195b5b3adaf1a921d

SHA1
bb1d15f5174bffca19f467df988d04c8a38d955f

SHA256
cdd1cf8a342dcdc922b1d8698fa938e90a98a0927837135eaa8284d3dca3cfec

SHA512
dd69a4fadd48707e0606d24ec1a55e748cd6d8511d6bb6709924d5faede9b1b62e647e0fd11e65c5dbf573d1504902c1b1208f21142c6deca573bb48050a2d58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
f03bfd57e3527259a7caa86a5f901f21

SHA1
4dd1126e52c55da6ec40fc2783a94a99fc736de3

SHA256
649f332bc50193f2be9d822d7db177cb2fb43dc6a5b5cf24e086081642e520ad

SHA512
13ba5fe4571b0a37face7a504ca0a81f1e08b6b6ae419206fb423d64bc3b10ffb6ddeb7bf8e64296a4504b2a2f56136a308237cd0a1ff83a5af12d50d85b8627

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
50KB

MD5
11fa1c69f9e080ccb9b07c89197c897e

SHA1
c312e6a41ba77ea84741afd9e235d4bd81de3175

SHA256
607f133a6b15b336d7167ad6e8acf85ddf1e9b86c5ff0437578b5961db48bed4

SHA512
73902fbfe5f39e6cd05405417a3a00cc692a28d7e54b80ec03d0c046680994520e1e860ab4a64e956666913d5f46a9e89c0adee922d81414312b48b14b22bd8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
7b4805f9a538fb8a2c107d73eb84689a

SHA1
52346e6f7299cab3d49aa98daeae93d660e36db2

SHA256
011d4a27640a74df57251a9b9cce0b865d6383a05c864dfcadf32086bc37b32b

SHA512
eb42d64f2ba2d1e9ff5d5adbf4c7e275d9d5040eefefec3f040d2d891d86868c99a05c81d74abc2a58775e4fb9e77aa7be2907463adb049aaa3f87f8cb8f33dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
52KB

MD5
c5a7690eb5d76082bd40e81c4225c4f9

SHA1
f1e413458a0afd903a6f6aef14dd42fe4aca78a6

SHA256
c4ff1f22d4bc010bd7df779e92990d1c00c908d4390b7735da3e3ee7a8b1ac99

SHA512
0f93da30bf51bcb3a41ab135f18e65a65f2a2db20d081d8db5f5f03292fe1eb226bb079c7f6da989e2d9198d16f58d40f77fd656de32934d2e268660aaab9554

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
f3577825d058dcf14ddc4dcb836bc45d

SHA1
31da097474ff77b6db009efef1d7b7c82f50c715

SHA256
6579f9de5a553a4d031f10b69a81d12184f8b470b6d0f13f1d92f054a2cb6f2b

SHA512
34f2ca9e35ea85aa7a4f118a03fbd4b8d69eef38cfc4379703914d14692f49f5ba7de2117714693af28a7794b8b75a09d8c3a55b74bdcdc024861cc1de2cfcfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
57KB

MD5
4cdba66ef3bc5ac67cb4372bc7b0f016

SHA1
c74e7bbd5b3875d2b6a53b64a234f9e4fa263578

SHA256
267d55b942314562bc49e4e3e2bb425dcc51e18f7726c7bb3887ac31422dbbb2

SHA512
0b5a1606a7dab35853e6d5e276e597f82212dc766cbfb941c2e54e68642aeb7dfbf1a9191bef7a09ce9107aaf6719e04cd58528f4670ae6a378bb875e554e73c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
a80ad936f95d10a6334671916d31595e

SHA1
ea51fa68271a8151b21e3ee0a37c3c8481de71e0

SHA256
1a8a8f8674446f874b7b6859dfc4de19f6920ff3f84d3549ae3192b7f2ddeb14

SHA512
c7a0d98bd17af2baf5f1686a06b3b31fb271d7b620bd73e291817502b232e78fa7eab5e238afc5d6d92fd58d3f1901a5f7b596a25d861217ba0127461af267dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
f1636ddf912f8cc78798abcbe3816c7e

SHA1
14b4cf2533769ab5b5d35819fd4110ff09906490

SHA256
b00a0fcaef2a754708eff6020e0c783b416ccf688dfd4c1382531c0248cc459b

SHA512
d550b1a2817c9e0d5f708862e9e4315eec15143ada5fddbae5e3bbba8c29483a2aa02bdd6467610d187a48b41231011382c8650843c666a271a03719579d4836

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
25KB

MD5
6ac535b3012cdeec9d7cb3cef7733ce8

SHA1
353c97db43f45ad8ae94fd23eb66f45c1f2174ce

SHA256
236a39445d2656479e2a884afac9257368bd9baca052f8a3b9b0007fd83e855b

SHA512
51c34f6baf731683d97697b4ffc762d8bd1fbb337c9106e4a24c809b6c9e8a221bed3d357b885543861712946f32942924f63612acf68e379ab21470f124c2c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
59KB

MD5
958e6f8dd4d2556f98acc7e59448f5b1

SHA1
25798688efa379c87779fdbe960da2e80b5b47a4

SHA256
6b6d163075587d29def9ff84e42544dfb0c297b5b4b90a47f770b8f850aee0a6

SHA512
d3aeb651fa22cbb44a81c7bcc6c155aadad35a1462a903a8032232de45f1e4e50259ab0120cd229fb4a715ab34fea642a5a68248e7db3407463c356e4513ccf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
617c1c851ff0d5913a2c9785b0813ce8

SHA1
c7e8012e68dbe885adb61c4e28adebe23cde65cc

SHA256
f59fd0f3b52153b299d8c102caaaf7b2f2366d99ed28cb2819dbf5e13d198032

SHA512
57291663a46e06972f62c2a4eceb6ef3442bc808c426f4d338a6e0714670cc77f98619b0fbfbdd2f4270224cb9b8878c24e56cb06d2e9c3bfd80ab6f2841d626

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
52a4d18903338cb6a45727ba5bf6ed30

SHA1
cf15018797fde7b0483bc405dbed5223bbb09a59

SHA256
a06a5dec2d6453ed6c1075fdcfcf68545cf59865c036db6d64d0cbcb2ac6f629

SHA512
8eecfe9ef100292382e0638dea474b7c714ef207499eafb85806f334e10d02bba0dcc58caaec51c49b9debc5ebac37c057f9faa8e7ff88dcf2e369d68e683a6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
28KB

MD5
965182f46e333910d91e891632ac0a63

SHA1
4dbd00e4a7186cbf03cbf99ba2098aaa9ac2afc2

SHA256
8d7660fb515a95f6b586a05e0bcc045d911c3a0af3364dd7f73f8af4a9ce7b4e

SHA512
4d7bfb05fe545e2345768117d18716dd86ba6bdab358b22a5b2aa5a698f26ad532686125dcf7be110b2e257831e20ded2119eabeff8dbaad760ab5b514b3175c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
69KB

MD5
eef5407d2fc73acfea60c0df39349586

SHA1
1a955662915576928fe9b22669d545a7670bf4f7

SHA256
ab534435f3a73610f8bc0f1a97b909d9c8df3e7e51683812874772c465cb66c0

SHA512
8808652300d924fe7c11536711c6c5368cfde6171894ffceec39090429973dc104de8a79bf67e76b316af91c319b6dab25f6206481c57796cac3c65dcfeffbe5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
9474937e5e594c9d03458f3e09ebd0dd

SHA1
23ecc407be5473a7d975780579f72f5e50e6a911

SHA256
59f9365395491ebe72741776db9bbdf67f040a75c5e1b67b24738f4fbd913e0d

SHA512
10b709c3cd059ce58417b767a9a327854aac0f9172717cc431c2e8d628acd2272d1d5c39f605b5b0b4a0e81475c421ba5a74a4bdd43d89668ecf2b22f869521e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
bbfa1d9c2b598d4f12c9c726d32189c2

SHA1
036ac21beacaa6b19479e5bb719b40131861f2a5

SHA256
5ec5857a9f937f10f11c120806e535fb78e8cde80530163b740e3e3b499881f3

SHA512
c08f843cf0c8e9b142d7c3a510200583811f4b9ef90a3043653234607a5c6470ce3d4bbd91208803e72a78a280955602543b4b04f2018f24d4104e51cd7fde81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
28KB

MD5
512ead9ceaf682bc7352246c95bf1ec3

SHA1
c134b7cfb4284230660873fb9908f27c855bbcfe

SHA256
9e0bd73b7cbc8ec1fdf93e042cd03a64f2148eebd39221be3e662a0f998a55de

SHA512
436af1135ff38c0ecdfcedd96a132fe2993137e3a6e6616c1d66c84bca95fe7f0ac80fae2bb64b09d59b834e46bbad535a89c4b306636b5e1477eda74407446a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
75KB

MD5
5afab0c960bb26737ed3b7d4eba48be0

SHA1
7d06931872ec5ed958d572fb996c0cc8162b6a43

SHA256
c8e1c1faee28b4066dce00987b8f5108791b3b142b605ce67a7f6005ebc365d6

SHA512
10b410d1fbc6941f72ac6160c391ffb07285b8b430cb6fb09e1190ff6bda3431df3091cb2559b6fdb4462f4602c4b2deebdf521663ef3750c7138a7e06410dd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
26KB

MD5
4c431850cde0d7721ec46c62dcaec40b

SHA1
6f3eb321f142747183abfadfda9b3e716eec650a

SHA256
54ff73f0cd35b4d46a2de8089a1428ed58960614c7d2e6129c800d345bb246d9

SHA512
a904f845504223339f7af2c8ba1509b7e87da9bbd389de440abf7ba4e40871dd27337d43d129fb087d61648c02f37f742edef16213e6b34131f6b0fe9af0ec48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
8b7795a6b7c5239f9bd76b20611ef659

SHA1
bce6346b8c7843dfa376eacebdd6e48f6a62cfe6

SHA256
136b09d0964ba2f3c22fef453e02313246bbded2ef504c4302642027aa48236e

SHA512
604a9a337f9f09fb525868c5b583c11bb9e2c288b524a7bd29eaa98d194776af57700f8562204d98751f79b4b0d53994760399a7d4d6b65f887c5ded877bf1c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
30KB

MD5
0c4e5562a9a133d499cca2525fbed93a

SHA1
ec1fb8651c6d045f15ad9dd7bf7ba94d0d7b540e

SHA256
d9a4bd5ce5c8d66df0e66c37068b90862d9460f11ec177ced24d5a77b1772125

SHA512
f0eb78f58126cfffb6fc3edf8a8a83328511f4c82507e75a3a97ce843217d76cf9acc2c0889048053a0807020a9828a49e93191d0cfc691cd0ddc5cd78da87a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
78KB

MD5
06c6d7554c5fc0a14fd7cf6f4a6fdd76

SHA1
cd3abf6b4b15f469d5a2144ae522c9a1170f70e3

SHA256
ed82a2bd906a31fccbd942480cb886196f9b5310e795fd251d456c2891475da6

SHA512
c0d4fd00fb1c3a6d8086be8ab7b20f4719241afdb14086e00fc166c1f30b1fd09a9fc8c08942f79419f2f71057e8c02be1f382442f162c0c2ce7b4f04cabf2ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
28KB

MD5
0ca34543b04a125e97a1d400c1c79000

SHA1
17cee60021c9a8d96d20f0958ab59525fc4b38c4

SHA256
e54f4696087dd6ffbef96cd3c5ef5f3fccb6d29f1ab94548e3f222cc1715837b

SHA512
979a3311f5ba48b205b3a760c7de1bc3c2d06f2d877c76fde33aca0d24595401e8190c70029fede698ef7591efa2e632263f9314b231ebf5d324e76e0622389d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
31KB

MD5
a1e8e035e7a889768a18b2abb6d26733

SHA1
8cfbfbb74cae2a99a954c9ada33f3f9127678f67

SHA256
bd564afd434c4a1f2825ea86eff60691bfad1f0702d86f0d9e077b116a121d0e

SHA512
2ec7caab0a878b0b39903c38b2fa684084ae7bf94b9a418db891b96cbda60c911d5663b83c6fe69e479832e81da23f1d152aaaa60a751897b220a6078bdf1efa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
75KB

MD5
3f5c7a463b637e99fe971c45a8690367

SHA1
2301e5f11bd158839b50bc9341f63cfb5ed1757b

SHA256
f57a04dfec1855df28d748e384b636bb385957f0292c27153766b3e1013e9804

SHA512
3f2776a65893917e18d25d97165c2f9277e6dde12df993011aa50593e1eeedb10cca97a568a080ba2a9b7d443e2fb9f0ab71a9125651d50020c99acb431589e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
28KB

MD5
af2868e024ae2432a8d2905f2c77f0de

SHA1
f548161e179188261999b2c9d027e16bd4a7dc4f

SHA256
88e60fab50faa09cd9cdda51e76eb77560dca2ed93b5c424e7d02a073604e5be

SHA512
781619219e1b6a23fc788ec0b16b2cf97d7cf86727e7ed3c399aef8c729c70d3b52d6c0f594946b839e4bfb5427ba61882053ba9ef41cf554976b4a506ab34dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
32KB

MD5
58a84c65bbd176e0e9fecce1484648c3

SHA1
bafc2ddf228ae6114c36a0ee8f30fc6549c6e5eb

SHA256
89edfe2d9fe798952c61fe9edbba7b4dfd3930d7b2669979554a75cbc5b51f8f

SHA512
b9f4b5b785b15d46c47425728952ef683c451046627f0daa6b423d81c2ca52c12cc6e91de249527761d409faff1be0f4969c75a90a9d060b230e6060df559333

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
80KB

MD5
f3ca9fb12ec1d5662589e049a446e988

SHA1
56afddc01941cc8e84bf0ed3bf0ec839dab18aa6

SHA256
8d9f5def973c82d10b6f2a74d926279dfe73160af29ca3a019823169a6351e4e

SHA512
b03609ddd40acc301ecc2be76f9829625e3874d984b8c328513dd4b4b883b5f4bf668ebb061d7fcfcd48ef815c860b4e55fc6a9299d936d6ad523ab031a9964f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
31KB

MD5
502d6a666b0a62820680c3e53e1b9569

SHA1
9ad43d3b609fa616b05e46173d4705ec46faeb37

SHA256
a0063b8d68ee1bbbba7784c39b625c293105f021a3286853a13cf36dd20dd623

SHA512
cc0064a7c5c11c66c2bf619c0720fda92b463cd2fdc19c1c2ca615daed504ca2e55ad82558ad1238da609710176a57e7c01983c63595961f1676b41d91950dba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
31KB

MD5
8829b21b48d8c43c9f95ee8b97c336d1

SHA1
f8dbf3bddbf631295793a2bf8714087473238b67

SHA256
3f6e69e1ffdbf91e01d322687c7e9c0f9e1658b4091c3935156fc6490ed93425

SHA512
8763889d6755b48fb3a16fe1258ba4d9e92a1fc1d9356bad1985e1fc2e0e58012348a277591e22c3e776efc3e5ac737575d0a17abca0493b5265ec76052ad080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
36KB

MD5
1c3373fb252bef276a01387d4a9c1b9c

SHA1
d7d8a867818c9cf5634160d6aa6939f1944ace31

SHA256
6b0c238657d787efeea79c9786ea3c106c8a1b3dac99efa0b08ebffdfb6888fe

SHA512
ae49945e7e10a1271c68ae5b9cebb9598f8339333e36f27cd9e2435c5d35a90fd7f6a16972386f2eaabf12ae01d4652bcfa5148bfc29101471b90a8cb814b618

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
5d1806f96a7ffbcf30e5a3da2c727d62

SHA1
f71355ecc7ef7f6a1151b3f4b4bdc37b928a2db2

SHA256
36fbf28bdc957d160eb8e1f3a98267c3b770a1536798367ed0f0b4d7c516a5bb

SHA512
3e1896b7744d1891d896bff5de63a49561026817d14607e7a1960fcb5240f63e22757b31b4a8e2b9de005fb565ca4f08d9c23de79d3814686ea47c43339ee033

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
38KB

MD5
684b5889608f6caaabca6cf6b93b46f7

SHA1
bc4f72e1d13080d9d76bb1814db6b12a824df2d5

SHA256
7f1457081d1a1c87789bd2cc267ec330930f0a859752c18cb7d5dd8b922253d0

SHA512
49609bc39b3b2f17d4ec8582f18b55c337932ef933dc65bf6699e4bb7dd1f717308d0631ff2b8f5f029e07c88b93b97743381b18f216fdbf9559cf00f7ccec97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
49KB

MD5
a7bec1df740cd22cb2a4296604f574fb

SHA1
40ee35eb283853618cbd3ab4900300ca4ab4f7ad

SHA256
e113dfac8391f33f99615bb4179e738c4362461bb2df4cf43f81ab236813e3ee

SHA512
bde6c1adf143396aa502d7674beafd52a364b88c6baeb823fe1a5acc506c547b37eaf7b4dfd99724c1384c75b81bdfe7871f6362f1b60110bf0b653dadbd6591

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
50KB

MD5
08b6452e4c8406c0e83275db7abe51f3

SHA1
ded4dc848c47054f54910c2a41bdfe841a14d0b9

SHA256
cc2a2077b52b61fb4474c6e681e6d7a18b67f9fbd6ca861693c6c2228adcbd30

SHA512
9f0c83fdfe08c7778b7f67ed1d9c6f2c1c1775ccc9ea370a6fa5a3b9ce8a39c12f076ea836dead57ccad87a560b778c673134993fed206f05d0d7fa33ab7d33f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
50KB

MD5
17377b494f408ed089f235648d6e1d04

SHA1
c0d9c05e554cc4f4ee6a8d9f2041efd553affac3

SHA256
d8b3410398121eb3e46ca3f958542ae76664bb4a2302bbd4e62a3648f44f9e01

SHA512
9fdec08620758b0e59b3694f85dd21c4ff7ec6511eaa01abdbdd97b187d1fbd0ffb6a864065daf904b9171a27ae56715dde1e089607f53e43e4261e165ee1abd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
56KB

MD5
8b8a8a7accade3349c86efccf2a41fb1

SHA1
54c3b527c479e1e524958e3540180b520f4ba826

SHA256
3e774e420a10257098c861125142e21494407874a0731ca844642455577697b8

SHA512
217708b4e830d1c55e3fd442c5325cfb4c599e72c685faa403cc71ee31c40d5508a03f9b7073bfc2f8b465d8be4dee8092e5b73a7f5d48b60cd5779e1a567594

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
59KB

MD5
eb6dad9af987a20c0a0341119f5c4c40

SHA1
477259185c9f9d30f4997f87a7df82b8ef4da560

SHA256
9a6fe665c5a060ede4020661269fb8fdbcedd1a6fe4cd8ee247898cba37d33fb

SHA512
3b46914c5e2b300d9d53b1b2b95d1d3fc29064b063609c6ec88cf2f27b25f4774c13870a09de14c4f271634881976f75216bf4da398daa260b3ec5ee4b70c550

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
64KB

MD5
55a1aaa93c7b65ea4a1c56eb96437c78

SHA1
24eb5cdbd13f5c0b157aded7b709830295f269dc

SHA256
9fd5310abcb068a3aa1c24b3be24155f72f9dfa1943827df8fc335e192bb34c5

SHA512
c536c692481e12ea74eba95c147f7a809dbfcb4934c1d9159db4e22191fcff1e4a8dfdf2fc380f75703115160165d750bb34f887b7132c07ea65879332557aa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
75KB

MD5
5980b545ea90dd4e4f6c4b9ac87c8955

SHA1
8a30dab7ac2a1f17bf089c2a4fdfbcb00ff3dc24

SHA256
9f10d6928e29af79f1012960e3ece124142006c7957f8f7c5e02828e4cfdde17

SHA512
bef53fff376299ccfd9427e25e42e2274d3c10e349ae93b90690b6fed390089754717dcafed4a24d52c94bfa0c5956f51f69c11c70911bd3c250f63f6feeffe2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
78KB

MD5
9907bb8dadffb6e4f9c94ee7bfe8185d

SHA1
9edc6455d48c1709990c6d146184bb50aece57f2

SHA256
ba121af83fb2c474a98ba49c16fbbd5b6971d6ed309b23b3b80618a7bcbcaff5

SHA512
6859b8581da858681f9eae41a6249eabeedd01cc29438d256db98198e9dff000297502eeff960dd163fc46d30ba4bb9d0a02bf76cb8b18e7db115da7179a96e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
75KB

MD5
5f9927f234a1faec7efa7632e80bfa02

SHA1
8a86a97e231a9335390578bba5cf6c016e1732d9

SHA256
19d475fa8774a1b7fa8b45207cebd330e109213fc8dd63bec44dfd7f01868b20

SHA512
42b2d07546282ea34b66dcee205fc940e713255143c3233011b29cac0b90ffcdacc1cb1d837e43e5d7abcb41c713627c822b83cd92e6705ccf13d8ae6c0f7cbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
78KB

MD5
4747b89edb283c01ff016c1cfaeea95f

SHA1
fa8db225247eb8c26c1a955a23c9473edeb8ae8d

SHA256
d2341a4cb175e6b7458c6c1cabb494a4edd1b0a9f8b312ea01d4c5866a7b54d9

SHA512
c09a95e7c0c582275f7e8ee6575b7facd8ac82c70f355d069a4901912122598413c91897743289727f9828d85083914190841d614ccf0939556cbda633257895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
81KB

MD5
5e2d70dbcc40db6da403f84189053e7a

SHA1
139b0ebb957d83afdf3580b110c43b520dc61496

SHA256
2caca510c2acda07fd2a2fb023a7c86cb7fecefb5df7ef349f88e44a30d7ef5a

SHA512
e2a4026a89a68d46d55668d1dac88dbbe71fca30fca471a08a50ce35295541ddb269931344bbe34da1ea4649bc69b33c7398eefe7ce91a3f8a83458a1acbd452

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\storage\default\https+++mega.nz\cache\morgue\93\{519442a4-aaa3-43f4-9297-a26784139b5d}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\storage\default\https+++substack.com\cache\morgue\135\{c58d8f74-54a1-4326-a88e-67fa0f4ac787}.final

Filesize
858B

MD5
e4887ee47e8c6803d902e15de09b892e

SHA1
6048696f2e8ad2e0a237b179875d66481a976f06

SHA256
c335b01af3d91a6e59e6ee36c41ffe53fe4154716797b410b734fa633aea1f06

SHA512
c66a6004003c6882ed94d174849d197400a19a44dc9d06cee5eb0ec7829592f70f30da4b5af9ff82c009c054f56e311b90183b0953f840bc89ebb10df33ccbd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\4212016478LCo7g%sCD7a%teabbcads.sqlite

Filesize
48KB

MD5
48c88a9b97bead5930776e6b2e8a5b76

SHA1
81b2cdda8b7b218efc30aa3071f2689b24c215b3

SHA256
8a2668c695f6f726e5abf209f4cad782dee65d6fea4a36e63f3ca1a8e605d497

SHA512
5e9d7e8f0ba9677799961e0e2cf77fb3490a93d4f68208c6847fbaac0f1e3aefeabd1f4d6832d9e3c9018b6f54af532d45639be28071be55cd30aefb467de918

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\ls\usage

Filesize
12B

MD5
a4b57866747aa8bc0828ccb259689903

SHA1
b77c045f5580c81a6cd07a5e5d2271064aa52233

SHA256
395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88

SHA512
f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0

Download Submit
C:\Users\Admin\Downloads\42.8PwxYXlb.zip.part

Filesize
41KB

MD5
1df9a18b18332f153918030b7b516615

SHA1
6c42c62696616b72bbfc88a4be4ead57aa7bc503

SHA256
bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

SHA512
6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

Download Submit
C:\Users\Admin\Downloads\Bon.Fb3or5VG.zip.part

Filesize
7.2MB

MD5
335527492d516152c29dfd987646eb82

SHA1
34951925886a9f672d24fca1af0e746bcbf12d5a

SHA256
854369b291ede89a69e6116c617ca2cb6341af94163dfbfcfe4458624d6117d2

SHA512
ee48a1eda5c7577419e1fac4d783aee2c3e388e8b350164233e84f039450eeca3a9d9b960e1239ead483d820d2293d75152a46c7c865d21100f5f35f5087f726

Download Submit
C:\Users\Admin\Downloads\com.KurEzau1.mojang.minecraftpe-1.19.0.20-free-apkmodhere.com.apk.part

Filesize
2.8MB

MD5
6c6c0a4bdceab6ec198f9991c900695b

SHA1
45a1f55d2642d83dde164b9fb81a6f9d9baeed66

SHA256
3d9b875a0fe1125949aeb939af808cb12146d631aa085aab9a5a2a07f310fb03

SHA512
59b48910b2cfc3fddb7c9f523af4d3f7be21bcc1c106ad125542b71c3f88359c82cffa9ecb74bf11ab80236d80ff51492910c0000a6977bca7199b3505c297a9

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
memory/1592-5144-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1592-5505-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download