Malware Analysis Report

2025-06-16 04:51

Sample ID 240201-1k7xeaegc9
Target 87936f0b8f079c7f722ab91029cc3f8a
SHA256 a1dd74d7301bf8d504449071142c81113bcd4d0c88fee46e7bacf550495a72bc
Tags
trickbot zev4 banker discovery persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a1dd74d7301bf8d504449071142c81113bcd4d0c88fee46e7bacf550495a72bc

Threat Level: Known bad

The file 87936f0b8f079c7f722ab91029cc3f8a was found to be: Known bad.

Malicious Activity Summary

trickbot zev4 banker discovery persistence trojan

Trickbot

Downloads MZ/PE file

Modifies Installed Components in the registry

Executes dropped EXE

Uses the VBS compiler for execution

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Modifies registry class

Enumerates system info in registry

NTFS ADS

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-01 21:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-01 21:43

Reported

2024-02-01 22:02

Platform

win11-20231215-en

Max time kernel

1050s

Max time network

1049s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\87936f0b8f079c7f722ab91029cc3f8a.dll

Signatures

Trickbot

trojan banker trickbot

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET5891.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SET5891.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\t001.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\test.vbs C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\msvcrt.dll C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\sites.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\menu.bat C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page4.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BBReader.EXE C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\CHORD.WAV C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Regicon.ocx C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\p001.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page3.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Intro2.wav C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SET6C0F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SET6C0F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6C20.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET587C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6BF8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SET6C0E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6BE5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6C0D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SET6BFC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\SET587E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6BF6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6BE5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6BFB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET587C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\tv\SET587D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SET6C0E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET587D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6BFA.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6C0D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\help\SET587E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
File created C:\Windows\msagent\SET6BF6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6BF9.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET5890.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SET5890.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET6BFB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET6BFC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\SET587F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6BF7.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6BF7.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6C20.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6BFA.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\fonts\SET587F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6BE6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6BF8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6BE6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6BF9.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\regsvr32.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74179610-5A56-11CE-940F-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\ = "IComboItem" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3CD19360-7454-11CE-9430-0000C0C14E92}\ = "SSDateCombo Property Page" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.COMScript.1\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\ = "Microsoft TreeView Control, version 6.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\ = "Microsoft TreeView Control, version 6.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\1\ = "139665" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55DD814E-A1B7-4808-9625-4F75A3FAD8A7}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Control C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{1D06B600-3AE3-11CF-87B9-00AA006C8166} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A2-C5AE-11D2-8D1B-00104B9E072A}\ = "DSSTabPanelControlEvents" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\TreatAs C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\MiscStatus C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFC9BA1-FE87-11D2-9DCF-ED29FAFE371D} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE11629B-36DF-11D3-9DD0-89D6DBBBA800}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2F5A7562-BDC3-41F8-8122-4A54D2C3C50C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\Control\ C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.COMScript.1\CLSID\ = "{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCommandsEx" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\Programmable C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\ = "Microsoft ListView Control, version 6.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDateComboCtrl.1\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 855817.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\wermgr.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4116 wrote to memory of 1688 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4116 wrote to memory of 1688 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4116 wrote to memory of 1688 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1688 wrote to memory of 2764 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\wermgr.exe
PID 1688 wrote to memory of 2764 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\wermgr.exe
PID 1688 wrote to memory of 2764 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\wermgr.exe
PID 1688 wrote to memory of 2764 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\wermgr.exe
PID 2072 wrote to memory of 2840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 2840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\87936f0b8f079c7f722ab91029cc3f8a.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\87936f0b8f079c7f722ab91029cc3f8a.dll

C:\Windows\system32\wermgr.exe

C:\Windows\system32\wermgr.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1688 -ip 1688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe1e1e3cb8,0x7ffe1e1e3cc8,0x7ffe1e1e3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-624.exe

"C:\Users\Admin\Downloads\winrar-x64-624.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6488 /prefetch:2

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\b0f728009de64fbf83552b649acdd380 /t 1560 /p 2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Virus Maker.rar"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO4AB7950B\readme.txt

C:\Users\Admin\AppData\Local\Temp\7zO4AB0706B\Virus Maker.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4AB0706B\Virus Maker.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\itb2xi0d\itb2xi0d.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5225.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE13192F45602460D8EB92AAA9CC81C66.TMP"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Virus Maker.rar"

C:\Users\Admin\Documents\Free Robux (not a virus).exe

"C:\Users\Admin\Documents\Free Robux (not a virus).exe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Documents\msg.vbs"

C:\Windows\system32\rundll32.exe

RUNDLL32 USER32.DLL,SwapMouseButton

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmd.bat" "

C:\Users\Admin\Documents\Free Robux (not a virus).exe

"C:\Users\Admin\Documents\Free Robux (not a virus).exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmd.bat" "

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Documents\msg.vbs"

C:\Windows\system32\rundll32.exe

RUNDLL32 USER32.DLL,SwapMouseButton

C:\Users\Admin\Documents\Free Robux (not a virus).exe

"C:\Users\Admin\Documents\Free Robux (not a virus).exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmd.bat" "

C:\Windows\system32\rundll32.exe

RUNDLL32 USER32.DLL,SwapMouseButton

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Documents\msg.vbs"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7360 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8056 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe1e1e3cb8,0x7ffe1e1e3cc8,0x7ffe1e1e3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10014119905718900225,16832299510009491820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

Network

Country Destination Domain Proto
BR 143.0.208.20:443 tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
BR 45.239.234.2:443 tcp
GB 92.123.128.150:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 92.123.128.145:443 www.bing.com tcp
GB 92.123.128.145:443 www.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
IE 20.190.159.71:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 204.79.197.200:443 www2.bing.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
NA 196.216.59.174:443 tcp
TH 118.173.233.64:443 tcp
TR 185.189.55.207:443 tcp
DE 51.195.68.162:443 www.rarlab.com tcp
IT 185.17.105.236:443 tcp
BR 186.225.119.170:443 tcp
KH 45.201.136.3:443 tcp
GB 92.123.128.149:443 r.bing.com tcp
KR 220.82.64.198:443 tcp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.175:443 th.bing.com tcp
GB 92.123.128.175:443 th.bing.com tcp
IT 2.238.145.99:443 www.blackhost.xyz tcp
IT 2.238.145.99:443 www.blackhost.xyz tcp
BR 177.10.90.29:443 tcp
KR 119.202.8.249:443 tcp
BR 45.239.233.131:443 tcp
ZA 41.57.156.203:443 tcp
PL 178.216.28.59:443 tcp
IN 49.248.217.170:443 tcp
ID 222.124.16.74:443 tcp
PL 91.237.161.87:443 tcp
VN 14.232.161.45:443 tcp
ZA 105.30.26.50:443 tcp
ES 82.159.149.37:443 tcp
ID 202.165.47.106:443 tcp
VN 113.160.132.237:443 113.160.132.237 tcp
VN 113.160.132.237:443 113.160.132.237 tcp
VN 113.160.132.237:443 113.160.132.237 tcp
IN 103.122.228.44:443 tcp
AR 181.114.215.239:443 tcp
BR 200.236.218.62:443 tcp
DE 3.64.163.50:443 bdns.nu tcp
SE 88.80.20.20:443 bdns.pro tcp
UA 194.54.82.12:443 bdns.pro tcp
RU 190.115.26.106:443 bdns.pro tcp
GB 92.123.128.187:443 www.bing.com tcp
GB 92.123.128.187:443 www.bing.com tcp
GB 92.123.128.175:443 th.bing.com tcp
GB 92.123.128.175:443 th.bing.com tcp
GB 92.123.128.174:443 th.bing.com tcp
GB 92.123.128.174:443 th.bing.com tcp
US 8.8.8.8:53 174.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 b-dns.se udp
DE 3.64.163.50:443 b-dns.se tcp
US 8.8.8.8:53 www.x64bitdownload.com udp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 8.8.8.8:53 187.2.126.209.in-addr.arpa udp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 8.8.8.8:53 www.cookieconsent.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.74.228:443 www.google.com tcp
US 172.67.137.186:443 www.cookieconsent.com tcp
US 8.8.8.8:53 www.termsfeed.com udp
US 104.26.7.160:443 www.termsfeed.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 186.137.67.172.in-addr.arpa udp
US 8.8.8.8:53 228.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 160.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
FR 142.250.179.66:443 googleads.g.doubleclick.net udp
FR 142.250.179.65:443 tpc.googlesyndication.com tcp
FR 142.250.179.65:443 tpc.googlesyndication.com tcp
FR 142.250.179.65:443 tpc.googlesyndication.com tcp
FR 142.250.179.65:443 tpc.googlesyndication.com tcp
FR 142.250.74.226:443 www.googletagservices.com tcp
FR 142.250.74.228:443 www.google.com udp
FR 172.217.18.206:443 fundingchoicesmessages.google.com tcp
FR 172.217.18.206:443 fundingchoicesmessages.google.com udp
FR 142.250.74.226:443 www.googletagservices.com udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
FR 172.217.20.161:443 lh3.googleusercontent.com tcp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
FR 142.250.74.228:443 www.google.com udp
GB 23.214.133.66:443 cxcs.microsoft.net tcp
GB 92.123.128.170:443 www.bing.com tcp
US 8.8.8.8:53 bdns.by udp
US 8.8.8.8:53 66.133.214.23.in-addr.arpa udp
US 8.8.8.8:53 170.128.123.92.in-addr.arpa udp
US 209.126.2.187:443 www.x64bitdownload.com tcp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
FR 142.250.179.66:443 googleads.g.doubleclick.net udp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
FR 142.250.74.228:443 www.google.com udp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
FR 172.217.18.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
FR 142.250.74.228:443 www.google.com udp
US 8.8.8.8:53 csi.gstatic.com udp
OM 216.58.209.131:443 csi.gstatic.com tcp
US 8.8.8.8:53 secure-download.x64bitdownload.com udp
DE 138.68.69.109:443 secure-download.x64bitdownload.com tcp
US 8.8.8.8:53 bdns.im udp
US 8.8.8.8:53 131.209.58.216.in-addr.arpa udp
US 8.8.8.8:53 109.69.68.138.in-addr.arpa udp
US 209.126.2.187:443 www.x64bitdownload.com tcp
FR 142.250.74.228:443 www.google.com udp
DE 138.68.69.109:443 secure-download.x64bitdownload.com tcp
US 209.126.2.187:443 www.x64bitdownload.com tcp
US 172.234.25.151:80 getbonzi.com tcp
US 172.234.25.151:80 getbonzi.com tcp
US 8.8.8.8:53 ww12.getbonzi.com udp
US 13.248.148.254:80 ww12.getbonzi.com tcp
US 8.8.8.8:53 parking3.parklogic.com udp
FR 142.250.74.228:80 www.google.com tcp
US 8.8.8.8:53 d38psrni17bvxu.cloudfront.net udp
US 45.79.244.209:443 parking3.parklogic.com tcp
IE 18.66.168.193:80 d38psrni17bvxu.cloudfront.net tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 151.25.234.172.in-addr.arpa udp
US 8.8.8.8:53 254.148.248.13.in-addr.arpa udp
US 8.8.8.8:53 193.168.66.18.in-addr.arpa udp
FR 172.217.18.206:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
FR 172.217.18.206:443 www.adsensecustomsearchads.com udp
US 13.248.148.254:80 ww12.getbonzi.com tcp
US 8.8.8.8:53 afs.googleusercontent.com udp
US 8.8.8.8:53 bdns.link udp
FR 172.217.20.161:443 afs.googleusercontent.com udp
FR 62.75.198.178:443 bdns.link tcp
US 8.8.8.8:53 209.244.79.45.in-addr.arpa udp
US 209.126.2.187:443 www.x64bitdownload.com tcp
DE 138.68.69.109:443 secure-download.x64bitdownload.com tcp
US 8.8.8.8:53 www.google.com udp
DE 138.68.69.109:443 secure-download.x64bitdownload.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.175:443 th.bing.com tcp
GB 92.123.128.175:443 th.bing.com tcp
GB 92.123.128.177:443 th.bing.com tcp
GB 92.123.128.177:443 th.bing.com tcp
US 8.8.8.8:53 177.128.123.92.in-addr.arpa udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 8.8.8.8:53 31.29.187.198.in-addr.arpa udp
US 198.187.29.31:80 bonzibuddy.org tcp
US 198.187.29.31:80 bonzibuddy.org tcp
DE 3.64.163.50:443 b-dns.se tcp
SE 88.80.20.20:443 bdns.pro tcp
UA 194.54.82.12:443 bdns.pro tcp
RU 190.115.26.106:443 bdns.pro tcp
DE 3.64.163.50:443 b-dns.se tcp
US 8.8.8.8:53 bdns.at udp
US 8.8.8.8:53 bdns.by udp
US 8.8.8.8:53 bdns.co udp
US 8.8.8.8:53 bdns.im udp
US 8.8.8.8:53 bonzibuddy.tk udp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.twitter.com udp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.2.137:443 code.jquery.com tcp
US 8.8.8.8:53 241.78.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
FR 62.75.198.178:443 bdns.link tcp
BR 143.0.208.20:443 tcp
GB 92.123.128.171:443 www.bing.com tcp
US 8.8.8.8:53 171.128.123.92.in-addr.arpa udp

Files

memory/1688-0-0x0000000002260000-0x00000000024BD000-memory.dmp

memory/1688-1-0x0000000000AE0000-0x0000000000B20000-memory.dmp

memory/1688-3-0x0000000010000000-0x0000000010003000-memory.dmp

memory/1688-2-0x0000000000990000-0x0000000000991000-memory.dmp

memory/2764-4-0x000001D5ABC30000-0x000001D5ABC31000-memory.dmp

memory/2764-5-0x000001D5AB920000-0x000001D5AB948000-memory.dmp

memory/1688-6-0x0000000000AE0000-0x0000000000B20000-memory.dmp

memory/2764-7-0x000001D5AB920000-0x000001D5AB948000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bb88128b6b2d63f04c36ce68ed52d0a1
SHA1 29cd0515976a9249fc96a9d77c9986238cd1c2da
SHA256 19341f9fde32349d43cf9951f118ebbff856499e0e6875101eaf2db37a7d7d8b
SHA512 ab3071e116a32fc105a868fe9f3cd11cb282fc6cdc1e101b09c7f6269502f98b34b2f0a2ec32eb2b537073e2b20bd22cefd2fdcd4be87f8b169e6eed3bed1ae7

\??\pipe\LOCAL\crashpad_2072_MIAZBPBLGZDNKIMU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5bd3c86dccb3a744c8100dd5e06e3dc3
SHA1 62912e90d800e5229ff1f3a54978addca5e67123
SHA256 679d3a3f8de218cc555a96fbb2667032634881f875d826471ffc06f85f7032a4
SHA512 cc14b523c7f3bf27acfa7b4fa76ebbe250a16c99def1c77528e841e042532f31380cf5977463d61c0a1ed906321823a6307c1d5b32bf5d9ace590d733fc89d89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13616ede13f47df9e86a13207ed7b69c
SHA1 f51c891df0b2fc41f38fee09c537418a75c6c4f5
SHA256 4bfb28f976d65309b4d7ebd1c837cd4bc9118099abaa7332f4730ef43fef06e0
SHA512 819b554170c5dd16ec7c9dbdb88d58d7103aac5b3ef8cb3c1a55889eacdc77eaec80f9e1f6c6de3b97a257022c44017905ec54a0aa2c86a7fc08b8b51a967536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b9b7bc8c30e5a8f216178c187f612c1
SHA1 3dd158f659267153ad975c3d6f43f313cd8592b3
SHA256 c9a27d8778b1c918b6bdd78b86d0554fd945180d69a416449b9731ad873b2619
SHA512 d6a9a861df1b904db971a63b08201fdab2249a787b6e8854f9990e8dab4b85d066da1abdc4389cf1c1c888509a79e0673e8d9bfba69e36ca0821221f3a1b06d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 87796f83a580ad1059639b7b6f48c978
SHA1 3aeb3452c1d42aa82dcc46fac0eff546266958ca
SHA256 ca9281ab005e47fe20e132b81ccfbf7a5f0e6d845cd3412129bcb07cacb1397d
SHA512 196d07ff37bf35b583ba80ef92e0277eee328925a77accb3dae1ca10a356a7924f49a7e6233db1b8b320eef6beeb9677ee7d642dd4bcdb2f1343cfe84fb186cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be7aa64fe677033cf6a061aad5936e8d
SHA1 40788f2e2ca5180ddbd00090dccc324d804fd5fa
SHA256 43f17ad67e9fca9614cb4e1dd83a492bb64de85ee612c657343cab1e90c5b13f
SHA512 20bc1f7831b460698b3a988ec55f26ecec608379bb5aa231d389a6d3949ab05b73a4371943f9428886db6e2e4a8000684922fae9c5e08eb8e5f84054bc3af048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4837fd0e8ae86bbae8109a663907b938
SHA1 500174730890c6022f80b3415fefd2e770eb3992
SHA256 7dee21a21809d7c5242fd8c9685625cbe3d4ae1b5ab1c7043f29679a930147e5
SHA512 f21e276e05b0ea8dc2b449a362c5451b131721cbda4ac5185eff7936dc9cdad9c280cef7fa697505dc99c2b820ffcea4157cbef812b83cec0103ff10ee9bee5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 4e9531e4ab1439ccd0996b13824e5172
SHA1 46f991556cd51342f326a23b3a5723fdd463c0cc
SHA256 bca36632ce568ee949d3ff1971c0e1d73ffd7a817a52a677dc098ae6d68b1bc4
SHA512 c3b23989e9afd8f9e16b7204042cb92d8ab6519c05058e13c6b7f904bbcdf17dffecefd1f99725e6132429af856d798bd509a310eecd8ee07757fe170bdb0879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 077e4b001d1153a10921f4f66b17e84b
SHA1 d78dcc9fb3aada712692b48a2fe72086b14cef44
SHA256 e41355559ae16693f91f53fad7b98af85ab235ed042cb73d467ec5ef5d3ef4eb
SHA512 28a3173c3d4d9756ee6882f5612cabd9e2a3ebc275547a2d4be9fc00f898fe5d384558d3a55ecc5f67ff103f60ff9f39b6f007cdd6f7a44df276582b7d40a279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f814fa74e78b47489b7aa6f77c4a0a0b
SHA1 490d0b46cf4a9d5a7e86cfba068af35204f042f8
SHA256 45e05af879fe922e9426b96a07bd6a41f38389947cfd2f0342712a4810072e7b
SHA512 3b71e7b45dd5787b5bdea3fee28d999660252026b37293d22142d9d55a0f6b2a4669ff6c0c04c8f63fa776e3ad64318796641d602a54190768257dbeef79bf1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d04e52add33da14d6ce2c234f37b0848
SHA1 9e151afad93f11ad6597a75dc985c7f053a209ba
SHA256 39993073c0b49abeb98d72251f2791cbbbbf58e797847e68eff8055bdb67fd5f
SHA512 cdbd3a1a0ecd1cb204b3bc7c94512f90c8b2c398c586e86a1a7c376369b7eb075e4cbcebae34934fdac5ca09399af71b3d46a9c71569efbde55a71d1db69367f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593714.TMP

MD5 50674245441862a2263d0edb433d38fe
SHA1 a01787be9b692f370d5d282fe8bac57aa6a1c11a
SHA256 d8a7ff4382606b6aa84a1733cc44ac9f9ca83a345ea601e375213d81834e2eb2
SHA512 0cbe19fef32e857bbe7fc057bf52002c74970f5acc9d8a5c86f8a6e90aa670e607c6dfc190a9987d85c6d978c12b3a78cb831095cc7f6c2e6310b355d09fab72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 806cb16b1d996e140307d36327eeb39e
SHA1 5024487f2568514402d01e0167f8a33ee8dabeb0
SHA256 2eb5990d08c2faee2369875e0429798debbad6233be74f66f2af72a96894fe8c
SHA512 dd6c09dc7a01a9dd0a162f81155dadf4bba94900208144062c1dcaa2b74897d25ea2360826318b0e14b85f5e65f1aff602be8a6acf2c5e3f9e978339f46beb0b

C:\Users\Admin\Downloads\winrar-x64-624.exe

MD5 db39a1731fd514486b8bc80dac47edd5
SHA1 9c84dbd6584c8264eee3b342949aa02d7990526e
SHA256 49bad8c1d86129820ec35ad3a9908b4b10789a5089f3d6082113bcd5b286ceee
SHA512 c238d4a0daa629c1a3175542627bd8bb49dea5e97322fa982225458cdcb362e7d45283232cdc3a029e6837307f6498d9ab1637b396dee66532493cfce9b35c71

C:\Users\Admin\Downloads\winrar-x64-624.exe

MD5 0a4f482099b9468f3cd5c98f71cf5f71
SHA1 aa5e8d9fd7d613a163acebcccefdfd33bb18c8cd
SHA256 794481dbbc9009a2565726fb5b4a4ab2fe216ff9edbb08951548ee765de9b4a6
SHA512 f5f61a3cf4440d9fa59e7093341a293c0b42081b547992284e54cef61eee1f817fdbbbcc2cb921b077f8bce5b9280072c0f3b5a1bff266ef23c3d9a792d24b9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 79300925f6d73fe5164453ce7ca1bd81
SHA1 7a8a5b7e427287ea1fb1ebedafc1093f6ec9b51b
SHA256 90a268efdf7e958ee7bc8696d277f951d2404feda8e114ff1ddc1951ae689476
SHA512 bf217ac93647c84b41cd2137b815fc2973929b8ec28b1e7bf98288dec2aca735147945670357fb7618672785001909a40fb07ccbd06e7b68bb8e6d58a75f5168

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9eaad88a64073ff93138ad81ed05a93b
SHA1 8d3ecdb06117a7f83e9e146ea1a57dbf224d9c01
SHA256 db2349036d4e15aa6a3d5602794836bfbb1cb512b5b969916ee32f318d5c720c
SHA512 d0b7f7c2aca548c9f8afc509c03599d282001a565ae556d4c6c52d2904c24b0e3b39b5e415a06b31615bc997039f6f49c442ab6c109760582071878ffcf23d29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c95b8347ad55cb0787daa06c5ac534d8
SHA1 3ac4a980f953f64ac7e833aae62545a91014fd59
SHA256 8231dcc6907ec0c544a55642e7ebf8a769332ec1ff66b6910db15f2dea259c70
SHA512 2790c8b8a194b5baa5857ccc7ed136e204bf03d5f7475527262ac39422bf811f9b86edd84745f5f37f24eddb5c5e386baeadf400d0b34655dcb1217e6f7c445d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 892a0c5604126eadf66bbb88f1489b0c
SHA1 dfa88fa58d34c62599ec210fd97129650c1d4c72
SHA256 4a61366d6fa7400e3a523a7ea286d95f264b244f1adf914401478dfff92fe1ab
SHA512 738da759231668178c2b7e0ca06de6f1fb9d79b475fd264e7332af71506f114c7a5ea70e004c407f9a06fde69a657364bfed321ccb00c3727158618e2d880885

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 02c1206f20c7baa83eae33aade3ac785
SHA1 a1d41ca2c8218d17c066e02aa5415ea80050c0ae
SHA256 5a3854e0aecaab90c3636bae02061599a50971ee73d0f5edb81e4529a562b67e
SHA512 3ed12ff700249ddeb37a974ffcd23922f50e62f3163f28af180258b57560fdd59a9e3e4c883ef82d28ca17f1b78451f4f30b439b108d81b88060ba23ddd776f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b28fe8f59e76850f5e69d6e212ce4d6e
SHA1 aeec46ccfd706d814e438df40a733ded8f7b06d5
SHA256 c4687b54d2c6bbc2eb938217dd709bf523e5ec775452b0e74dc373f9764d8833
SHA512 be4371bf1c7ebd14a4e0d7ca56c8581dadb8c6aca43dbe951e86dc3ce099f093797eef54c53b55bf823af0fb328b06e7f65ce398c47845fe6674d241d31a449d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1d8bc9f724217126b7546916b353726
SHA1 80f145ef1fb46e232ff7b3dcc55faeb1c6c390b3
SHA256 0d2316ce543758c6a97de27036aa05d9be53b7afabaa6b703c0e2c93192ff1a3
SHA512 832324bd98d2e56cf7aa62b664b1faab0bdf1a65aaf213b5f99fed9ef2124533eda5bf23184d180cebe60a7454ee612c102d040d083d8dbe7d7e5bc5da87c4d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b15e469b801a4c5901f9bd81628ba31
SHA1 eb6daf4dfeda25ca0f79cd0b75e445d7f621e000
SHA256 fc575c09e6385b4355a7e01eaeae1e115ca53d036477d35b9eaba4223550c021
SHA512 1a88106472c8d1e6aacfc2ab49ef6ab24bc6be6448676ea001acbcc337cb76d5db30998e351b7e1e9d1bfeab124156d0cd20b1f4a46a9af97050ac22263b9032

C:\Users\Admin\Downloads\Virus Maker.rar

MD5 d1f61793e7898df4b27e3345764ceca8
SHA1 f03b91146aeaf753b565620a022a238830ed56d4
SHA256 d32f3a860b863d38f117c2e7efcaa6909583d418f8578b526a7ed0153529644b
SHA512 6491767f6db68886d000b173306377f3b0bf2d6db765ce4c14139c9ad09fa44e6cb75489f3858e45c4000333d2ad517721f81cc48e94de25c75c17cac36bb617

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 520568131d3bd91e944d1ad03c305450
SHA1 5014853b43ac83562607c39cd8c8fb3b31106d2b
SHA256 b867c0620ef7f9c12215b6a6f57a90109824c72213a5b76c256e4ebb48a4f2c0
SHA512 aeb58b0f5c7a88000ffa189b96748df189a8554a5ceee70cf41dc643e9851dc5f0a3ea971072b4d13d93604f41f4800d5e1182127143b48ae06cc7acf0f17716

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e070e4f64eaa89530bb80d99738b987e
SHA1 c93637d55c1b18de2d9bc9da1f0d6906cef95573
SHA256 ecb2cde8cba0c4c3fe1be1a08821cdb30efa354fb0c5310a695230fea96bc158
SHA512 004fdaecc660b4080fd9d1f1a2563ca1375f03a1b0e4d32a27c59198411a81fc796f8e5f2429172cca4ff42f8e8ea776be4c78129140ba660be5c5c4209f9982

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 973ad64301e2cbb9805f19466693462c
SHA1 fe05d6f56455304fa9c2b4849d37f82b6904330a
SHA256 bcc74cc7315647a901270f1d6bbcfc0ed9e7b881aa30eed0116093fcca89b927
SHA512 32c08bdf175e78a13c4a612d41ec244ce009049987abd499847df51a767a7f7b1559bae7ef504a5b5d6e570a238059ea29ebf00375f453d2fd5c68f2f023ee3d

C:\Users\Admin\AppData\Local\Temp\7zO4AB7950B\readme.txt

MD5 25cacb7c8b102e2ad4658121bdd2459e
SHA1 7b5ed8c98f3e04774aa20de108d2b5e3ffcada8a
SHA256 ec059872ca0ab2a183c1e5539e76f926605ae2e7a60ced5247e5f0f72465d971
SHA512 747c6cef1744f1aba9c74b5573e21807225ee8ed7ac9229ae551f37e6d577b9875e3ce8a2991cbeac1e2ef5f1fb768d50deabb5fa5eaa0180a406d2c246956f5

C:\Users\Admin\AppData\Local\Temp\7zO4AB0706B\Virus Maker.exe

MD5 d0d02f3b3fccd570d8c66e73aa982d21
SHA1 f5961902a2fd50ba18ba17f1c903704fffe1a81e
SHA256 b2dd5194837dbc1d7965fd1f8ca7da93868a2048c70546415d8d78221547e638
SHA512 b064ff1cb4bb3e7278d2cea4dc5dad1a2a2ae69a8b24da826d7148b92990b9e02f316578c89eb76e914ba37d097ad499d020ebb67212907963e3a4f32642c369

C:\Users\Admin\AppData\Local\Temp\7zO4AB0706B\Virus Maker.exe

MD5 2e8d3352d6835d1524d7044dbf19c356
SHA1 01f8314845e1f7ef3dbf278b520629cc16e285b5
SHA256 31a64ed4ab96b798782bd103f090421123e6571367569a834699b04be2a73415
SHA512 76a01d68297e66915abac2d034dbe0b9da02dd37ff9789f01eb44c37989f44b15a113192b4ef857e379861498de23be82b7cec7144f5d23c6f9250a13e0a7f59

C:\Users\Admin\AppData\Local\Temp\7zO4AB0706B\Virus Maker.exe

MD5 ac45f0d5e869d248a8f05899f6aa3977
SHA1 7a3cf0341c65dbb6a0ee1c4fd524da1fdcedc03b
SHA256 0bdb2e49b20267311c9ee1edd11ddccc7d6930ba0e19dcb4eeae14169c0b02c3
SHA512 8f6c5b10c1984a509f7a6e971e51ade3f24381c538822b0e20abc60e8f2527cdd504668f8a8074b4e78a23c004c3ec0ce7d35581c816fc14123578d4e59108fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 216f638439b404e7fcbe3ed3b7bb008a
SHA1 6fbddf4022611f7904eb90c64d2a6b8fdcd195cc
SHA256 6ed59491a35f719dfb1eae3b98b7fa4540a92f2cfbd33617efab4845e50f37d3
SHA512 75f054795115558af7813c2455c3e4059d856d402210b1bce965df517f3e03c7b8106e8cb7e39c00cb2d25f2e7b84875676b5858dce707eb455029c54cf06967

memory/1200-737-0x00000000006E0000-0x0000000000A8E000-memory.dmp

memory/1200-736-0x00000000742B0000-0x0000000074A61000-memory.dmp

memory/1200-738-0x00000000054D0000-0x000000000556C000-memory.dmp

memory/1200-739-0x0000000005B90000-0x0000000006136000-memory.dmp

memory/1200-740-0x0000000005680000-0x0000000005712000-memory.dmp

memory/1200-741-0x0000000005880000-0x0000000005890000-memory.dmp

memory/1200-743-0x0000000005810000-0x0000000005866000-memory.dmp

memory/1200-742-0x00000000055C0000-0x00000000055CA000-memory.dmp

memory/1200-744-0x00000000742B0000-0x0000000074A61000-memory.dmp

memory/1200-745-0x0000000005880000-0x0000000005890000-memory.dmp

memory/1200-746-0x0000000005880000-0x0000000005890000-memory.dmp

memory/1200-747-0x0000000005880000-0x0000000005890000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 0beb2a38aa208e69e14709b7a1a2df32
SHA1 0540f3875734a40ac2a654203eb64e8ca58c066c
SHA256 51b708d0d66e2ca22a3500df3510bbc450d8b3ef3611072865981b9a6521be36
SHA512 4485371a61fa2ad23ab2eda116441b23c6d5ce878e5b31ae403b847f561cb6e0de34abf366e39f2244b7d133995c257303e78ef695f86142373d47c4e92a9369

C:\Users\Admin\AppData\Local\Temp\itb2xi0d\itb2xi0d.cmdline

MD5 1061cf07cf412d90ea5949b03ee60717
SHA1 cdee13b79aaa4d9d205d77dab6772b06f3af5799
SHA256 06482bc3e773454fe918c9cccbe79116cc602b2c9111eb27ff522d5b5e4ae88c
SHA512 538f2ece7685a0151da206dbd1fe5c966a086891d944abc3f54daadf2c0b9944422dc4af763f5bd3d522564de48da83540b048ee37aabb50d9416ce110bc110c

C:\Users\Admin\AppData\Local\Temp\itb2xi0d\itb2xi0d.0.vb

MD5 79ddf9361b0f3bcacda779312ba9cfa2
SHA1 c4f2d47a303744f9f40730646b67b53e992101b6
SHA256 53ac554c719ba3bd7ad14e20f4da03e8d370853c76d1bb88e540d6e53ae0f27c
SHA512 638919ed9ad1007ff861be766a024fd347fa678d484d67e02356faf86690457093ddc8d07f8a1a9d02f467ee0c609986eed7990bdf52c04a33eedd421fbf9b6e

C:\Users\Admin\AppData\Local\Temp\vbcE13192F45602460D8EB92AAA9CC81C66.TMP

MD5 d67644899fd64aba5a5d6c2e8bb24648
SHA1 f66842215890330afa87b8628cccf39d9b374130
SHA256 f402990fa557802110443269a8a66b62df73bceb1da98b7631d188f10b2ef63b
SHA512 69db5cb36749e443c5aebcac17d0740a37723f31fe5847036dd00d9137bc41993f93587bea4d5929becf5ba51fdda62aeae23e2800813bb22cff1d2c808c4f2c

C:\Users\Admin\AppData\Local\Temp\RES5225.tmp

MD5 c28c03406f6d7821ee5faeb4dbc23eeb
SHA1 bf7bdfac1ec2c216ebe37f72a5826570c99ac739
SHA256 aee36a82b7adc0fc11d2ac0290941b691bd9cafab8c140c95ab9a92bba0d8fd1
SHA512 13be3b8550d2dab39cf22a2716ec34392fdd0ff5087e8af0f7cd917095e6060d624c22b46b8d59f9c3809fbd6a5561015532d0362cc6d62c22644bc9940e46df

memory/1200-769-0x0000000005880000-0x0000000005890000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 63409c6fd7c1da7629fa5cfdf09cc4a3
SHA1 16933e963671b7fb551ae7b1d261dd851c3760f3
SHA256 106043a24ef4511f964a2d21929b1f257ea8c4958cefe5eab60345228dc8aa5c
SHA512 b33a727bbcab3490f69cf4ff8a43d7abc11b9f674144728924d1f5c1739298a65fe503b7160f95e4826279ed97147a494e827f84f9da8c1039509a1c68d34459

C:\Users\Admin\Documents\Free Robux (not a virus).exe

MD5 428c44f816a09e46be91ba605ab88b66
SHA1 9e0878b2bbd763b533f0ddf026d171f862149d53
SHA256 0ead7a3692affaf87f3d8a4b1c7626a7bfcd6e06d77bc16561f1d78b5ed28df7
SHA512 be33d6a585f1a342787fe2be37c6c18f200436da7660e8551597ce585fcaf1315fb81223604e0c9c7fbc99046eaa87c47210587df0187d2f09d37a6995167d8a

memory/2804-774-0x0000000000470000-0x000000000047A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cmd.bat

MD5 db1f8d5bf238144e6c67b9d6c2a6d321
SHA1 e300417ee8d38c2ec703fdf4fb2be0aaecccea43
SHA256 82461a1f5804aaac14c2ccd26c50ecfb2a357041f6f60b0ed974c1d242eee1f2
SHA512 64177734c5553c8c5eba8da78ec0614ac6d372b63986af74c7508b439a31172ca207292feebfe7ab3635a6439f07eff1091afd0667329be10d7b8e42601d0e16

C:\Users\Admin\Documents\msg.vbs

MD5 4726966f9ac2a52b4af74c83f527cd45
SHA1 0718c09e8b93727f3712be7ba434a7333df41d61
SHA256 c7f80ee43ad6292e1406989dfb17bb8fa3b90af46011bcdf133235cd5b6b2ec0
SHA512 fad37f32e08cb95a2c1d00947f7854464ff71e74b4a7bf4c1400f44a04771889c5d6ca4ac4e98371b9c74274335b0f778f264955b84e2da0f303962012b66d65

memory/2804-779-0x00007FFE07BE0000-0x00007FFE086A2000-memory.dmp

memory/2804-788-0x00007FFE07BE0000-0x00007FFE086A2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Free Robux (not a virus).exe.log

MD5 4ae344179932dc8e2c6fe2079f9753ef
SHA1 60eacc624412b1f34809780769e3b212f138ea9c
SHA256 3063de3898a9b34e19f8cf0beeec2b8bd6bd05896b52abd73f4703d07b8a7cd4
SHA512 fadfe2b83f1af8fdc50430325f69d6172d2c1e889ca3800b3b83e5535d5970c32e9a176b48563275a0630d56c96d9f88df148fd6b2d281f0fc58129e5f4dba19

memory/3044-794-0x00007FFE07B70000-0x00007FFE08632000-memory.dmp

C:\Users\Admin\Documents\msg.vbs

MD5 2ff7fda119f12fbd2babf2b47587ebb8
SHA1 fae1d0063320b21b0a8eed2face1d6706c7ba8ed
SHA256 9a5a19c9a47d828d456e26fb4810a549b4f9299f208b30a80c06869493c4df42
SHA512 75b0a91292f9c071549c78662d940adc69e8ae4dfa1721ee4299a2de93a2e52f1d6b902acef0c74f39e05e923cd10d37d91c1b190c1afce8a7ade0c8f3ea09f2

memory/4616-807-0x00007FFE07B70000-0x00007FFE08632000-memory.dmp

C:\Users\Admin\Documents\msg.vbs

MD5 f448e6002ae9034bb18305ff04c0b056
SHA1 d6ed22c24b627c3f7dcde720aa964a8d36392955
SHA256 b498011d6755ab1c5eb5bac2e10a535aaa1c7cc02540ec1a2f8cef0c6210bb94
SHA512 3a41df3c9ae0fee723d9a6fdf00375517faa17876c22974b0737e0dfb8c06b518bc443df9615d8198fa1fe5e7b03e4bfa6aeef9240f3742fa1f274328bee0c3a

memory/3044-816-0x00007FFE07B70000-0x00007FFE08632000-memory.dmp

memory/4616-819-0x00007FFE07B70000-0x00007FFE08632000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 f0d11cde238eb54a334858a3b0432a3f
SHA1 7c764fe6f00cab8058caeba38eb7482088a378f4
SHA256 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96
SHA512 b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a8a0a5936d32e3960b5e4defd79fd1d3
SHA1 cf3119071a4fad264af12b98d2602117305871c0
SHA256 a762d94d43121cecc2e73d2c44f04c23ff276def4a51680a32921b83560947cb
SHA512 ad729ecb9e6907300465199f76aa78748b68816eb52c4b3eb4991a52d5035a4ee0d0967736e9ce6bcba428b919c4310a3d97e91d4b96b30de0df2ec4727f080c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a32cc87a2ba876131f2955e3cf6ce70
SHA1 e9e5bfef262e0c6728122c9436cbba3b542b0ff0
SHA256 8e679441577e516eda45a038b3d97d21b14be18e30120fb2a908268415ee5fb2
SHA512 8cbd016a2a05398ded7d39ef382b82b4f5031078c0e6294e2f2059862fe0040f5d53f2a2bdfd7abd3ecc6654a8195a328a3262095f975e914625ce1f43f81d82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 482b1cdb275845a1d4277ba4f69b80f6
SHA1 3becef0494ab23d46479dccc103a19cd1fd5b4f3
SHA256 90c52ce779f414791f0d30a84f84775f6279b5a917a0d2d51a689883e342391f
SHA512 5cf215fc03358fde1baf80268930e41ff9c126029f73b3cab2e38ce010e740746facf40b03aac747d104052d8cc161114deea051f7a4238a4ae79764dd919f7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 970cdea62f25d8825a6d7de4aaa628c1
SHA1 a25621a623f94e5845903cdaaa0b6867bbb39802
SHA256 af56255df514fe59896f5493da48d4b7249c27ce6ffd6a8b101b84d73ecd057e
SHA512 c1bb79c8670fd67e4b5c61e2d84a4321d25bf1c758e3b1b458598e10ceb8598c4aa065ccf63085c692f0ee08ca7c1ab85ce0b989d90c972352e7106a30b0589a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 816245d4f50910a6d4170524c0829257
SHA1 b09cb8bb6d90fe57686a8d8d37d924cce7aa0138
SHA256 186eef47e9808d44d6d233470909376ae0c32206682dde3af8d7f76310778ce2
SHA512 f266dc331f1d676aad512ee94361d9ad810fb64fe4083853a2380bca2faac5f4844f719c981c4d3c5b1bd22fa50a854ddddab16cd5d5040b030059494752ad3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 373e5afb7cb41fb2672caeb8c756e264
SHA1 d477725b21576b283bfe24224510f145cb3e74b6
SHA256 e948247866a9ef0c897c6521130f1e77c110100d764ba2ae2915847f069662aa
SHA512 ce3c5bb30e739c59b101e36f72e2225f074947cc7f6eb9792541c4ce28c3746556a6adfb3293f6e7d068303950c8d09f97cbb742f622f51d0eddae362da5bde8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 12a3420a27c1dcea86fb1f225f4fdf89
SHA1 7c2e10797a6d937747c09bf9f36d87d505d4b0fd
SHA256 e8bbb2ee3443047fc5a2a90c5b60f265f3c61aafba5d457a984520f8793fa8c5
SHA512 7e01f5100408a4ce04bbd4df8e713905c44a2bee4e9711a0305b23b3eb3f283b9e0774ad39d319e597abb547fcc5865275b92a013e41ff180113424a01493494

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 a7d387656da381638b48e3cd5a2765a5
SHA1 46de47b90b7b967a18daa16853e43e159707c815
SHA256 43dedeef7c70fc059dd30b5d6246aa8fe3695153a63e5f94ff94d83f0ee4e1ad
SHA512 593b270d1192b420e58e22c8340369fa440ced1df4712c02570a0dcb9a9182d523dfb46ba26a070fe594622565d976a6d367083b351a00f13717523ad35e046b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3fb3bdfbbaac10851b7b6bbaac8064e9
SHA1 f35c363720c9de89145f5a21525b1e0762a17409
SHA256 47f72fb52803818025163842b62fe811b4c7be5d1d7d5185f86757ea007c0e2a
SHA512 f6dd4cc7339e47ad26486b27ef6e883ce3cad827f50f5e6b1bb79ad732ec67402bab7a3e394ccb88000cfb39f6435791ad85a0c8e8939f535a17dd7ab55875e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 7fe2c36271aa8065b034ce9efdbd2a07
SHA1 e22ee654cb122d0d62393dd8d6753d2bcad148a3
SHA256 02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34
SHA512 45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 ff5c13d51dbc839206cd6f53f3be7e10
SHA1 6bf592ab83384f7c156156edd4ec82eef1d39ea6
SHA256 2c939abb4ee330ab2bfbf861c6cb3be8c70271ac1c8274807bb107093e60a99a
SHA512 a13351abf0070712c2fc76848a9d23d9d562cdee2e1a0e3693354a8e288a445e468ff13f3e8ce1068351244d5fb7caa06d56ff5c6392c5a2430c0d28634b8c2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 c58b2ad20e02980eee174a19b34311c4
SHA1 4bd6793cf28cbb126fd1e664316ecaaefc74028b
SHA256 4a620b6860da8b770eb0756cbbeb27e44ae716c08fe8982a69f632e4a6cdc7bf
SHA512 ee2b1e68bd28e011213350af1c758759648d1804de50c3dab90d486d194b0e61682497b63f0b7152b7444e99e1f3bac8b5f2586f02dade4661f01c5a2b74c68e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 6023e5773f57cbb81b497e5ff9aa5cfa
SHA1 952ef9fb373898152d0487a16bb27b6600f9c17c
SHA256 35a748146c5afb7bf936423cfdc905fbf4b974a4b592f940402c8e568b78b296
SHA512 25479b88ae880e02d875b3f3781919693bd281e56aa3ceab5c047ae2571ae52567aaf6aae9bc3df9e2461838195ddecf35af82116d0ac7f2668da27317ffed49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 ac2c8ffe087fb82b0f2eea454eaf3bee
SHA1 c0de0c52ddbf2508310558142018ce0d0b8e9088
SHA256 82fac7169701b6a2b9f754272de2ea031166d0ba464f2e824234cf8e5856b73e
SHA512 970b5e46fc5c3e90641ee06ba1dc3fb278215fbcf21f635678c4dff3b505f2ed99198b1c989e11ed227d084ddf4210c207b5fb31937511a93a58e3c16213a244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0b4d915862547c3ac2a7d96f7919766d
SHA1 4e61d9d71536f98f04dbf1c391247596d30a342c
SHA256 93132c7dd4cb0e6369f903679b9c690a133d1c17231cec454087d20a914e2ab7
SHA512 407668190c1a3c7092baba4ea5aa940999f962c830d0922335c248ca4d5a5fac1634ebd3da1dfa420f6c0d9a3c6ce5672a89da32482ce615ec59b1098b65a4ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 55b063ef4ce0a0ea71f7941b34f7ef17
SHA1 86b80b2b9468c7681d07e0e96925e3e02dd442ef
SHA256 ae67e955f334f5fe9599c979fe34327930bc8a69f28688cf58b44ed9152af7ff
SHA512 746ebce82f906ae9fbd1218b4c6a16ecb77c2e2e291d4e13ff39da9561e2b83ff2f1fa18fb4e396efd30521fc1c4592b01bf911480ec8062a6ced0e9c48b5035

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7efd418e59593bb0dbdebae474b918df
SHA1 2a1816834b0c91625242720636e1de945ddadddb
SHA256 1a64f6311173578d8fea11670025b18fbf36d5eb0804a27e6bf8f5e6692ce39e
SHA512 72847a4fe36a9521e5cf73cf4a0fdfd3d53678c7f89965eb37ae685a1314b67cf13388ff7beb8a72d5e618b1247a9afdaa693190de85bb67c55b6efb3ab1abd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a6cacc252a4becbe260a4c7a4aa95a3
SHA1 c812624dd951aaa62349f302d07dd1e94a9f3baa
SHA256 8d440c6b9603901bdd8866fe46562f4df01de9d30e5c190cf86dfdbecd346f55
SHA512 7a8c3b927389def4e21582b67b54ec0abb639bf0aef2f898ee593985db9d66d87fd06c50f628355ee8b06e0d505484d9dd40457fb6a94f4d54256962d380482a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 5db275d431eab0943665c35a8de0ea84
SHA1 38b29a08f758a98bb025b9414f6d565d130895ba
SHA256 eb0a9c486470abfcaa4e4c690b70f8be212a16137e1aaeb87b6f90441044fd13
SHA512 9537475d2f66382eec69b854ac8a3fa877372e8b92571e0bce465ec208842552fda87147466d725ea74833b85f610d132f562faf2ee30974207eaf5ec2fd5d15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e657cc203eb9abfe_0

MD5 6de27f47e416596823aea19541ff9724
SHA1 b7aa9f4df00571723ffa418bdb57e20267a62063
SHA256 449fc93c28b0911277b17080663a3722c233ba36613346e47877c20a1c511ae4
SHA512 4fd3f6cb3305a65fa993099bae011c4404c88c6c7ad694961d86750f1c22382f3e3c691ba25f4272488889f5d287e1ce3ed5d0915bdfdad32e6e89fc2b6e9510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d4526974f6b1a56e_0

MD5 065e17ba791b8d93f0054040a35ddc05
SHA1 522e2bc83051505c0982ced01a7568482339f19d
SHA256 fb4f3d2d06541914d4ecb2de33909673be84f7f6f6c2ee749dca1a8103d970fb
SHA512 ed80b51808a28e6b3ea0ce844c70cb6bc784f070dae8949c7a58e9652416816d2bdb5ad3912e6eb923c1887d85c517d05525caf4c1bdebbc5ee766a13de19dd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 b231b682df5bde1f68f8f7c30db6d4e8
SHA1 809f8776cad70ad13cb5fc7727c879739e5bdc05
SHA256 fa962ad45a43b31d48e6e445e1f35b27a399347d37232b91d54ac4906c261a8a
SHA512 fe780828fbe94a69d25770f738bb6775c41ac2bd012461b4ada7557ea3d68b367929f04d07cb62dfb109aaefbf80b4fc2e8481988f1bfe4f411a2b0613f46c66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\55ddd064e8654d93_0

MD5 53c5d75026622eccc97db030059b6775
SHA1 4c88c15dbcc2de8bd6263db02ba22345ea2ef7b6
SHA256 677861c4380c8fec313549de737e962c5039b01aa799adcbeae1a843daa51c71
SHA512 75d9167f667fb67f5149a36e574685f5da68f775472248c471fe5922c691c4d308fcd3c4f9b40b22d012668b6ad2c04430f2e868b74a61c9bcdd84ef13edf15f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b1e0bb8586f5a6c_0

MD5 bfa8cac7ff46e9944f6bc4b031353e15
SHA1 b626185bd80be5fe24bf7c3fe90114a17ebc86ce
SHA256 7b030aa402899801b9470f76a414edbc0f3d1b19f3041cdf644a168571a6e205
SHA512 c72ccf4299fd5c13d5d061d688d3c1a9f7d0a5a5992bd4b17edb4c5790e201807169c41be4a3ab70dc68971e520c451a79fe43da994d27542f55d2a658d56f3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\417fb35d227cbeca_0

MD5 252e0bccc17c30e318c2cfcfdc3df36e
SHA1 d5dcb75861811d85912181bb8fa1293e494b3884
SHA256 99b0f31cf4450d71dc59801925cf2a2d1cce34ad52723a678d54d6736984d3e6
SHA512 a43a9b710bb12da06295dcf816c2736fc92f4495a807a5a8b1d57f4168191e35d919ad43bbd2dbda07038344b81c069454fc3c7873c405bcfa2f457c6cfb771e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e7db54d447341ad4dc81dd7280451aa
SHA1 6a114c3337c530de8727f771ac342dd9ed9c7e41
SHA256 1dd717c4c82da727c1c97315d4c3bc2f3a7e1850a1c16e6ef7edd82ae6065da7
SHA512 1d5beef431ac95b3fabf99eafb4ce7d5aef4796d59382c9e26fec00e51348165252293d167f381626f5f8becebb5caf53f3d2583f77f2ef0bcbf965f3edcdf62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2daa87dd51c8e798_0

MD5 f66f6ad5c3c0c6b7f2bd3d4d1cb789e5
SHA1 6f701191ccb42b9a11fe57ce6963deb4466e2a2f
SHA256 56c2a27262e1dc42571aac69f842cb1c59b7a971f39794ab311d697431e45740
SHA512 5bb30c27cab237cd7c5cecc2135fd57832332a7b38c27c661b0ad913741d726387077c80dc357f1d375325d4e43631805bafbdd59df81a7514c3932160da1bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5d4a437263eb866_0

MD5 df6a7f2ff1e7daf523e9b3de8025a842
SHA1 b87fd95b315779849cb3fde9ce9eca88895d5d5f
SHA256 4f4062f3924bcb1db6d062b86f961bd056936c5d68fb5c33ee2ced90ff8a68bb
SHA512 a63480dadbc8a6812c30a0d4ed0f755e00a18f1a84d48e4262ceb96e10f231f975d810bc6ee7f7211dcf68137f09db44f4fd5a2493f95d6cd6568a5bd2cffcdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\00bf9a60919b63b3_0

MD5 68e2aedbd36d97dc42cc541c0a2a331a
SHA1 37297ebfe9f438043c39b59c744f77a1c1e1fbd6
SHA256 24c7ee66e090fc401cde33f42925478dcb52dea500dfca6d16327c0a93223ac9
SHA512 09bce21bf18c823592ee52a33ebf6c4a314c5f1b70836b307967e5e05335bc7db27c7a30a582c42de743fb97f59230dff1585af8c8a96c080360aa4e3a4dc7f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b99de0c5d10b251b_0

MD5 c20d856d1ff53e899c44c57d52d938d9
SHA1 aa227949623f41aabd213c8c8906741fa208ee32
SHA256 44b39728e9769fb7cc1a59a59c208c958ca2b7c3213697706e3549e00dd0ee13
SHA512 076536a519ae8a55b8a6fbe4797d7042314dcd536c46750c5076a0caa69856cca89755fb0a646ecb65d6b94c66bb63e559cd16c24632118a7001fc38e96e79a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37c7800a43d1f6db_0

MD5 e480acd650e73a12a61069e8a21e117b
SHA1 2a933d59a8361438d7720df5149ec44065fca81a
SHA256 ed9147edb356627d476e0b1399a0490b7c7dc68b1f3337ccb19dec0af00e4ae5
SHA512 9085fb0713f043f8d45bc0f83e875ba4f59adcd69cee4a4c461f402029ecce7752de470dbbb436a75b2475de125733e31843d5e6f3bd49aedc962bc370c361e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0fb76c4c3148ad3d_0

MD5 393e9fd669b789d8abc7c3b4b446603b
SHA1 929fbd622da335510badbca8615c52cc3b3f292c
SHA256 662c23c31a076edf3c29fa568bf7a1cae66b3d283149b85a1ae26003f722c447
SHA512 7558a0e702a5568abfc99ec4efce136b0e7d6ddeb32cbac78ee41a6e5696f020de41df4025ca651cf4dd4b61fcaa8d1c596ff8fb7e37952ffbc11324ed941da6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 a5f8fe649482ac867d9e4f09e909fc72
SHA1 2553058a415dfb83b47bb831101e22654bc7033e
SHA256 b679f33031ce8841b841ca3d72307bf3435f2a8dd85fed1388804811b57297d9
SHA512 2619414c13c0e2366f05eebf3509bc6d07c3766daccefb3a3bc5d89e43aef9d9915056037555b407991237942945ee48f155b3969113b10aad312a5c4ba14ac0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aec509b936f6690b_0

MD5 3caf36ebae5c2b2afef8e8bd26a9bda8
SHA1 1dcd801cee6518d7fb263a12fbc3c2b592f75ab2
SHA256 d53851d383470d9b79414219349daf18f866737fff828f44b1bf4fa3b383bc14
SHA512 ab131765a35302eeed47d606faf8f0bc0de6f06c04be0a5869ab6110f1f523fbe3216e8cabc752f84efc16276323a1c8f0f76f3baaf7e8dd9e39c515bfd4fc83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57838308b7315ca9_0

MD5 2814ff2b6f75c38bf7b3eac681676c68
SHA1 95a445966761ba2f347fa81133bc598896e92ab7
SHA256 6cdb1e2a55f80a539fa8be925ad415210aa7ab4d05f25aafc146e209b6987431
SHA512 d76d7605cd359373ee90e60eb0756eb1a69147557b2140fe0b402be698055590927dd88bc541052070803e3dd39f22e82d5d4242deb6f1fcba47c0774ed0635e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7673384e74e7bbc0_0

MD5 1d19b981649857ce6969d8a3dd5de087
SHA1 cf72f022183ab7fc5601955dddee7e53144a6b3d
SHA256 f58456824c148049301c7863ed0fc0621cf60c50dd18e0216ca9397edbb496e4
SHA512 f159dd11387bae869e786f9236757c38a2c6edf62a391f78f09b36e11fc01bf81d038548f982015e7a7d28d66703941506ab5831834533c5314ccb0b00811a2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 09475fbb4a6b7ea545271d120b2e1ecc
SHA1 dd185017e81936a1314b622ac838ab790fb6b6a0
SHA256 eaf6ade522b145f994b8d456f60fb5ff2ce1959abe8ede8bbe9fafa729c6523b
SHA512 095a15a1435fbb41cdc23a32fae28b6ea2b2699174df8ce21d774efe38de784db2c5507ac251b4994fa9ae09d19179d69f193710431684e15b9e3d9863ddc6f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f60e2dd94a42aee4_0

MD5 0805f0b40e9fa8dda3e170f22060591c
SHA1 e78f139b0358a8123ddcd12f6d740deac834c306
SHA256 e3bd48f5fbe609018f5c654ab046b7aa8b08098877af3a9f4493fee293130d39
SHA512 a37b794a22ffa697c9bdbdaafc2522b126472e80647e9b163a3794fb92ced3a4fbefb96eb12f107e0006caed66e66f007ade6cb7f1055be1975bf7f4e0cb91a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53531c39eddfce_0

MD5 caa7e6c8fc1bf3cdfc8dd26f98339f43
SHA1 fe4cecfcf298eed69d67c1208dbf97ec831c33d9
SHA256 3b0cda3f6498f3089acf2f7e16417ccb3c11161dc7027fdc76a7043b699844cd
SHA512 1fa5ac5ff5119e67f06f995b02df215ce29e636c0b3575602b24014c1cae3b8f927225d554f35b20acd0a01e2f4c2e0f391eef4539bb5bbfc6c84bc660c00ff2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 6f6e39a98eae26cf485f7b62a6fab19f
SHA1 5b0b1a9f521b61c52c90b2f809586ab9f9f3b3d2
SHA256 8dc890459b7efb6ab07dabfdb1f7786d01c34df1a96158148a9561c445a6fef1
SHA512 54b6bad50067a579b18b5e4ff3fe01588608c6bc71d537e9f9d34a8df6134d260e394eb292fdaf2cb0b93ce16a837e97a8d325486069ef46797f9dd958ea9e28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 0110fffe24ef30495125e6045e15c2c1
SHA1 3d36c25137f61812ad65510a03826a8d06133c9d
SHA256 5934d0a896882c1e2ec0765290bb0ec95390e35edec9212ffdea6acb273381ad
SHA512 685a4b357f5e4055dfa9462c2b7207eaa834732fc2048a103ac7b3f5ee957fdc87882c544791307397ce23bd29b3331da8ee8b8bec8c347f8bd58cf948fd783a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8781fa41e6538ca4_0

MD5 82463d488bf45f0fc3877ba6ad09b5ca
SHA1 14958e60656704311c157b5e930a5a284267e292
SHA256 323dce19018c599e8dcec3ac2af2483c0adb78c42933ffabb07341a5593c4422
SHA512 e18b16e048b125fda1611fe0f734adc72952ceca85e1050ffab7c3c6424ff82e9105ea3fe5cd8523e457176fb8114a3bc7ccd21e971f89fe985c7a3a18b1a3d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 97097b5a238cb024e12c74e1ccb531ba
SHA1 59b5a39c93e1b27d364c42b74f291c47d4bc303e
SHA256 8b6d2c65d4f2eeecb3011c6d2582331fc53936043a9a9f50b21386215149543c
SHA512 bf1c2413a1f5da081ceb8dd7379c6b876b4683b0fce62b1e2c63a96b7b66b42041c3f2cd423dc21d3e0af7dda81cb7ed770f39e45af6a481834497b0fa72aa82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c37dfb5671a046f1_0

MD5 c96ed60b93929b5f41f2c6fb374ce19f
SHA1 d94b730dff1fe2e62eb8fd102bd38120947d4d54
SHA256 ec5b8413e4c2d0e37a9bc7fdccd850b10bd4a7d477e37c40ecb68b2877541dd2
SHA512 ef669ec8fc99a350b52aa82ff06595285c8ae71fdcf71913849424b1499bc6d08b6d23b68d43b88b8acc485a5c50f4e58fc78f2a5ceb51d21e58fb0a632bcbd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

MD5 c459ad4e89c9f73054a3f8280cc68ced
SHA1 21fc49009f766fa239b1061c350353dce3259029
SHA256 88dcb44360b8703328196bd4ade0cb85627d9046ffcab9e1328a5d59c60c8a4f
SHA512 894261d5ec38f8cc512b77ed7cd1fbc50c6e36e686450ae3ae42d4197eb2bb28bfa2fb13f63409b0f746d47878d590b6262c90384f8163379fd41a998fe78ddc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5de0018b24a31228a642ddc9254a8bca
SHA1 f309f26ae4e6a7d9323d5eb25282ac7902b42ecc
SHA256 60c483f2fbef16b493d2e0b008e532b51f2e1c815b3f4cc9b67c2ed44df9f51a
SHA512 f679ccd1b4f1726f9d2430c4a0b9b043d522b6c2cb8b6fa66f2ab9202e6d18d8457d17572bd3d89987d6c282212037ae47dbd45d579327702f46927a1f0c2cc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3afefa38-9ca4-4313-be0f-951394b6d4bb.tmp

MD5 a79aa441a47ffe30be70a02c804e14e3
SHA1 5157db6ad690f7d8b80e2cbd92fa0d4cdf4ee6d2
SHA256 35f2d70d024f18e2ad79735afe70ad9125d5e830b154b615e7f0c2ebee8dbbc6
SHA512 adfa81f6187b0577e183adf081fd171d4a787be174f1f016b094205a988153cd3318fb58772ebd36a4e094d3cd5bc3900b8e538c6ffabfedbde15fc69959e5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2516cc7c88a30ff37efa8b46c6817c4d
SHA1 4a434feb6668f500f6cc76f20899d86e533d87a5
SHA256 06f2e438e8055bdebc78637fd199dec4490453b21e8ed46cd1a874d1564a1da7
SHA512 adc1fb2d60aab05b916366b1396c6ec8c6f46b3400e81e54f220d3e52913d68898e6aff396a55a1e1b6942fa42d4c492398f384482df5d8f6450faacd2513e1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0c61c45ea042b43094387edc5b4fb57
SHA1 2683132fcb02b9838066112b752c9990c48a6b80
SHA256 3b252542977bd6d001ade1a157e5ad545ab83761f320bb7d97f00326e5a0f084
SHA512 9280e9ffe7bbfebba927038230c7ae78a61788df490bb4f572b5a431b454409987df0f022cc270fee3e937a7d2884e3063b13d9fe7c957921b99d5b6d622de73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 353ec0ae11ef59f4c65699ca0d89e77e
SHA1 8ed82f626f012e3681b7cd3b49970df78c948b58
SHA256 8c7371a49f4a934be417c4c5ca2651c5bd75ab6079f4d68748d0ac1a18413162
SHA512 f017720dfa71157c1f36126804710116f317f87f54247ad40372affab80d8b5a7c2a14f3a7b3821373dd990d945256e1eb8ee3a17d984c3e349e6a5a2423c14a

C:\Users\Admin\Downloads\Unconfirmed 886897.crdownload

MD5 5137651f51b72492dac95e665e009003
SHA1 536bc61688a8c44d11dc36b70e7d6522c4d7d9b3
SHA256 21347021ee20fac223a903ae5e3def2bf6a12cf66bf2db00c581c6c5cca8fce9
SHA512 9cec3cd372360fa9fe7e738e8a3b8c3d098afa8911347e3da071e02d3d90cff452612eed5deaed4523db230265e946c4f214321721665a7d9f7724c3080cc232

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 451341ec2e7a404f6536b0db61ea305c
SHA1 1993e4e2b059b9fc1fee00f3169b950704e13da1
SHA256 5b72ae0cb6e27df214562a87d946be76d9eacb703a0a6928402caf85efdb529f
SHA512 8316215e0d220a0618af1b4c73a0127b24a97b43ad0469bfbfe2127f1fae5c7c2dd53e6b8d0eb4a4ac4abb1c1737fe51a2269d7ac5e1368b80b8805d0e7802ac

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 f9f82675bdf17e29cee6a91b001d74df
SHA1 7dc41a278946d908befc392a3bac6b641c7affa5
SHA256 57de09fc4b2816751daf93d5052eca04d213ebdfe58c2afb33fc5730ed838d60
SHA512 916ff596c2821711c2c33522ab997d916e3961ff9896bd6c1a34e56b7e6f7dcd7cf1bbf4be8260fdc79ad0cc4d3b15b1d2a173bd1d1e3e30478f0481909b500e

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 a1348e7dff78bedfea730241581bd731
SHA1 f4266520fcc61d0c48c6cf4302b56ffba3570c9d
SHA256 8fbb8d50ff7987bca182d04ebeee81124379efefc31022840ac0443b3650ab1c
SHA512 983883e79077f90880f8b0ae2b86d6725f16898233e86f95c6bc2000e50cecd43ec77f5eae60272499cd5721b6076c025d8117e2de1310f78907cfeba643b7ea

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 1348519f83b41973b27b693f72018459
SHA1 ad1a0307892d3a9fcde0dc94793c53407186a23e
SHA256 ed21d47664ed2316c314eca332c259ffce963046f5514816addfec297d705154
SHA512 513b5a11381cf22e42ce78fcce5e1ef3a95b842fa67584f60f872a6cb8adc4d9bcf9a75898d8ac3c837e320cc57a9b56264f8ee3d2b11ceb5e8346212cd08527

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 aafc644b353e123506faf32cf92d636e
SHA1 367668f031236e6ee32ffcea557c8abafe54f7a6
SHA256 763a4aeb1017671d79be2e69c6eb6979af56240dedf2d50c78af550dfde48479
SHA512 2f201a37b157f400621e22f167aa56e49829b1414edc5f52d6df3c6728968691a39eb55e18a50256d0996585015a6f6447112897c1c43a683d7b8a2954d17d80

C:\Windows\msagent\chars\Bonzi.acs

MD5 9e59aa7cf10405c56fb486e78e4800ca
SHA1 bb18ad4d3b9cf31f5c5af01b6dc3f3df8573bba5
SHA256 6d169a45e93e7a9f4e3bd074217be9eacc61b54032fad04eef375ca63af2bdab
SHA512 dfd9f605b6e6d2884cdddc18b8089a1e8e9721103d93f3195cef30f6608f23c229f32725c69fa3d46293d3a470adf6505cf4b87ef518640fce3cd6b77e2a2aa7

C:\Windows\msagent\chars\Peedy.acs

MD5 855e7bde93f17a0ce622c43f76556917
SHA1 bc4a44909cccd95e2aa5f9d1ad23903dd11c1fc1
SHA256 b3b7df1532b2e2c9415d2408424b6e2056b6ae3b1d26828aa1a784f72d3a2195
SHA512 683b37e9f9809923bc8427120e9c88eec0776f25ca57b4146ac4be3518d6ecfbc0fb72c9fdbf93cce21c27b3c587692132fdc84b2d8aeb86af7585040d533f95

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 9e4e1cd9f469d81b190d2fa00a4e4b2f
SHA1 2dac0f02c05b87082c9bd9924a49352244e07b23
SHA256 913ec95d3b28f525ed1c48bf09f3974ccbb1c51815f044ccaeeada325587b956
SHA512 987f9bfea3aaaa93bbfc9e133e69ae3eba5aa65f5f1d7eddebab2f1d8d3dcbb2822f308a8e2455ce41d5a99539d94f41d1b034f55ad968b84088f475508a3149

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 a63a3b158855e93b872d5df5fd1f4704
SHA1 5a1dc3f546da956193e20d0ccd826c618d1286a2
SHA256 642f1c10429e2ef7ba23e9acaf0f0fc25f4c5cbeaa604b874e236c2ce8fc0dae
SHA512 2efd03f890916122fbdb884aecd48e9f6e16d2e6f88a2eb23ee1dbe76c9ba99950fcaca149cc10c092143ded0e0f403c555c45ff13b5465242c12f957d9511cf

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 e94487b824144e9c49bd339cd56c94c7
SHA1 a4dbe94e9763e3552cc39e642508024c7249d061
SHA256 c586a4c3fa92574b709c7dca45968cdd64227dea5d133ea59d06b590e9cc8a9a
SHA512 10c9ae3a06b93b15f2ab22212eac10bc4b24cb3561fee9133d6eb9ebe9e751f5b6ab8e9b4f8f0808210c5cc4e77dddd6278ff1c6f7f28dfe05a7ee0586064d81

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 c0818e595037e78dd5fac9ad582ff3de
SHA1 79b92d52edbddbfd5d46593b3541ff227392880b
SHA256 de71ecf56d86809ff9cfdb8c4250531a5ff108c0e66125db0887befa9f5d3ec5
SHA512 32ec4d9c897447fd230e575201b5af934068802c402b80ba9f0f0d59120099a6b6719701e896feeb03f87dbb8c5c86ae668223a7ab4582879b55fbb818ffd7d0

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 068ace391e3c5399b26cb9edfa9af12f
SHA1 568482d214acf16e2f5522662b7b813679dcd4c7
SHA256 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485
SHA512 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 2ff63b891ff127775c992c27198f28a9
SHA1 6cfed949497d16a031e29a0c37be5dd235c1b3c2
SHA256 0d05885ecc80187f9b6a4164fbe09695af3982a3086c503c8b39c3d781e5ae72
SHA512 fb808b6b4b1c61ad6ea80b27c4cc6b77d6ebb5420e490af73ae826398db418b6ad052c3afdbb008935edb91ae90b5d4fdfc2d87e9d2c54afeccb5f32c0ee2a7b

C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 ffcef159ddad2d546598e7cf7420a29f
SHA1 af88c52035715d3069d272817872780f8f9f082d
SHA256 4f90166ae49af24a72d6794184b38748c95471ec195d766530553a327c52729c
SHA512 0529f9791dba05b7aadcbb0c78046241c08f757d5ccc98edb4882fa3d70f84f462549658c0efbf5ac08e3e15acb599cc979bffe0491aceb5a021a61f2c6d6a35

C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 01a641e023d2f0393b751b8e2d2ac19d
SHA1 76e889e08babf28f95fd93c13eec0479078de7c9
SHA256 6bbd2cd98e68f7ef5ce4f31a28e5581462a944f83a6479292cf35017142ac984
SHA512 a3c87633c76190c31123083b75ea62bf07f4337dc8c37fa21a8222b8743f508e32521f9179909bdfa6d48c1d88e89bdc2ce87458fc3215398881c31b3e533771

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

memory/5664-2690-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 1cb10ecd5003ebdcc33f958b4e39762a
SHA1 e770185650a53d0674c4e6fd7088a6fe39e16d37
SHA256 5ed1a334431267c46f6427246946bc756338be5e831da961d0b06080429a94d4
SHA512 5d559cdf95aa3dbc6f033f47ea93cf0ee25339be0c40717722ff5b945fce96fd91a13c574a1c938f2739777a247b5c0b4a827e7a706a6cbf0f5f90984a3f581f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

memory/5544-2818-0x0000000004390000-0x0000000004A32000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

memory/4708-3030-0x00000000042A0000-0x0000000004942000-memory.dmp

C:\Windows\msagent\SET6C0D.tmp

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

memory/5664-3032-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp

MD5 4b332a1b235922a7870595abef346cb6
SHA1 a0a9a95768942641c0622ddf2e29624c5fecb4bb
SHA256 4690ea1b97998f45a2bd991085dfb08177dd074bec58a9e07b61e3ed721bedce
SHA512 714447bd0441587dd0c17d0af0478aea575a419a20cba07508e03785f17d7a6f46dda686f9e9462125639039b9ce526538387e8822e2705a473ae45e85f3452d

C:\Users\Admin\AppData\Local\Temp\$inst\16.tmp

MD5 38851b1e45d75c5a7489188440c23ba8
SHA1 ef57d1afdce578cbcf6c79e613c805e24a840285
SHA256 f783ade814f65f9e750acbb0bd27312cbfc86d699edfa2c77773c67094c11fc8
SHA512 88dc0680c9dc7b01c61ee7687fdfe95fbfcda6fb24c53ec643b5e0bfb3d8af9cf5dae098b6fcd22d3a92ce7b12a3f32862ad521b42e407de5be056dfea62135f

C:\Users\Admin\AppData\Local\Temp\$inst\7.tmp

MD5 420aee57b5e083d256d28e45ef887adb
SHA1 39f58e11b68f13932217b98672c4f33adc353be8
SHA256 1efb1a8831f68b443a3e3a06599e914162dc1a9b1b8f9ebc8020b40b72bbfb80
SHA512 76ae5dbb4aa3baf1df3e5684855ece03cd7693698b993a40da579c78c4cf9ba3dc4baaf699933d4bf56eca12ea2847b02f997d5d8ab8e5f267d5f4d6634a52cc

C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL

MD5 6e62806f4121eed119ef7d361f3322ca
SHA1 2265e83e068fd0bda58d0ed8366050614138787e
SHA256 0563e77b6bd63eb0561f6264badb5d07dacb7287ce029dc3ca3279a964ea6a6d
SHA512 fa5efb12fcd7d34a026b95a573c5a8b72dcacfa0c3df439e55691f27c9c0d8cd8905f0d3cad610259b9bdac474a3ed41796a91474e0ab522e78d8a2cf2a53dba

C:\Program Files (x86)\BonziBuddy432\BBReader.EXE

MD5 eea3608cb27995431165a2caaafb00a6
SHA1 45b73c03bd68be6b39d7e3737c4853db2998f3e0
SHA256 2836a35937ad987bd9ddba33162136d71bcbaba0ad6d9b1930a412961b3a3523
SHA512 eafeda44eb25ed88e9ba286d18586c56c7e6e0d09930606306ad1cbc778a4c82cf167ec8dee045633ce480dbed954e8519614692f1fd458a8429a60de9f0e359

C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw

MD5 b4d876161a7abb7bcaea37003dae158f
SHA1 5317af4e389e00103faf2ec0a1acfa2b59b30843
SHA256 4dd98f95113b70772308a4671a482b9b59bba5fbf41e928f2a833366c54424e4
SHA512 3d5da08c1c39cb4ea24b66612a383e166500dbd891113f080c66ded8a29bf8e4094c6e407fc24f873d598e13daac8c06d91ba488f9d4ca10eecbc1f51f649767

C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe

MD5 913d38cb9d132c8c92b21cff05a7eb62
SHA1 eb829ea4de07193edb16d8c0196426919c452d42
SHA256 6d80bd5a3d5ec6630e9a411a978c8e2c196f530f6a5b580fa982c5ad1622bd0c
SHA512 9b154d60352e864722c8f1ae0c0d0d4dcca670a47daea9b13b58a8cfd4f8c9275cebc6e51d755de77025e1a10115a2ac09416f273a44ead4a0c742f14e0e9d5d

C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll

MD5 6a4c7d730aed29b0405b03e128c1655a
SHA1 1dbb8dbbe7bac39196f7697486a36dedf59b31f1
SHA256 f85525a3ebe334f7403f031ec47c2b32461650224223ee728107dce0e879ea93
SHA512 212ebd6b0cfa2500add4813860c74288e83a606676bcba837d500ac30960c10cbf1da25c7f7c526cf9953ea619f8a3244dc1d5fdccb1c1577b271e37289ecd7f

C:\Users\Admin\AppData\Local\Temp\$inst\temp_0.tmp

MD5 a2f2a9fe43b569b98438095489309cdc
SHA1 4e60205b39b2e7bad0ba3df8ee4a64423c4eda53
SHA256 c675e4999bce138c44f599ee358b1acc96b4034b2013803f58ca2880d860af33
SHA512 6f2879e451f1bbd6a83a5d2d9153165e06bc9c9c8a4d2c90c3066d167cd6278b58040c714f27c23f023d50437b5c887cd0f7e131100d15bec47ca09e81b3803b

C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

MD5 df4dff96403009d1d9a8555e7f7838c0
SHA1 8f6f84030718eec2cb060a99cf74666161d52845
SHA256 ee9b75d85cb90af6036505f72a924a6c8330b7669725cc7d9035bc88534ee0ee
SHA512 032f79f98f257f4c6ea83b6a5685e3dedbe68812a87f8190d3582e38444563522f4875b75ee9c9a9982cb8558be70c4135adab5e201d4f0049d154887f4e954b

C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe

MD5 cb3d6c8837f54326e3de5a785378d388
SHA1 04ee501c85dde5cc50d95d5226986c47206cd0e0
SHA256 9b8abef3c35e5da10179eae5885d0129af37e4f506670a08555d98e80e7e8d73
SHA512 1631fe45cdb9105bff280621ff8149cad872c051992b983fc4d879f3fbbadaa887f3b822f88a6e8c12ddb786d960207d743a7e608d7db7ba3636e7091bc345c5

C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw

MD5 9b909f17e524b7fa854ad4709dbc349a
SHA1 c66425f2082a88bbb248287128a1cda3a2fe7ade
SHA256 f8cae184ce04d906e348ff795aa20f6ac26e45ee41fa3de16c6985b291e3fdc4
SHA512 7124b6a8e66633c9fd1fcf006528db117de605ba7378b69fa6c7096f01a9f6d5757093a40e196d3e6b987a3ed4e96fed531ba05971974cd3143205d31e540dde

C:\Program Files (x86)\BonziBuddy432\CHORD.WAV

MD5 e913f3f2201c09d938c63f10dc535bb1
SHA1 1e326ad6d1c2c538c429235006e0fa64f9aeec9d
SHA256 1cdb5e4d203f61e94c02f5eea5008289fb463c02174879887fc62574b34c12d3
SHA512 0838a26ee0d918cad1cec431ecd1ebe431f559951ccb85161823d234ae4157f0699d903af178b4af2d70046b04b29509bf1691f57c021f8f63dce579cbece233

C:\Program Files (x86)\BonziBuddy432\Intro2.wav

MD5 125f1998a1e8fd06bb02f6168b0445fa
SHA1 d65ff4d8a79e47122ba872ee3f4986df7827766a
SHA256 1d648a27a0209959027567f793f8b3fd18a103b64e62eda3f20f11192bd0dfaa
SHA512 62cf29c85efff23449f2cf0985c1eb5d71111bf5332e6932129ab9e9ec4d2fbf819851fbb9ea73946c24fa6a1715d1aea6eef58c5e52de340128a4aaf5267c56

C:\Program Files (x86)\BonziBuddy432\favicon.ico

MD5 e1a53bb79bcf97ae324b05552c1b3ca9
SHA1 5ee16e7d9fb3473df37f1c318881a59b1bf2d9ef
SHA256 d5343ff39d29ecd9b60fd31cc60321b2d4a36001d5d1ee24f6c766b10eef0095
SHA512 1c8ac8b9a9e8e063f572c41ce9a7aac91dcf956763859716fa68247c3774cca00bf5aebd5dae3dfe6c0ef1a961cf640f7ad3c68965ec9d8b5e0d610b77c29c80

C:\Program Files (x86)\BonziBuddy432\emsmtp.dll

MD5 365920b74d38322571e16f66686ef56b
SHA1 d4a112bcc048526d1e6b7a6841c059c63d23d4f6
SHA256 743857c8be216893265c231ad45f4ffd3babb67c024ef8ceb5a698e292464263
SHA512 f13a913e09b467a929fb25da3fce4c9eded9571c2f43d6a9365de4e86f4183434d643c32f35e5ee4b8d7798b5aa24beaf3898d61e92daa4df35f0a31ea338164

C:\Program Files (x86)\BonziBuddy432\empop3.dll

MD5 a0fdd2077934c34f08d48aa214da2c4e
SHA1 9b9593ef99515aac8665c6da73deb871815d73e9
SHA256 f198ec842cf9b9d1e9e3f4bb6864fae7eea98d6919e0c6609e139e00c262d6bc
SHA512 2bef50a54f8c06821e31771bac566992f7a8872709b8a993322a43750f19ccad773dd9fd88f87d819d317845ccfe1b66087c2b2bda094b3382e6054ccce2f62a

C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR

MD5 35c46be741382648dbc6c7241d1f7148
SHA1 24fea5f70e437ecd40a37035d2e1ca3df293d0db
SHA256 56ac8a4f90686b433297712de577ba68e0970458dee218764ed3acb3b3560f7b
SHA512 ebbacc846af47d3e955a43291626470c73296c874b7d80f0021ec577922f29f453ab5794925b6372b8a75b732677d7c27c16c1f8728ee60a57c66dc4a6c4d86e

C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR

MD5 4c273ee71a2d85203ca95387fa78a315
SHA1 195a066b030685b1fb8b5e594f6a77889a1ff3ab
SHA256 2a9cbdbd1459111eac43d2d505e7828108c68cc5042c97b4e93d235962f8ad59
SHA512 6e833e069f410d73976c97031b61949cfc31e81df7363e724090f13a5a2306496a1a15aa3ee01fa1cff43cf91d37d191c84be293ebf6ae7c1c5c3b55cee06724

C:\Program Files (x86)\BonziBuddy432\j3.nbd

MD5 0b9550caef707aebf17f4c17a7e0f424
SHA1 06d91cae8ea9324f76b7828d2d2e9455ba2c6c7b
SHA256 197cd5e9b3bdec70314d3b3e5ddb5ee41578907a8a50d9ad2fc3683ff271656f
SHA512 d1cfda4b4d82a7cb0571e4c70dc5b8f4b2b19406364568a45e18dd68dfeeb1f37f4237b43448b0d1d12cfd388f54bd2d5f9390510593173c0dbcfddafcf18735

C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR

MD5 6f8c402777457a1cc7b7ca6f7a7657de
SHA1 b05c00f28f9185ffd43c9ee479976382c64adbfe
SHA256 1837a9f0653a4093e448de37fdbf2bb0e4c3e98abb1414b8e60793a2863208a9
SHA512 777d34f5e4e24c4f053050a99e00c6a7065bb89690c542362eadce7552c71005b6a7de0fdb20eeacece70610c900a1d51b6485332971d598e6c0dc475b228bda

C:\Program Files (x86)\BonziBuddy432\j2.nbd

MD5 788b0ec30cc5fae75d2a6ee0a3ef10fa
SHA1 a879dc350bbe79dc2cae04ee804fd6ee9a1f8e1b
SHA256 c032c71a49e0cb05072602c99251e6b1d76ca2db57120fc402b93d3392df7c3c
SHA512 df5e1097db5326c168b0c840b2d598f82caab5138d30f899233a777e7164b8178e4ba9934eb0c32029533b6ee5f72c07fa279fcd93f8e11d4108485724abac1b

C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe

MD5 07239776b0a3ff88b560eaa387bbb541
SHA1 163e8351eb561918cd9abe5e74ed8f7e362fd6a7
SHA256 ca16981fc001cdff2005fbc95d843401ab387eaffd4bb4043e837ccff8639a15
SHA512 6f82c60f51280ab66c4548e6c27691dbcef8ba7349406d1796ec1a5d637cf8215af26d52d14c8906792209c39fb4a446a3f56d42e37a8ba3180560c27c78281b

C:\Program Files (x86)\BonziBuddy432\p001.nbd

MD5 89baf0ce132d54517f89e6fdebb6764f
SHA1 41509f6bce097e434651148a36012cd8c66da2d7
SHA256 6e39e8b14ac5a0dad47279595406a49c61c6748f16f4e69dd48738653e50882f
SHA512 2b3d3fe6dc4bddc34005cbf461f27e10e7a330aba645dd27ce787bc79ff28e9627abd3adce27bc8741ed160ceda9c22fa0c62d9faa16454d6700437eb72a6e6b

C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL

MD5 4e86f6e372d5f823e457ee5358b46079
SHA1 75bf76ac7de2a577532965c121aa0478076eace0
SHA256 054fbd3c3a31cea5c69c78c1455d19d2f3486e07428ea951f107d5dac3e58d25
SHA512 73b55608c748479ddd4cbdb2046488972bc2e9340e8c6fe6cf9d0d9badb344de9f5e7ed66f508c47db402d9479066d7f0f4644ba6551cec6318a5a5a468e5087

C:\Program Files (x86)\BonziBuddy432\s1.nbd

MD5 4e4d3a1400a1d0bcf482fc8da711ccba
SHA1 751769e1582ce3a057ba6fb0270698a2a48d5dae
SHA256 abad946feed68057f15569c0df432790b0c19a21149c8f07ecfc99fac2311616
SHA512 13b04814456172ea858c220c36d0c066286965a2bcd217c0216788e3fb84ecc1c007ed8f44124a368400b858af584a2fff855919cb7bb3fb195da39abb0e675a

C:\Program Files (x86)\BonziBuddy432\Snd1.wav

MD5 7cf6069d29b9a66bf03ba1e554553fe9
SHA1 001de4b7b9082f951e782efb74601d8e0447bee6
SHA256 11863d5b7fec50e3ca69f74066b68ed389a18b6990394f3ed21d6ea0e67262e5
SHA512 51414f0165ea67fcd96d0a5b2df1b321882145d3d3dcb146a0d896a3a0c395b2538cb01b7c27ce106acf65480d88bc5d2aba19e9ad03430bd756c5047f33d08d

C:\Program Files (x86)\BonziBuddy432\Snd2.wav

MD5 bd183af23b343b2789e61f03b536aad0
SHA1 66db4748e6214fdc4642e3f9a6bc4218b24ec5b4
SHA256 d59c9bc27494b2e68d5efdc1798dc5442f364bef46cfb1fcdf4b3b032358ac26
SHA512 ad5191eddb6838ea7b9200bc7a10c06e0a41966ba627a52ccd5a4f1008b1b85edfc63939a264822b7e1e9caf40e3428ddaaaaa80c82bb5066afe802d0dc52211

C:\Program Files (x86)\BonziBuddy432\speedup.ico

MD5 6c9011742ff814f765779df48147fa58
SHA1 5519c010b4af11452d126439d9e670ef68c77057
SHA256 aebda70076ae40f99896ee71d5a476444e91974a215663161b6b1d89faa3ab2c
SHA512 766005a4cfd5edb960346316725c1c4e427042118e1b702c0a67552b8c2de3a376ccd1422e0db0a8f955642a7e2686c70a266f01362bd17afefcea9823ce5d70

C:\Program Files (x86)\BonziBuddy432\sites.nbd

MD5 a8e5c2cef7e455ce4f6cdd601ac774bb
SHA1 0ebe0f1ddbdcaee08d4a5505b6f8a329022e554d
SHA256 5a8749440d441766dba442097d5956cd7bfc0f3bb1fb46d431df341bba1a2778
SHA512 186a9146263011c70dd8c342956564163c4d496b938842eb2c06382464ab9aef73e5cf87dd70ee2d8177d61c1ccb3fb71510b5064b18a014b394322859fd7c3b

C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp

MD5 48121e4f763d2badb816d57ffe54183f
SHA1 d1e255061556a39e246e265020af21f9c6dbc910
SHA256 7b22a9826f4882b32d9970e497d2a4df51b95afe2a785ba48a70a2fe5570f9a0
SHA512 0a06654ef70b58b4b6766eb78bb139f57d1837c8ea3c9365de6c150e7230638ba47996a96c2d4d74de6a05e6bb765b3a71fa55af728f9889f122b386c80b40c1

C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp

MD5 dbe2a8cd192a693f2b4a0c4295ddff18
SHA1 07e02084b6add48a6064a913be30db09ef274f12
SHA256 57a864f2892748903992f3cff6080c38c9021e67f95b96a0fb21ace01887f9dd
SHA512 e5be6c467b0629fe9cb8f933d8866bd58bd0e2ddb66e6ad3bc354911dace51417a6533138295746e8e48c165e28af60ac0735f50a38cbb7b154f41b98c64c63f

C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp

MD5 9b6e1bc5a87b90732f91fe4fe0a7397a
SHA1 f3e503872ff2be7b824a90019edd9e175b22ce94
SHA256 68d9a37cd35e7153d9a33630e13f3b80369ddbf9facc4e4280eb27e5c3d7add9
SHA512 3fd67162a9f53be7284a1c9b89ecf53017ec82bf8c6e4edb683e9629410ba403246a594c028bf90113beb3e2a68351a1f46fea3c1d42bb64b66727795d5b5267

C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.bat

MD5 51b0404cce6d36549605f5674ef09bf9
SHA1 9fe00a443f136534667cff0bcdc4df1d5c033f30
SHA256 11c57b03dd1a8bdce3f15d74af679df4f7091fcec57699a09b47c83bca35a1d9
SHA512 49b2c8618da03690a62caf405a4e062e3bf28404b7f411fbadb8c4e686189447e16dd9d6ddda197ec8483226c630b02954d8207541a3ff18161a8ebffdcd6b57

C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat

MD5 f24f62eeb789199b9b2e467df3b1876b
SHA1 de3ac21778e51de199438300e1a9f816c618d33a
SHA256 e596899f114b5162402325dfb31fdaa792fabed718628336cc7a35a24f38eaa9
SHA512 c2636ad578f7b925ee4cf573969d4ec6640de7b0176bf1701adece3a75937dc206ab1b8ee5343341d102c3bed1ec804a5c2a9e1222a7fb53a3cc02da55487329

C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat

MD5 a187448694701f15f5ac836a258cfa78
SHA1 b47137ef4b5613a8a0bc0fa3e3095177cdd2f35e
SHA256 8c2960f58beebab3b77bc4c705e06edd1620083ac9614368a4244dad7a4a89f7
SHA512 fcb16cd4fe4c009b01583111ea4f4e14d3fda17633af45b1283a562e12388ce16ff37690e5f9c5ea69c7955ce0f5880a099b08699ea1c8192452a9e89327a6c2

C:\Program Files (x86)\BonziBuddy432\Options\test.vbs

MD5 9673c87fa79561cb2ce31ea780e12985
SHA1 b20a855defe4d05e2e6a74ee34d8188d44772c58
SHA256 a49357c09b87f39aa3e7c1560de48e2a070f315399bc7a7337f7fa75f8b8a455
SHA512 cd30be0ef65f02e5312ad330c3879dcb695fd6e68061792302908fe9ac35c0ff184a870eb9e67b3e942f0a624fafff9a4554c1e45c2136761b64a7efef7ff314

C:\Program Files (x86)\BonziBuddy432\Options\registry.reg

MD5 06730e009063976e92ca3155dbe21542
SHA1 1904d9b3aa4fbc3f2f21cca4bd15ab031767e84c
SHA256 80088f8bc82b3facca2daf7066e9cb78e4bf0aa81c57f77a500a75e137c0b411
SHA512 98c9d5ce10ee66f533df8e8aaaee42aeee2475f3a7a9cc6fd4cf963313a5e85da154171e5f1f41024c4a3249f78fee946a0f2d3de69c80393562f6dc39e8fef4

C:\Program Files (x86)\BonziBuddy432\Options\menu.bat

MD5 f04f8720e413478c181ba2cef8e4d384
SHA1 a19137dad529e68ebaed4fecfa9a9018c7ee9de3
SHA256 b65d7b112c124ab6f1927a72244160f83e7db7a5c948ec0b325f237a306db546
SHA512 b4d82e3f29f26c45c6533a56423c5770fff0217cc7237073e02df1a3a36716b54ac098aec83d64e1b1994350e1a0925b045a11ea6bba3a80c0fe94ebcde9d8e9

C:\Program Files (x86)\BonziBuddy432\Options\ManualShortcutsMaker.vbs

MD5 c33abdffe5e65874ee0ed59b40564cc0
SHA1 48ba2360d6bd774acf7019bb92e85460ccfa5059
SHA256 5c724387b4b1819a197b0d06b88394d7705a7311d17c8e29ac76e3b7439aac1d
SHA512 fb8a22f15679341245a576077fc29fc0ea03577df1270382c8703b168af7b941bdd956adfc574a501cb771272d112e120934d7d4f45dadb6608c40cf53af4a83

C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs

MD5 c594e329508a06ba5e89adf59821f9e3
SHA1 093a43a53d0129f5f04ed5bb48dc09ff21eb1a00
SHA256 56e8d6f1006029624a8fb9b09cdd59f137eace19a122b82608e047613792de76
SHA512 c8cfa8560ed0ccb534a7b9626ea3b7dad13aae6f73276416a7f0183d0aed942f8d9f4b19eef7c64493983440603e1bde8e18428e0f93c5d5dc11dd947ee008f9

C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat

MD5 510937646168fa292f9485cefc3cd4fd
SHA1 8c70a305ebf5af333c5def9f4e9e9d0bb596d4d2
SHA256 999a70147a3115502d5b47c2bebb6731b2cffaba93be49502034eba06034f412
SHA512 244cbd347becd971b5da1e1909a0870003a4a96d811208f1d528df43b43de2a6e5a61ce9ced00690b67a2556a5a566cd3057214df8f3cea4dd8675e8b1726864

C:\Program Files (x86)\BonziBuddy432\Options\fix.bat

MD5 00403d6181d3bc1782b9e2108d372d56
SHA1 bfca4357e50788b265d616b446664fe8ea9646b5
SHA256 11c81b5638de403ab4bc1cb7299f7d46cc68da7c608dc971be6ff984c7391b8c
SHA512 3895c40d018673663f1262f04f8962376f4d1e71753562afc4eedcdeb1ee4dd92bbe56b9f1dea5c4f45884e53c046b7dc919b6e87d1548198be2b9baf1dceb90

C:\Program Files (x86)\BonziBuddy432\Options\chose.bat

MD5 81b125b8da6edaf2f80ff3b90eea5981
SHA1 a9c9271e1ecaaf7fac491b3afc16e8a19eb9da5e
SHA256 c191c970e39a53ae342515302c3bb1579ef5247ef76e8d2eb948000f2e5e0261
SHA512 75d5dcc3e31a3d5e607365c4c46a9694b9c002037437a1c75ea3cefd8170f4e7e7ec8246224df26118eec2f9dd6e6891dd59e4d23fa56c9b6ac0ab76c4d4a550

C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat

MD5 2966b9e9451b773573200add659bd660
SHA1 86d0a8f276abfb0f418a5b809e6733d8215ead4d
SHA256 18ee11dc6a159dbbab4f56c0a552fb3d8ab5c3c18fc1744516dfd1cb17a293d4
SHA512 c4fc45247a1068ac83eaad571f97077871ba2b7950dc8affe30759790633f09618ce92d4eafbc5e224b52ddc0118931afd72f6ed0be2b29db9224d865bf3394c

C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL

MD5 34a3b31000b28910ccd2a759a885cc90
SHA1 a9a3f6c09af904036bd9607179ffcfe3c854b3ec
SHA256 ce6634b06d190b964741fb8dc53dad631a1b001a46193567e0d66bb478713b8e
SHA512 8b2631718b65714df93672f1cf5bfb16f03c3240a85f13d8d0dfde8129af8bb030e81f07f1c63daec78701b1ea7a36ce82fe8a7fc548c4600bdd27dcbbb31961

C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs

MD5 943e197d47fef0c8ff3bbdaac77388c4
SHA1 51d0ee2cb206cdcb0169d492e6c8dd6c604bb124
SHA256 cbb7267266008da6d58707bdb91ee3c57bd208d0653a32a8e9b5a7f7080061ed
SHA512 5ad4e13e9cb321f9a23e2333d9dcc846fdf3d1b65291784fe310eb653122e17c55d48ffdab91b90f2c772411ca6c39de99f045a6f2375b5b140212db20f232a1

C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs

MD5 159d5892d949c6f759b5b17e99d38494
SHA1 4af96f926d6bacb966c8635239a9b3719007898b
SHA256 08583009a3ed2b1668f729edc48d7c8eeba302a7f42fb5c303a97dd38b747041
SHA512 d3b4b913c60caa32f9a2201011ce24c7118266396bf7db2bf5fece2a2614a879d75d13c15b273b863a29b52518a12661bca4064e39cef403b5fb2de1f52760ed

C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe

MD5 7736b7cd493bbf7bb4bd3c55e3b980ba
SHA1 bae4991fd253749ec3a6e2d723859229339ec5e8
SHA256 69abb7e6b7737ec88a6a3333f7b593051ac16064c4d4d9d1f510a9e151c9b36a
SHA512 13637cf6a178251e073dbf985a41126f3831eb54e1fcb1521cd1402b7e23bb675466cd53213ba32a0a652ddee48e28b20d64dd632dd1a268b68da36e0f693f93

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg

MD5 7af7a675721f50492623d54c828fddcf
SHA1 bfacc606197c260dfd3d5c60c6eda264cbb1bf3e
SHA256 f08a95be88f1a893ef2989b258ab5699e49978776012789a4bde7056710fd45d
SHA512 f049cff2a6e26b36dbf389b2625c272d35af4110f89789c1659eb6e13fefd057bdd7672209b3d693c7e0c2e31da376f47f892e7661579c333061f13a04613c15

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg

MD5 7455ce480dcba6cc511dd8f5dcc7c3f8
SHA1 5395a1c85e25f2d33b545ae62f7c2b0d83a5eb03
SHA256 7fb6ec96530be3754466c0c7a33c5302b8e38dd9d1b7fdde8c32926e98b4ade6
SHA512 2f18c07f01c7bf6c7e8d5f6d77c02509f7da56a120d57e072cf9495dd54b23143c33079c735cfca2b7862d7266456447f4d63837b86310a964cfbca9854830c0

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb003.gif

MD5 ec0b47d2d9057ac9d80a3f7f6367de4f
SHA1 228c3f34695afaf8a3c48e9268cf49d93a94db17
SHA256 95cbcbd9c41c128ae03b8536ee229771a8a42e3cbf57faf4697aaabe98c11108
SHA512 8a77ee085dc0b5065789757f310f0e4b02b9ffb4e00ac159b6e2bd4e6b6fa634344456b6958998bc6905dae95bfddcd3863dd0504f6daec3dce685e260f6dbbd

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg

MD5 13ac61ed6148d887ec6571e181ddb11b
SHA1 c3ab267bb353460da4c8505f343078bf97a9a6bb
SHA256 e42286e86415ed7ff3f5206909cfbc2a8111d9aea7160b06d73e71072f8fa8f6
SHA512 cc6293db93f1e3d503a91377ca03c16701aee403b2c704ca9e1bac54c06b5ab55ac5a63c1951051359098df42756a67043a3ad09c07ce787f27d108eb8bbcacc

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg

MD5 ceb7742d1bf22a39caaa45cafef4a7b1
SHA1 37efafae5d2326cf52644304d4a06fbe826821c2
SHA256 bf164e9e1b512dee0902b66d39c9e8b7a9bf8b25beea206d593c93fe60816502
SHA512 18fd22e878e4931db7b62a9a61c75c9c540ff769c8ac17d9dbe56a2a335f7d07fa945e9f69593c219522e9bf00473b4f1784b96c094fbd3aa35b2e1d6ee27958

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg

MD5 20ca931b49f42be729c409e5f4b719d5
SHA1 54948429d371f838d5c24817736442350941d4e2
SHA256 a40837d0619a98a96a5a5cab016ba35694914607665d6cdd795ee0076f56aaac
SHA512 196fdb931daa28dadb29dc2404f61ae9cba007680738da87fa7fd425e05778454286127dec4e8756d88a73f27e3267e36eba19c731f73dbbbec08c4adfccb079

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif

MD5 e964851042773d0809582fde155b22c7
SHA1 6d8879362935fb3ab9364feda8fb78d30cc22187
SHA256 6078f5e78caa39fa31eaa23ab37e6939003b99e67a0c843335581cb8ec7c824b
SHA512 887eb03eb987df9c95b17ba93ad044bacae6dc9354eb5b994bfe0cb1a5c0959d360b3437f6eb4c8650176cd4cce9212bc5d5b9ba40359c0c33429391733cfd85

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg

MD5 a3bf21eef4dccfd537856c47e8476db1
SHA1 a748d1c7f4320ef79471e5375548d08824063a58
SHA256 62c6f4ee6a937eed4c0d93ba1e07f290005e4a9158da345dfd64656906f7e0d5
SHA512 497c445b1ed3afcc04df7a07f7d6f22c127fabcf8cdca936a5ed54f9d828cd3cc2a423216e3a7dc0bc038bf3219b70d1daf48107dde0fd7e9ff3709853042659

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg

MD5 3ad3093c88e7c3d5a15fd2bcf8951abf
SHA1 968617d0c5ffbaff35d5dd38b222ab9645987827
SHA256 0244e5c87ea823b5741c101129a3ab8a5dcbad798bde86ca15a838a777b26b67
SHA512 53b2631b75cc7be8a6f5d687612521a4443ec7c9b6111ec1605c04ce2b04abb674962f37485ee3590573e62b7bed2b5c121d8f6277c3eca0f965b25e0ccd658c

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg

MD5 a9550dd62d93b2e7dfd2fa722311038e
SHA1 d9a8368accb18dbd0e3f8dcdc224f34e026a1e48
SHA256 26040bf12d19bbe6c852237570e9a3722cc7dc7b11f4f2633aea014287bf3153
SHA512 09d849af3361577a64bc77758193f1094c10ba5b443a7fe5ca81ea18daa5ffc9d871ce1e5585c492ba571629e02286055c0fd02d0fa29715118fb4fa7f64e8e1

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg

MD5 b08b80d893510c78e9830c91139e4370
SHA1 82c85eb44e6f3cc710aa605581c3721673c41302
SHA256 a5b2142913ac2983dbfaca6bb6c6743c762cf6c2edd3ddc2778e7b23ca0cc3d6
SHA512 dccde152efd04624b45b32f48e9f9891cba41e04871d06a72e57a4c43a1c497219c726347741382d07c79667515883329f06ca3511ca2655cc5fa5bb19fc7631

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg

MD5 f333bc11d62a7eaf7cf4f0ef71078863
SHA1 389327a5c4a7b86de347726a6ab815eaba9d53f2
SHA256 ffd5d52c98932d4feddfecd7aee546860c7fb46b6209dfc203e51a07c395a412
SHA512 9cfc8ca1e0fe9a5c152738494ad010aa35335eb40433d2b0eb2825368d5d23147daf636436c2a49f244cd101176678cd91b895bebca640372347758d92d74651

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page4.jpg

MD5 3f85711e30645829fc1ab0e2c338ee59
SHA1 dce77cd7d9513f092f6c2517d735444f678125db
SHA256 256aba539c9dfc725ecbb8925aef9e75435ce034597e16cdc21a4275c0ef814d
SHA512 40b19fa25a18b4a768811b6fd3decf10fbaffedb9f267c4d070c21871e49c01b511a07f86d09a8fb41a57c28c7cf6fb2944e202d9c6296073aef4ab47439722e

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg

MD5 f2849d9e002cdfb7f49fdd599814d399
SHA1 716b514a999ea2eaa130e09bd194bb2464076a08
SHA256 a3cb8b835b33194095574d7a0eb26bc11f92189711abe86785918f848999add3
SHA512 b2e4e55fa0f38193e785f3c5938c76aa538d0ce111c0197f7112b8713e26854b9f599df277b07cf0ff9f726d4af526ed754d5338791c3f339a41779fb302d31c

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg

MD5 b2f5bf2956be990bc111501337664892
SHA1 8cbc33dc7081d0160b18b63eda49c7f75d808bcf
SHA256 5fb9f37c7bcf322d4108fa7b424e54bb40f8dceb6016bf36c18d64003bf32635
SHA512 cab044b0eebddd9caad310c9770b13be0801f9577b3dad7c23c724eb82a643aecf8df43d2cfa73b1a40746cc320ad9e0075be31faff0417f3d3d5cb0b153b610

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg

MD5 e9a0531812ba076f8610f9f877c5ed45
SHA1 0e92eeea404a592a8a1f3297bddc3033d3c26405
SHA256 178e4e26ee97549199d6765c4823cb18783f40b60f78f1b21eceb562d4d4d20d
SHA512 255056acfe726570e2e9e7f607e9625478b455c8c90271c9e57a2a65b81ff2208d225b9130e7e7642ef04b73224a888a86e0852450b7d8d35f9eb0b95340a9d1

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg

MD5 e84e01b21f58d34424cdaa9703aaacfc
SHA1 1e573d629799a349cb02cf83588ced99f66ecb10
SHA256 993824753ee0f99b020da4f5f0bda4b14ae0e5b535be14eb24decf398b3ee60b
SHA512 bd079ecf06e5f7b1295110cea78ab63ab8c2d4bd4657f785771e94d57b994b3f80bb191ddb6327c69358a6d432040a4d60c217c83a564b0e2ece1bad763fbd98

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg

MD5 b6332a8aa3afe8cb87be5284c263fa14
SHA1 3b5c9b7750c0c8349d6549ed87e5352289280918
SHA256 1a298bc3cc19d27f7f6213b19ecd238c044f631ed3fcd93515437a66ce165ecd
SHA512 51d051afa48dc9db63cebb1f7d532df6b46c21e296b41400be0d641a78a59770728222193afb349e7851268c6a98d567c94951bf99ecd7dc9620d05ec3b57c47

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg

MD5 236ba278a1c1af72d6afc1a0d58f1bbf
SHA1 2642f8d0f4dfb84128975f53a84406aa9d28b0cf
SHA256 8a040d1a94ab158f7807ddd2b9aaa0dba7a3e5dccfec6f2bea35673d29017de5
SHA512 8af7461e6fc62bae79b9ad5d2a08daf644f20baa1f67f861632dedd65512dd64461a965a43fa529e0848305e3ae03b409f32e6ae8f3c134e262183b9424cde77

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg

MD5 01be157e8cd1fe6cb4a7003e78facbc9
SHA1 312658eb73982dc1cc9983fece10bfe9a1af3795
SHA256 f8a8b2816920237db53bcc287a704be0adb43a55971f3fccec2925fd9dd143df
SHA512 e01474d0cce75963799b646860de1bd434d1fb282acfdd38eb262be7f1940974518b09803390d9a8814074fc9c4f58363be999b83c7c867a431b6b24e6f9ba89

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg

MD5 581f82609b4884e89379b5b09a53ea14
SHA1 a76e7bf6bc9f98b54ebbdc33d278e087a6e2bad4
SHA256 6dce70dc115740d5d52c0c0e2f1811f3ca457f5a948f207a5a4fccdccccfa365
SHA512 8928b9961e4c43e8817a392826585c63d37fe596b1ce8565b1ca935a96502347de85fd9a4ad4a71b1a3e649c61851a340634a0e886439b411d50440d103c2d21

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg

MD5 0a1bbb7bead7a0dded90b8e4c1b52342
SHA1 49a94562c37da753d7b1f2f74ff9cc11d1c6e541
SHA256 fbaffdfdd9ff30177d1da6ea5335a57fd31320158a6f659e1d0eaa433dc0df3c
SHA512 4d6b7087f45ec4a854d84ee41bbbe9f72df8cb370bc303507dbdbe289af4c24e548afaf02e813307251470ba6627455dadf6d8c235ae0f611fb684662e8b7c27

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg

MD5 bcb18e7091c9a053ffaad154a796e22d
SHA1 48bb71296fe3d9c41d1423bd90a70602e14cb942
SHA256 ea87cabd9babb2b7e6791ac98451545e98051f5a3a65dc2021d41b6dc07e6441
SHA512 feff223b65d7cfadbfb83d2451672aa8d100de20274958f868649d9c92d8b83e43468041cf4ad2c20916edcc82ab1a3bd41740736e979168107fa07ae215fd4f

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg

MD5 b9a19f739a5abe70ea04ff265d56058d
SHA1 2d1232622417c444c0256fecae26cdd4d16af125
SHA256 6b3f8d11aeebf4d407e67f89e7d81d166c705ce6a8e9850bc9750306729c6f27
SHA512 973fe510824480f51603d4ce08af9d7054257ac5b30c6191b378716e8f1c611caf3f81089b321aaa378212677d1ea0e1170c14a1618b647b14959bbeb9ea25aa

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book

MD5 08e382c1440b50b8e997f0d320f6aad0
SHA1 167090cdb5c2a7b4b0fa63a0069b9e494c266a7c
SHA256 20a1a9d2a70aaa2d33355fb22284cd1ea5408824f93ab1d22f2145a99978402a
SHA512 b0b6714d134b33a78bc766de89dbc01980aeefae397903f96d86e6f7b0fbd81711028623bee8425e0a483f83a801a2fcdc75226da3c46655aa146c8b4fad7929

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif

MD5 934535182612b7b90377550f6f1a7a49
SHA1 7fa2911dc190050ed7059259e3e55fb3ba3a0956
SHA256 4e7c34f76e045cf1acdc64071a7fe2d31fec2864d89fdd87e3d79e37dabf30fd
SHA512 44c2191ba807d53c0cad1a3297f5a114f15d270f80cb8900f7cedb432165d2f741f66c05bb724666a534c917782ce3108273164e3afb13d7c311db9f80d8b9c0

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif

MD5 1b853f839789d4c8a1d47393c06b1f25
SHA1 c65cab86f2dec503fc5caad740fbd1e81c1c0f3f
SHA256 1341f0db796d31c7382655362a682a45f00d5160ca149ddb0e13444bb622d9c9
SHA512 60f523d36a5251dfa8ce373f046e246543b8b9b44b1beead17d9f2c6fb4ec6fa1cc3557c1342b1f8e90351d69023807ce415afcd92733845298f3e65a9e93c48

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif

MD5 07d266b7a8c8499c57452f6c50046167
SHA1 9e63e66164e18b4e6e151137316d92872ef9d470
SHA256 f30c86b0ffc248ab421f3d2cdf6dbfa1d7c3504400a8026b8548d8161c4fb081
SHA512 f3825788af9bb7c20e094f3652fea15b8beed76d78be231477d7ce4a1d13e6162ed451427f62d60c5bc7a434e539932fa7e41b81ef9675a749124110ba766a04

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif

MD5 501eae9da0aebf0c28706d3e3a831f17
SHA1 265db0cdd91a9f77dcb6d0d23884d74adc068ecf
SHA256 e113e023fc04095434a417689f7b436a4e4120427c0f7368beb89e48e6ad6616
SHA512 7fa85df145f470b74a2889a06d39c48dda006b0f85d13b8b8da5574ff8ba10d18965b57b5e6fcc577b09ccacc723446faff0a6b0d6a3ead512fb6b4cd8237501

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif

MD5 f1d401ed4184aa59fb75fca83e854fd1
SHA1 f3742178548022de8b6534817ff90c88e76ee6f6
SHA256 92d4e729520977fe8c3cee533c7e259ab5ab67810f36c557c747ca821bc19ca0
SHA512 e745de3058317d6bad692880afc00d9362619382a71d8ecac79045d3cd8d37aeae91a2a4eb87f3fac6273f75e6f80b1809c2bc9d0a175f5f0dd7fdf5904c3685

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg

MD5 60447490b257933c2de36bffbdfe1f7c
SHA1 375aec1f6c66453b0f0968dd497e668ea1695e31
SHA256 db7027e0f7d02fe75874ab15de847352099e36bf10650c54c860e4fdd301d418
SHA512 1bcfda7d1a75e1f39a16952e99f27bc042601b167caf230eb7bb78f32ca18ad9be7670708f6c5be99839fece81bff4d9a6aceb753335644e49edc77d15464bb3

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg

MD5 9e3f913b8b1a04af35cc01c338489f3c
SHA1 dd5b3ca18b3e6d8050a01fdb9aa40058c2625b81
SHA256 3c814e53b65c1752145f3248bc0996b9f8733537f9fece5e94aac072d6694364
SHA512 c67f602b4b76c88bacefdc86cc929a8cc043556e575ea1de8a3ed0481dd42f69fd9175bb39c46632078121a9e21149d7c41b959c4a9c5c0ab6a4fc4f3258871c

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif

MD5 a02aa2b82db348be4484ebe052d448d3
SHA1 08c3c37acc48fcfb2a3d2a99ab4f0bca732e3225
SHA256 86c740e67613e91aed0a45aefe643b50a3c763761264aab026859f3d1be20f74
SHA512 bf83bb918b8698d33e12b518f6e0558cacc18bb6c0c55839778ea7f4446a141d2904fe30953ed12c95193c598c9366d4c79795a68f0e10a96b57f03fca42c482

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg

MD5 4b4178dcdd926771e2d601f07edf1e55
SHA1 3b87b64c316e43c46466b4b5b5d77112a7d6caad
SHA256 c64ce0ded53d511f9a6deba02741d37e5c96e760bc34b294f546931c14d8137a
SHA512 beb93360b8c1e3373d2fdc04afd7fc018033045918cf0587eca94ba65e4361415b29f0c779a86101ef1146072a88e2763552cc20c877b8816841a67d39a0bad9

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg

MD5 05de4b67553680cd23c5fa741b6991a0
SHA1 13123c66da9c4997142e991adc6bb952cae57713
SHA256 d8333b0964148b5263793ca0493f40c373a47ea53fb3fd637f1431f44c414b7a
SHA512 56be6cf453fe8c346d8723d2fc6b3cf5f4d1f22b5fb791b43a4fd9196308fb2163207e58082e5a764d52647d5b13bf846a2b47a1912dbe44f6cfcb3f7f7667a7

memory/196-3717-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg

MD5 91fd681cdd4a73a0c0dc4da4f5c2dbc7
SHA1 8c4df7e7b87ba388d065a5732d2a48f2a2b4d5d4
SHA256 38be8805a0cf6c7d34cfbb7256242d3e0aea0f3d36185ce6e73c7284bdd87e24
SHA512 e01db87b87da9b4638ab9ef6a01c1440ca2a2c678563a0ce8eda219989092e43e94dce53778ce240296659a3ccb923a29ea142198281c3245cc5d2ed666f2611

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg

MD5 fb612fa0ba27a05bdb5f2afacc5c9f74
SHA1 8b7ea2536a030b69c0e0ef578dd30897f4078768
SHA256 d635654cda3fff19815d46e1ea912291adb2c553933709826c1a167b6b77dd53
SHA512 b86f8ae215a03d8f594197245f11617dbed4ca314eced6f8c7a6502e1313849a5d1ba7e08e001e8514f168d1c8ab7bbc87081c183ebf21608e086140ab74a97a

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page3.jpg

MD5 37d227a6ac8680e43df33ff6df5865da
SHA1 9d6aa22535d62783962c46be95cce2562aad894a
SHA256 45e619917f11c27e495813f5b3df036cbc1c022f8af9af174c3e606b0950fc0a
SHA512 993db401842dc987be8baa61b495b69bdce4764aeaebf2e67bd38b0899d00913b20ca1cfe686483dc7dbbfc6c2eae003e97d1b8888e494563df514cd84efa758

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg

MD5 5ab46cfeccde266448fc395c13c18946
SHA1 7af4f9f9872c1c54100db865951bb7d5be5b413e
SHA256 102bf8d718bc7fd52ed450f81f4810d2af5d9e76d1f42ee983eea70b7222b529
SHA512 d744ceda60881c071c68602545bfc48c164997196518df9debd24d21c30fcace4e8300bb8e6c7e4dcb3352d3a60db68efae88769d850dc3f1b2afb018c44f9cd

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg

MD5 4f25fd90fff473840ef608d23efb3967
SHA1 76e3b424c934e67d35fac4419f8b5561ba1f133b
SHA256 0f36eb4f571237452098816d03de25c9081625391a2295a5db4cd0a01933ddfc
SHA512 99b21e3431865bff3b9ad871a53a874d382b8612f1651198d03190e23e189dfaebeccde2e85ac8b59148a7c44487187ebc4b86c5c9d08286b3e27497a4e57306

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg

MD5 3e720f815cd37130935c0be313d7fe4b
SHA1 7005998c4541f6da091379f748af5394fe2b221d
SHA256 e71359b05df80c15916fb273710c8a87702af891b11734663cf538a6baf0a32d
SHA512 b665452711869dd9d774a87daf988041b5538d6bd903bbf7038193af9e13ecfbad9420dc50f03486995b76082c07d03da5d67a0858d2b0325e51a8ef8814e295

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg

MD5 628fa9eb07409a1cbb50639f2c6f29f3
SHA1 e1f92ed329cd99f69112059b8f7e60879ad4ffc7
SHA256 8882f1cf6f0cae626f8677ff3d1b415a5df88f32b7e6f94690a5997823b4916b
SHA512 68b53043af8a63a559bb1f3490a05d604bc5bd54e38d9121bb5730c12e8d1a6a0100ddeb86b705e0f6f38f6dcf3e20a3e8ab6e9b062a3c7e3d3429712a0c5735

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg

MD5 d8937305db2397be4d2d5aa50eccfa18
SHA1 a9e268193ac84de7383599ae766d4ea7fd2a6321
SHA256 b5c0c80f4c8f8b83cfde14a90c04b7eb6c3cd01b1e8dfa92e398937c90e0e883
SHA512 9ad9dd0f5f6f005fa411550dd2fa649e3dfb2e4e179a90f2648ac66eeb45097b7e01b927488a61e9010c99bdcb4b07ae192cd40e06648b97a3aaaa6f754ca511

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg

MD5 739c4dcaad2aa6951b4c6b924d4078bc
SHA1 c85b0346d0bb95817ee94042b5e6bb4c1dd7065e
SHA256 01006d2e7052d985101f0bce9c901c04fd55cd1cfb5e2d23385396f7e88e8fc0
SHA512 a22e34ac31a6b8d98f8901b5f75faf0f5ee5c362781bc81d3135ef48cc63a30613f6db120b3716ff0094fae016f0be231557c41e31c6f40f8ea8bb2bb7d2aca1

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg

MD5 7e1f1a4d240a827c40e9f3cd47d169e8
SHA1 a8587b711a0cbe45d6821750baf584d629e8c8d3
SHA256 6a584c706ff3383b476fc4e55e7c16f0661c30c622237094f302db2f6cc7238a
SHA512 30586da3a9227a91fd3437f9fc1aed54198a805ab970dd221bad7aa6ea47be598455ae54e3e5b664b01f60fe99736196f42fb832a10613b570ad162a4647bfaf

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg

MD5 e86ba8546995f30e9dd40e363f7de50d
SHA1 4cd4146839f61ae3709849a33a0bb95cba76d9ad
SHA256 dc60db3b80e4c049bf870b2ce9981fefba35fba7afba5e60d75b9c0dac8ee141
SHA512 88b50c7f7257d9e58f554e1d11cbcda57e30f56ce434a240f07152f6cf85ce4369e0185a9c3c96b18b886c22f35fae1383bfc79fb2d8c607659cdf5e19a5e450

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg

MD5 5d7dac6e837598fca17bc6dc6808921d
SHA1 8bea5a903042d1ca004b3307c43f4aa9fbfd27f9
SHA256 6623c9cdac71de0076ec405505ee66671423752ae1c4d107963b41fed6234280
SHA512 89c6af39a469efaf80f467ce910e9272dfae0fe0ca50ebeda8ecda3007e39548d2b8ff582cd9a2cca075ffe309b4103fa723a73c5f6117c8f0720e3124d1080b

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book

MD5 e2b9604a4c6c86aacc681d8e2e6b251f
SHA1 39b684099529adb2bfb78d0dd1233b03c9fc6528
SHA256 486c7e2d25096d871171fff1906c65f98e8c1fa888cc5c18558140f999274d4e
SHA512 6ad292e3d20dfd42228387181322ec6d4622d35b85829910f760a3fecaf110a93f000e3cbdbc575cf8a95f6d621af04b973e7c027667f8b9adfe90273464c632

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db

MD5 91122bf7c12c199558ac2f24bcacbcb2
SHA1 bf3cacf426b9e76348e2f4da0922c510cc83c004
SHA256 2637ab06ccab00a9b6937c7d2c02e42a46d98f4351bed5236801ad3d3cad98f8
SHA512 dd52a1b2edbcaa11adab884de710edba1f42b47c53eb872cdb7f0710d550921a831aa85562a3dfaf1de9275b234d4f152e5c35350bf42674425a83c6e2db1da8

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif

MD5 d1bf19f98e5b064078d2fdc074d9893b
SHA1 ecae2d5f2c6fe28e03baedcd84a27f0dd4ca51ff
SHA256 3a91e9c0f4514096923eb665974724e63c3037c224ce156be44cff2c1a35fb1a
SHA512 883f5327d6049237a66895b4d9a5e2ca49c8504582dd35201ae0e7de3262f2d729e3b7b1f4c795fd2d5d6d1cd89de8c3c3b0d3ce297ed6ef5d3494fb378a6df6

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg

MD5 f7a203715b8a65b20855de0ef6769c67
SHA1 aa1f011ce44d4beee0d29379dc17a8e09ad7d22f
SHA256 215a885eb08f1cffce16c785be47456b38d17fb1485ede519d256d3405fc58da
SHA512 5fda653e314001e6c27df1507bbed7675da23fe883af9c28cb3aa5eb5fe9a13438daa50bc87114a5b1d521b74265f91124baf60a301bd634fd9c06db91845a56

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg

MD5 1cd4763792731c95bd42cdf9ba1d7563
SHA1 ca99ddbcd46da3f5e8c2b946f1e2f3dc3a93b22c
SHA256 82bf1e71642ce92294cedfaad9107c10f1a4e1f913fcdd2eaf7b3ce6594101df
SHA512 35a5821f598cafcf619fb39e09b8d9c8d5ff8631897d57a3c098e5f6c293af693fb1b6d76b8c2bd6f0c9cdda0b9ec6cd31a473ae3b672d42d117fcd3ccc47114

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg

MD5 55e51b0b399dfd183b5fff6b51f5af84
SHA1 f665b4c226cfdb5407e3cdd58201521d88131595
SHA256 799e45d8227d2a9718fe85a3d3281cd4f0ca47a634e72dfb3beb253968c438e4
SHA512 a5c55f96b72a870ff79d0b8d56275944f069735e5b46df6ac6e48db1457e5a56633d8881bdfe574868e3edff1332b18d785858ab94dd5f492f034820d293cc0f

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg

MD5 5f122bd591cae0eb94e9a6aa30059354
SHA1 336bf094f4d7b91883e01c228401ace6533bc187
SHA256 30a17bb3c29ce5fd12f6c26ef6d6f6adc019be7ebe858125ef5682a18452186d
SHA512 6c99e11c8f7bf79114ab5c612cbcce3d7d4b0427e23ab25fd9cff02bed53b08b7b582dcf37845481259fb40a07e9e358ba79fb34f245e1380481737a934a0fda

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg

MD5 f11574849d29f607d21a21b28765f686
SHA1 3546773053192e0b4044561af8f6e322f0eb585c
SHA256 0824f38b3169496765f8d1b6cf925af47a1b53940c7b1c52e4f30cd770f5ad01
SHA512 1c67fae3befb86a371dd546c42a6da18abcc23b36bf811c885e0972814a7338ecc027732b1e9497183b7340c06aebc17098abd7fa1821ffb38fa572aeca27e1f

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page3.jpg

MD5 6f5cb5263b60cf2ca44f87faf8a51e98
SHA1 774604cb4230782eb551a4a37aecbece3fc4f4a5
SHA256 9080f1863c1c1b92068972bff9b7dd81b5abd314216f832879411d09b080de0c
SHA512 84c9f549cc7a634005f99e731288906eef432fdceb25396a90266a765721009ee8643fa84466392b80b60d69b5b798e75218691a723e5601c962300eea5c46f6

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg

MD5 1501134aa82fc7f1a967560b85518ce3
SHA1 b39f0a515c7f19cfdcf35bcfa03f46387b2477bb
SHA256 e738143197ab2c1655345f29a3e89cdd65250d4eb631cfc930fb36abc4aff153
SHA512 286e45a571d8fd8a999f65ae571adf4f5dbb9c715ec70938689d224d15843e7dd8695f3c94ae0a5777f4d90416787c37400dd54a9d0ded4e9a953afd7a2f5b53

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg

MD5 e0de2c8139107ec64bde2b51f61014aa
SHA1 cbe82dadf635d5f8e4321fcf5000064884814085
SHA256 1cf3ec993c10248ae71928616ed8f6747be08cfcaa2a5ebb8336eb0a83bbd992
SHA512 35c48f95917865178c9636b44c6ce9916f0c5911f81545f87d3a2a481e8ee22a35e8cef671b44d5e3ad63a399f8f5145b2a2fd43d131030e4ad17fe1bc5928ac

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg

MD5 447002498b5ba164f447e955afb8b85f
SHA1 fef56f859c3889f2fe84e0381605a7bd975b9ea0
SHA256 8a84938419a1f2a1895e482d2343cfb84a21ba2cd0053de298ac9315ead17dd9
SHA512 368eb3e01791014d64b5e2409d6f51e367d578ed4b44ef0a779e2fc09fd79c73cee3ddbd4ce6df38641ad90afb117e115413f497e3fbcbd43bd299f264950c4a

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg

MD5 746b6a0f5c5cc637ff48394408b305e0
SHA1 de128d29da3918cc229d595091c2adaee68718c9
SHA256 5c9c5b27a5104c494e657cd9d1d17b58338c3ed34dd38f51ad3a31d935bc88ee
SHA512 f43374471da73fe8839b87cb9b857de00ebb7ff573096eb37e9ea66dc8e4d444c03b67971dc6a65fb5d1fe88976468452e83ade73d4e4f6b52f41baca39fee57

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg

MD5 af87095f0801e28bc9443aa19953bbbf
SHA1 b66a33b500769869a9b4a57cdf8d199e8a0cdf47
SHA256 ee4abbebc89abb59e830f51932dc25bffd87debdff9813ce0eec216bedb0cb9c
SHA512 f3bb8d9e77e18dd37eb0ff4b94d92babef0830682338578f851766913c0f0e2b4f5283b260f2bac7c6bc8e5736d9dc8c74e872392f96b493197f1284724a506c

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg

MD5 e8462a12a60c127b7a231218cba2ca41
SHA1 c922d146f8111cbe053df6c7fe2241b4d006047e
SHA256 1c2bf464976420ef71b59dbcb0fd16c20daec31f0fc5c03dbb3a4a5172c35712
SHA512 e2c2319dcddefbfba1299e3e58119077084c6c3b7f0eaf1d12991cea6510207b0d44712dd214d2f7fd08ed61520697908390b7e7c20ee0920b4766be0d6520d9

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg

MD5 a4ea32bc6c92c2cf5cfb2593f72ca463
SHA1 22ad90eeda027f59d41943e93b2ce8668baac676
SHA256 606583c58aff143468c40e839c11710a9558c47b94d5a86d1151446f4c137404
SHA512 8d365184033b5fcf85db7c6c5fafb3e324050c96eb954db9bf2758e067d0513d7dd0754c1d9fbfab153ad2d05ee51d7afbfff24ed7605bda745d9a2af705fea2

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg

MD5 170d89270e03dc2e7da9309abc47988d
SHA1 80227ad1bb344c35e156dd953299aacc9742a0f3
SHA256 8edfe12a1d8674de7922a53aea1c8acd93a4e9b516e5c323f128e963aac974ea
SHA512 0b5fe93a12362dc8012dbd31d95746d3d4d4ab99a219e0ab49861116c13b6f5d347e23c6fad323d533b9ec11001c57774ed7db84a9a7ac916c0426ecb44fce88

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg

MD5 41386e0f455fbb9776aa8176b463b488
SHA1 5655105d8fb1f6f0d20ac2f0e154c5af9dcf581a
SHA256 314fb3fad61f23649e79e63f3e0644dd8a0f8fd219e489f8d6d2ad7893e60f0e
SHA512 b887a0fbe312dc5bb7c94f21327d8bb09f440ca3dd5187dd65baf0d75670d4e665e4fe99929c0662d4e95a3123b4114ed66fa51ec3575f7258a36163bb30d3fd

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif

MD5 7ceaf70c43de87fe8f7106c5c024c6e8
SHA1 72456f529f2e15112a57609950d5909c38471c61
SHA256 7fd940a10524ed7aedb21658407cdbce0831475a51d7af081f1deacf9816fff0
SHA512 382d8be5378ad62d238bacc4a45b93728d214c026afdd2a23a3854392b8f6ba617ea2e477c583d3de843d900f9a67d557b437fadc99dd29980db41bd6e09d3c3

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif

MD5 b9d7d09a834dc4541967ab78f7d0fd03
SHA1 9581e21ef862542ef9f6263ac81377c7f3469b0a
SHA256 84f12116cfbeeee6373bb94a0d878e134fff50d598d6f1578f4131d23be3703d
SHA512 a879dbacb814e1495f73a8a56aa46edefc6523ef9badf3d1845b6f9b234bb4daaea8d9537fd0babc4412c577860a1378802fe0a1bbe28a71283e4d5105c4176a

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif

MD5 0c47d03a6d75689e2f84b925f87561de
SHA1 4782d1a60796d24f2406e35d18ee4c8fef59b64e
SHA256 963bb112090949111b885ab790c9e032784d9dc6c0fb3388f47d011f5bdf6c7a
SHA512 c4e96977c2adfcd69cff2b22ff802bda3ae0c0ae6bfe3e2f1800a430d2f06749e450b4a39132be3e58c20e39e333eb7c79386ab69e8efbdb6256959c4a5a5feb

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif

MD5 5ff48f51be9c3bed3e81d908c08d7135
SHA1 7673287c411d65538b7e60d1e51a92d1acbe4d07
SHA256 f7eebb0ae58ea8e64160bf2bf8bab0955603c0208c3bfb760d89d01088f042c5
SHA512 c73ba4a996fa14f3ea9e70f6a1e980c3cb0d0ed57efa8b8d241a99ea2155bfede9d898e6404704ee005c9de130777a4d2c364012398fd839c5966a476ed05d76

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif

MD5 03ac2cf533ad921fa2e570449c398d60
SHA1 b77a69ac67cc2ac113d997bf3c3d4cacd60b193d
SHA256 47f4755a428995775089a622f33eb54c4505d8a6ad7963c6de646de0b2156017
SHA512 74acc8d75fcd3fdae5101b401e84042b6c04b3bd2347937d007201ffc9bcd06b84915beab9f58b3e1f0c09d9f49660eb979ff1d0d75db1e3396c31a5ebd0a794

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif

MD5 79a9739cb814396f6cda31b59d3d87bb
SHA1 2993f8102994a1e238cd48541cad333ed950e88d
SHA256 a16ddc10725a33dd91e617de97cfad7372ee33bbdf195312b70b1d10194b68c7
SHA512 2a3e5fb4e102134aaab34d72246b194bba61b630e5e6ef7ced96574a137723cb716eb1d9a7350b4981048fcdb1f496d11fdcfa9edb5007aa06731b8ba09c62ef

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif

MD5 62b85bbb9df60349a7c0d8cb06e090e4
SHA1 4c231a467127d6cfc1118fd51a0b0220296e255a
SHA256 b5cb2f91a884e832c0eecfffbc4b0f6920a67e0513f3e2ac9130bf6b744ad146
SHA512 87e6608e33ec84ce04b20a44c69d1da3ca9f70b7f8542739456b27eb1d8c589f3cf6f22ca1b4777d0135e55f2f7e15cc5306736a5231bac81acb6b5d27f14134

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif

MD5 517e6ce305c098d358d27e6a606a4e81
SHA1 1f90118a88f4593ea4dd748526180f6c69ee617d
SHA256 bdae04f6d7694e1981771c0a76fc555009dae6e56f2f11f8fdff87b2d9dd0797
SHA512 044a47bb0115a0b8ec905f4b433acf00866e5faf4349e57aab219c80641d24dcedaed17a170d7bd7eed2e2727daf80fa6eebdfb95791bdabd1dcd2fc80ee9b9a

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif

MD5 76a8d032c940da779016d3e356401758
SHA1 2d60e50d4830e1355863544effef81a153867503
SHA256 292ace5abc773d1dbe3db5c3a51d42b11a360e22b17643209b30f5988e437761
SHA512 63abe8edd5bb928c4b594aded6da4e82efac7ea7ab086f2e5509391b1e0f5cb3fa6b965ffa4ffd342869d16d02b4c42e8b2c03b6b4a6fead8de581624d8643cc

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif

MD5 0058727d44f8467d8283250a0b43556e
SHA1 f2b42f0abe25803dd04b87a8512de171034c27be
SHA256 3f5adbc7bef95ac98d78d9b2e2f25c1b89dd6a14b02ad0c6801de51fe1e48843
SHA512 520620f5b52a062d3b37eb866cf731ac0eb876683d929db7b84777c40cd645364c2c715aad50e87951ebf483cd4f45efe00319be1a36d63248b4f4d9c611350b

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif

MD5 0420a172f5c3b557a58b9f51ed8c6249
SHA1 07c58efb0135071854091f6b3c504b380c971dd9
SHA256 741f4194e099e387d5b81753972074c2ec9944b36b442ee90f02f2e05a49e2f0
SHA512 eea3706f02d068df6e7f6744dc391400950cd635cb966fd224bd7818f140aea02e9389614e18887271cec6a167e699c36d37d2c972724222b9cdf978176ed755

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif

MD5 618feaf37b7c85b693ce5ae0ac51a508
SHA1 d648be18ec2d54a7fe5e808517bea12e19a70fde
SHA256 0d177be82265d4458b9ab22efc15418128742dcd60488a5bdecd5d334164dedc
SHA512 9ba910a321de102eb56662acd4236030e64fdd0c026a8a81724b21ab0c0a9b6be7a45117730fbe27eeaa49e22a9ac746d48a8399263c389a338765d8afbdb0c9

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif

MD5 b743e2052f735e7e2f132d2843e53641
SHA1 edf2545d4279ebcb965aa42523ef4a93cbaf67a3
SHA256 9f93891fe6aeeea23b10ae5aa680fd44e408b97ffd9df65cf0434fef1b049af0
SHA512 0a16105b057875b105f217b40d8305feb7039f5222d7ecae7c329ab1efb1e4811d4ba111124b4bf5cd40f6bcac843a99444795dd296cd97cc01547cb4cb6cd20

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif

MD5 794dedfb9768a5272ba8793933a3a44d
SHA1 010de007d8aa5fc21319cc8506b2d20565b29520
SHA256 d68e785094c2f0016c735ad9ac891e2ea2b0b30b4f30d800446759ba0134b7ac
SHA512 fe2f5809f1cc2d0b3ac310a8b732ce4e014353056005ee6681c13181e3b9017d04f3ee1f8ba39c97dac00e944bbfb684c65de42e2092689d9b0f1c46d15e098b

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif

MD5 b8d3f236077a74be9fc38fac772f1b16
SHA1 35f80cf295803363451dcf80c8e1f2b8610785d6
SHA256 ab33039db90f44dbb3c9967ab157f40805dd68311a441ce5e819c286a3569ddd
SHA512 a88b469bf08324ee4dc5679b4e8c574ef13b76be70612de910df088ab2bbfb177a6a447d622069735108562aaac68dc4ea745577d4c186412bfe4ca08a0feffc

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book

MD5 5e8dc6605c8cd8a06497a5c22574c3a4
SHA1 bbff2a4f492241359c14b3a7660153c8c0312463
SHA256 f4b69039fc2e5827377bfc2e650623f2a1d0959e462c46e8a5502c68991cc641
SHA512 c137b5d888fbd5de91cdb7ff8baeecc5d3d1c193237a741a9741991e698925a89f7c623c7142a53704b3e0764b9d3ba28a9c93b455583b71d096ffe8e4ad80c6

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db

MD5 4c436b128feda301505e84bd00e9aace
SHA1 61a3bac625abb015cc8e1a6397107dcaabd9866e
SHA256 5d21bbd3ba16464b5ae1327867839f16eb5c161d60d2b5a81bd11a7f8075ffbf
SHA512 82f0d1a7fe5a4274991eeeedcba120fd16924ca02ee69b2668b29a108a26b6c2ce7c3bee3d289e6281574f57ca4407d56025cd10142b9fb28cdd180d22c4e42e

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg

MD5 3e93b462fccd9533c2dab973f717a8a2
SHA1 b0d6782f035a2d7e3de57a8260275586f3acb852
SHA256 ff19988ec62abe0e0624c2c5f91994d59c050b32217d680254e6b7796b6e8041
SHA512 8622968201a10bd95388426dd6fbc0f41a650a742de4ef07c315555064b3cf135525c2b3506dc0af9a559707567af11ed7ac48694cfc197d54f06bc20dfdbd13

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg

MD5 a25d8068b62c373ea11dd9112857e80c
SHA1 bdcb6b8a76f4bccb664d93522eeb4dba9d851d2e
SHA256 544e8923ccef640c4b22499319ae5eff1b7dbae862e0143c40f6e870e9159db2
SHA512 7262e93d05b675d85119d85ef8474eb2ec58828c7ce0ada1b754d15af918330ee8858d9c73ef191b5bc7f50c84ae25047a35186ed6685c7c161a4aaa925e7354

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg

MD5 e77e17381f924ec64b43a4e9cf881cef
SHA1 22cf59e2f8745f14909e5638f3c2d07a68048f93
SHA256 94ab8fff641c839e81860b1c3b5f28cf83ed86b5285fae14f27a112c03845d24
SHA512 3da3e6b949e61524481a288012ba71248d787760208907c3d0243239e3fbcd661b579c3b1c0f06a59b9c3de589a612da241433baa4a970b723b9e6c065a0d22a

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg

MD5 a644394a3090320de4583a807fb71ba4
SHA1 a54b6542e5fda980ca277c40f24e2c2863b4840e
SHA256 a336ef4a9682e6209a47821007f4bb0ee2afb0e0bb2c3a15ef7d7c9928267aef
SHA512 322e6d09e9f66d6ad8c81937a4716512bded93ef2ff164bc0beb1f7fabd0866e4ea70cbfb96e1f96b9db3c224bfe444d2369e1145318e28fc5237a7b53f12e56

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg

MD5 4ec64b5866f3e42edfbae14d18fec0ef
SHA1 61a38083b79dc0f56408b692db424ebe424a863f
SHA256 3048bec5f4781d08360534a96ef7dec46a076cdb83cbfc1ecd84a157cf95f9f3
SHA512 d1c268fc46aa14dd77eb42211deb620ce07c512f14a30d7a47a2d3ef30db6981f5db413f1cc170bd414a4f252cfa3243ef196b80fde0f04d4efff5582d51780c

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg

MD5 9ea27ce1ba44be65a1756799a906668f
SHA1 a4420b616beb0e2f5166471d655cb7cdfc866e27
SHA256 b961e9334abeef3ccca67eead97cfbd6eddc857f3d0a411e1978e22a14c27aa1
SHA512 660413d845cfdd583555e1b8227849f4605ff369dbf07fb4c7085dae3aae1929db1b265326b7545255ceb52729ac072f83ba1a6a455ab582f5e14080aabba32b

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg

MD5 1895fe2f1c64a21f45f4b14ba9f4ca3e
SHA1 da08d8d0ebe04c0c092166df13a1af530a968699
SHA256 973f508f18f8c79dc0ae8810940d79ad3b46939ea69afc7c8864897d4cc284b4
SHA512 e2670a834f6a963b4456bab85fd1194516c05e4bdf8ccb7117e0d0181fcbcc98f3ab8e40ca25df386e25170f728ce72f690c888f8dfbc37151c9dfdb27aa0e26

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm

MD5 c03e5da83f9638627aad803869f8e89b
SHA1 a93e0f8abc90d90cb1b1caca5d96ba40a3f896de
SHA256 aca6a7880bd5a465d896f9d639e4a24fd93722d5d1f1b5bd08cde5479df67158
SHA512 e100cb00036b6d6a25151ce0ceeca21654509ad23a4e89d244ed0692cc83e45bbf6ab6f40e8fdabef8cbd4782236e0f76ed54569d60320b8c8c541958a754962

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg

MD5 f9de53edeb7b5b9f1e59c41637553cdb
SHA1 7db31e8a8723f0b940504087371c50cb6953b9c4
SHA256 e43ef38555b187d9335c77d60ccd215504af10c626f76e4e4967fc690b6fc300
SHA512 3a7be8b1f7c99242c381db4e0e6e52f3bcb71ac665d03ac81a93bf8f801335a6018faf7afa0d9d61bec7a481132f2541991e12c2e8d1d7a22eef13af955d9d64

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg

MD5 b27f0a5f078782344ee60345bfb30b19
SHA1 1e2d4ca315e01e9625a906ddffdd3c336596c432
SHA256 2f1b0d7ff847c3987ddcd2eb432c8311bb148de5164b3d96f9f9a267d412079a
SHA512 58ca3d5336b9a37568bf0dd6fe92fee7a2ba6ecf4d24c66855f0f6dddbc402445e0830686f4566ea73eb1ab2217bdc15353979f4028654b06c8d793b15a87c82

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg

MD5 2f0b89fb6286f9cc3d4f698cfe915d3a
SHA1 fb613a71ba544fff7e26be88e8c5316daa99fb0b
SHA256 aa9acde92741388db556b92bb3b3c7052faf78984835d4e05f3ff1bb44c07a3c
SHA512 742841434414a05d9f5985674268c776123c504b38239f5552dc4e4431254a604e678f5b818570dfd99fafb905fcf052fdcb614952ff9f2befdfaf62453a36af

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page13.jpg

MD5 3b53202999c06a3fc163ca659dfa31de
SHA1 73fa0053205b67920f7d3e6eef7fe19819603847
SHA256 43f4e85f1c60b73fa8252dfc755e38649e8d23ba8a666a83d0cf859b0920f4a1
SHA512 916aa4b595a91e13a0b1bddac0f9fedbd131fb024d0a925628fc332239fe053615298f5c18e2e8f4319f4d211c5d679aaa91350f5a781c8d0f18cbb71b3eb58c

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg

MD5 75ab958c17806c34e8bff5833816ce56
SHA1 45410fa635d296b400da35cfa90e4207e43b084a
SHA256 2f52d995e111b8c9ac693663a03ca0545861e94c53c7110270d21ff10cd4876b
SHA512 7947fe6708c45109befcea84019b5f5f84ec1a80137c1895045a38c9151a525df283a47f9f300a386df992492b4f4b12b8a8eb2f0f9c98f8e4a9660723b53c8f

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg

MD5 deb89b81b2655a117454893c71cf39be
SHA1 1c573f99842e46abc56accd7cb4d7f4b0f93d063
SHA256 1eec3c97c806459052a98661e0bfcdac4eafef0df5fd2af6c4c53916156e5eb1
SHA512 83536ba1b85b1822544997be4e4ec08e79684a747de5b2c1af3751d75d7dc848e0c743989cd5cc6996d3d8fad918cd7cf6420796d793e77c3261e58d61736107

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg

MD5 4ae333c66ef5fefe71af37c161ba20cb
SHA1 e0ddf6e7d3535847a507099280cf892df5c56742
SHA256 170bdf6aaf4971f4a7f8647aff13e586be00dfcf6f102ddfc218a28b55fc855a
SHA512 0e515f1e9b461267ca6c48be6874279d1eb575ae829ca2d1b0579d85f10e0249587c62d5063c3ad32416f1c0d66cb9d650f6cc58f27e10cf934430fd1a5fdcd1

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg

MD5 66fe43801d34b46bf67ed75989779010
SHA1 a5f48e93f10129ec8b0ae0b71a3901229d936fb4
SHA256 bc48c07bc245bb7a7561c983c72851bc2f48cae594472c48d3447456dcbea804
SHA512 0c3ee73b3f1009140a5bbf8a07b059db37bdb30e673d46b87992541b4f96545f663b083c97926da7dbee053b5be557186aa9ea6e3a7deb2d511daa5f9f3e59da

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg

MD5 2f86991655a07f1e0ae608ae69c8de62
SHA1 89885605155e2a4162bdb5bd0631e01e350d7608
SHA256 4b0d3ac6305c56e814e87734d3798a4534b639fe7752a20bb398fa9eaf59bfd7
SHA512 1843da571ee2ab31f6449e94698e51445e458829fe37b98c8967e9d3572a06811c12438f3b7cb8e908d95dd583429d69c524a50bdfd0390a84af0ccef5f2b552

C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book

MD5 15ea0525b8eadba671e9d56306de1b01
SHA1 056c306d935fffc9cd27e2db200c1efddc4155ad
SHA256 79acfe9005133be613baa6d85ff170ba9c4a7109d8dabd45cc5a39bf7f32b04a
SHA512 455b5b9daff01208df7a6cb2f24820130064dad73d8b34184a7f114f07221d2c5350c0e6b46ae5a0452db58fb95dfb27b20cfcaad1da2ecd9c03430f8b071966

C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE

MD5 46878602caa5debb728c0f740aeb45d6
SHA1 63237b1c8b656712d00a1e60a062a738f376a95c
SHA256 7b05a46c786c91492d154683259c229aa9456286f688da18d4016d91625bebcc
SHA512 4b20b82a543d19932a1b32629b7af3f1dd820211e2350d5fe1ef66e07007fc0717919ec509b5ff6e1495f0511433763198689df4c820e08c3df0029ab74218b9

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt

MD5 5eab14a5391248bade4c546b26e04db9
SHA1 f00f4103914cced6aa612547542b7278b7661430
SHA256 b29f947446b61c80e8906be02b4793010aaaec5ab3c7538cc84cf0cb0b49631b
SHA512 e18730a7bd2ee8fbb8c08c1258b0f7b39a7c0dec218f2c18bdc5f03dae7f8dcd31826af6373fbefcebed5e44b65ee8ae39d989756791ff9686115086813f7ae4

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe

MD5 dab11c1ec076ae976ea272136a068c6a
SHA1 cb8f7b3a2bd2148067ab1f2b9ed7e84159d5f740
SHA256 fbbd27df902483f524cc8ef269155d5d0d9828b12601c011f25322f87a0a84c4
SHA512 b9a7482a00786fd4bb47d59c0992dee12ff3a3d2d1815b2bf460cdbdb46f816d7e68d9cd6334c1d3414a0c4b2789340ba51ab1e22a5d54f7c1aabe3dc632d01e

C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR

MD5 d58e9150a9a022012c421bb8229385d3
SHA1 9c1ecb6c18cddf731003e805914534635b0476b5
SHA256 a994e2ea053542543b647dc81d6e0aa7fc7585311b77f5fd76e13b1bd73a67cf
SHA512 90ae9db622ed832adcab70aab7833ee8eae4f18b006b89d5982586fb492a797f7ea0e5cdefde16b6929168f0db80ff56d49a39c53ac744e4e3487ef84d44f7cb

C:\Program Files (x86)\BonziBuddy432\t3.nbd

MD5 132adcfde600f76d5f9e4e8d45b5d936
SHA1 619164a1f95d6f5c8286fa2ea7ab5513c6d4bb2b
SHA256 94c638be958f83325f9b96303e050383881959f509bc6c4afacd890db3755672
SHA512 b3bfa48570fc472846ae11712616ba63c6fef5994f04d463ae06cac6dbe5bb19ce43816b0c4b15ec37bc537c8c24d747757df116dade99d2f3c42f0f312a021a

C:\Program Files (x86)\BonziBuddy432\t2.nbd

MD5 3a538baefe6893b4997ffcd25f339329
SHA1 c2d3e1f16c663c435735cf27a6e114f5b2f85df7
SHA256 87d531d27e9987f39934b0f093542790f25882c9e6e20ca554ca0405a16a4acf
SHA512 e9eed3c7a0b9935e769b56d430fc6081e63f97a7d9d0df0b1913220cc0519223353ecc48b3dcc4a0147f77741d0367c0ba9b8d9a56645c1f03524399155c8c50

C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR

MD5 877bd06f8b02ff562dd476306d8bb8a9
SHA1 ae4198c145e9d69e122f3a387519194d4280a089
SHA256 2f3d5ac26d4345be684f81cae8aa51f116334394680e9e6ac6a6ec49f58f3bac
SHA512 e8fa96008c4aaca4c4251bfb310c14a4501aa59b02827e68e91013f4089bd7e20a498923046bc4469985703c94b3c116da890270f0a806431601db605a840fc4

C:\Program Files (x86)\BonziBuddy432\t001.nbd

MD5 15a02eb5a83be1c01ff9579f2ce06aed
SHA1 1c8ed5541fb243602e963759ea4d284b9842000f
SHA256 b30e7a66488327c0cf090ae98eece036f326c7f5b2ffa9f9cac3bf7df3e7af47
SHA512 06a562d88eeb6ddd8c056df834bc8d0e02bba501c417f9a2531761492233e0f07d17ba65602c6acac2bdcbb463bd6aedba2f397b5b707bc64565958b78f27472

C:\Program Files (x86)\BonziBuddy432\SSubTmr6.dll

MD5 1556c5b52a751c31b4ca6fe757704131
SHA1 a04263b37b69a5a53eaccc6d30dda61b2808224a
SHA256 48bb226b418dae999d66731599996e042c5592d845ea11548a15ccd3a00fb5ab
SHA512 ea306e09834bd08edf8a5930c096eaff4ab6c6a8799f3910ab8ea88a0a25fde45de36887c13d468046e9bb2e1439e7bd34c970e3ef9f71d8e4eeb95b5fd60074

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 7c70fdb75615a12b46140d8e708b7fa6
SHA1 d2b5fe00939a1a53e249b7892b1d7d18f66adf45
SHA256 03b3858e5766b07b919d176b541a105faf76e1a28ba01e3593cc319ad87dc3b6
SHA512 632568205be861f532da9bac3f423306f44ab6b8874c1a8dd5872534afbb809081c861bff6fe041a2d7296a627f7a988059989dc58f0ba3b4162439525695b3d

C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR

MD5 307f2e464cf4e0bb93fbf82037102e14
SHA1 b35f620a6dd2d0b5d04d669d4e2bb65c9c41363e
SHA256 3e8554436a52336c84117905b7b2383fe1aef01d613440d4cea70f035aaee28b
SHA512 d03df59f9ebd5040ec5f6fbd5c1e426d8f4881d61ac0e98423c26d39a56b170da6a3cde6bd231209739c9a89224220514371bab2ebc38f8d9e6d86c4a76721b8

C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL

MD5 94f66cd6a18efdb663a61f2025ab31c5
SHA1 527afb33ff31f5ad1e60225081db34ad5083454b
SHA256 c4b58c78dc14e247ba303f630e42e9e56667dafef7aba1f0fdfd058b658f0a36
SHA512 e4c14a7db92c9c7b10950ee52f34be73138ced3873962dc5a875949c533d187dc2251b0d37e6f855d54018b8662b63a611b1f0a71fb5c4744444dbf86492ed1e

C:\Program Files (x86)\BonziBuddy432\msvcrt.dll

MD5 055b02d711cdedb8c5997274c4e99cb8
SHA1 5c816eeb6e4d5f1c11e9f56c992ee7d452e7c0f9
SHA256 d7cea69a98579d928e534070f5293e80ed7df38baf611b20717ef55aa1344a18
SHA512 4774431fe768e424f46c833236a41d68f05d98ed14353b04428a5d190dbe213bb56087a5e5cca5cd98598f2c1611fddfed3a7a79bbd362bc02e586cc367907c0

C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll

MD5 5343a19c618bc515ceb1695586c6c137
SHA1 4dedae8cbde066f31c8e6b52c0baa3f8b1117742
SHA256 2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce
SHA512 708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

C:\Program Files (x86)\BonziBuddy432\j001.nbd

MD5 98c9159b828cbcd8f13a0491218bf537
SHA1 6b9a736cb7840300e56acd2cbc635d5e451a68ff
SHA256 e312728e0491e1a15405566c8f591cf3ca6128ca17e5e022a7550494a600ad27
SHA512 9d07bdd0b7fbc3e23c6940c72e5e151271c61b703f0f6d858e81887fd4819f9574e4bc078bef8e2c3c9c661793884f98cc6305556f34d0092c6ce7c657aa16f8

memory/196-3718-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8981ccfc071520615b87390ab390b67
SHA1 dd9672b7d0423f995db4c1c2a264b3253df5a14e
SHA256 5c89551cfc68dcffc55565ea2e5e62d48040a89bed4425cf572500e937290d52
SHA512 9a85e6bb052280342cde3f24567f4f16d22c9a0242d4b6ca10a1bd055a30030367acf8f94d5d083ce6349745cf81c00d33a11f049900dda5bbd69cb100ec902c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 223e082d6052d6e308a90628a908ea4b
SHA1 55bdb44a07863d9347e0e2534f9779afcf93941c
SHA256 127bdb5c14cc23b0e1a3c1f79775f7bcf26c8397c0de3c713d2c95b0c5898272
SHA512 8c803b165362c45457e94768207d861df4bd13751f54d2b3cb5a2d34eb1eca7313ec4cbe4ef0db89fd51fdb350d5437eae446ba00c59d46a9eaff110706d6d37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 50d78732929c3becd433f367367b32bf
SHA1 3ba5119d5877eeb82449cb9e8da8b7d2601d6d9a
SHA256 66343a892139616fac4297b31e8f8e925faea422ed2c2dc47cd1f09f1a030101
SHA512 3983c60ba322c09b89d344a6528f39d0982ec341d3fda44f6d9706a9064a9a26296e7b48eb840034855240031a7242d6d1dbdb57b4481f9b617b0589a6231251