Analysis Overview
SHA256
a7c90093e472d234feb011738baafc00b902be8f8e6bb714564bdcdbb47b9ea5
Threat Level: Known bad
The file index.html was found to be: Known bad.
Malicious Activity Summary
Remcos
RedLine
AsyncRat
NirSoft MailPassView
Async RAT payload
NirSoft WebBrowserPassView
Nirsoft
Modifies Installed Components in the registry
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Accesses Microsoft Outlook accounts
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks installed software on the system
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Drops file in System32 directory
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Creates scheduled task(s)
Modifies registry class
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of UnmapMainImage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-02-29 07:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 07:13
Reported
2024-02-29 07:40
Platform
win10v2004-20240226-en
Max time kernel
1583s
Max time network
1605s
Command Line
Signatures
AsyncRat
RedLine
Remcos
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NirSoft MailPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NirSoft WebBrowserPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zOC4D6FC4F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zOC4D1280F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zOC4DA390F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SETD459.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SETD459.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\speedup.ico | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page13.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j3.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\p001.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Regicon.ocx | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\s1.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BBReader.EXE | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSINET.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\empop3.dll | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\msvcrt.dll | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\sites.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\emsmtp.dll | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j001.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.bat | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\lhsp\tv\SETD444.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SETD07E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD06E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\SETD0D4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD0AF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD06D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD0C0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD05C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETD07F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD07E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD0D1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SETD0D2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD114.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SETD445.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SETD06E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD0AF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SETD0F4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\lhsp\tv\SETD445.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\fonts\SETD447.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SETD0D4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\SETD446.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SETD0D3.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD05C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD06D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETD0D3.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD07F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD0C0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD0D1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETD114.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SETD448.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SETD444.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SETD0D2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\SETD0F4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\SETD447.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\INF\SETD448.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\help\SETD446.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D08E0CF5-D6D5-11EE-9BAC-D65EEEF40ABB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F7AE600-0142-11D3-9DCF-89BE4EFB591E}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.lwv\ = "LWVFile" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ProxyStubClsid32 | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\ProgID\ = "BonziBUDDY.CCalendarVBPeriods" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinEvent.1\CLSID\ = "{8F59C2A4-4C01-4451-BE5B-09787B123A5E}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\ProxyStubClsid | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CPeriod\ = "BonziBUDDY.CPeriod" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar\CLSID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentSpeechInputProperties" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E26DD3CD-B06C-47BA-9766-5F264B858E09}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\3 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\ = "ISSDay" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\2 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Programmable | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\Version\ = "1.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}\ProgID\ = "ActiveSkin.COMScript.1" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE7-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32 | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinForm\ = "ActiveSkin.SkinForm Class" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\ = "_ISkinPanelEvents" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\ = "DSSTabControlEvents" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\TypeLib\ = "{F4900F5D-055F-11D4-8F9B-00104BA312D6}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\ = "IListSubItem" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSPanel.3" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6}\TypeLib\ = "{F4900F5D-055F-11D4-8F9B-00104BA312D6}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\ProgID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC4D44F17\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe713046f8,0x7ffe71304708,0x7ffe71304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3752092481447359315,8620331098472026677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe713046f8,0x7ffe71304708,0x7ffe71304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffe713046f8,0x7ffe71304708,0x7ffe71304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x404
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap13350:328:7zEvent14479 -ad -saa -- "C:\Users\Admin\Downloads\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.zip\Archive"
C:\Users\Admin\AppData\Local\Temp\7zOC4D13547\68ce0b654df185f888ce7bc64305873778b4090e38abe5b933ff6cc864194753.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D13547\68ce0b654df185f888ce7bc64305873778b4090e38abe5b933ff6cc864194753.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D44F17\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D44F17\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\FOznzVk.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FOznzVk" /XML "C:\Users\Admin\AppData\Local\Temp\tmp767A.tmp"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\kbdvllaguu"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\udioldkzqcacb"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\wynymwdbeksheflns"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\wynymwdbeksheflns"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3924 -ip 3924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 12
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\AppData\Local\Temp\7zOC4D7EF87\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D7EF87\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D1CC87\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D1CC87\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4DAAD87\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4DAAD87\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D38287\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D38287\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4DC6387\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4DC6387\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D43087\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D43087\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4DAB687\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4DAB687\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D49787\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D49787\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4DD6487\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4DD6487\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D65587\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D65587\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D50948\68ce0b654df185f888ce7bc64305873778b4090e38abe5b933ff6cc864194753.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D50948\68ce0b654df185f888ce7bc64305873778b4090e38abe5b933ff6cc864194753.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\zywffkd"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\zywffkd"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\zywffkd"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\zywffkd"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\cabygdottn"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\zywffkd"
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe /stext "C:\Users\Admin\AppData\Local\Temp\muhqhvznhvigzt"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x404
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\neaiynbncdszifpv.vbs"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\7zOC4D43E9E\128568f3d106f5646d80885a44c080c3e8e90c3b061b16b1096bc97caa6a78c3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D43E9E\128568f3d106f5646d80885a44c080c3e8e90c3b061b16b1096bc97caa6a78c3.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D6FC4F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D6FC4F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Users\Admin\AppData\Roaming\defender.exe
"C:\Users\Admin\AppData\Roaming\defender.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1008 -ip 1008
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1008 -ip 1008
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 592
C:\Users\Admin\AppData\Local\Temp\7zOC4D1280F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D1280F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4DA390F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4DA390F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D40E0F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D40E0F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Users\Admin\AppData\Roaming\defender.exe
"C:\Users\Admin\AppData\Roaming\defender.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4552 -ip 4552
C:\Users\Admin\AppData\Roaming\defender.exe
"C:\Users\Admin\AppData\Roaming\defender.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4DCFC0F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4DCFC0F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 592
C:\Users\Admin\AppData\Local\Temp\7zOC4D5AD0F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D5AD0F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2152 -ip 2152
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 596
C:\Users\Admin\AppData\Local\Temp\7zOC4DE920F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4DE920F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC4D6530F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC4D6530F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4552 -ip 4552
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2152 -ip 2152
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 636
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 596
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Documents\GetDisconnect.mhtml
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe713046f8,0x7ffe71304708,0x7ffe71304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11231346268905359141,2411693722746343991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Documents\DebugPush.dot"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx" /o ""
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx" /o ""
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3712 CREDAT:17410 /prefetch:2
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx" /o ""
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\BlockShow.rtf" /o ""
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| IE | 209.85.203.119:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 119.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| GB | 92.123.128.187:443 | www.bing.com | tcp |
| GB | 92.123.128.187:443 | www.bing.com | tcp |
| GB | 92.123.128.187:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 187.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| GB | 92.123.128.194:443 | th.bing.com | tcp |
| GB | 92.123.128.194:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 194.128.123.92.in-addr.arpa | udp |
| GB | 92.123.128.187:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.20:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzibuddy.org | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 31.29.187.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.134.91:443 | aefd.nelreports.net | tcp |
| GB | 88.221.134.91:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 91.134.221.88.in-addr.arpa | udp |
| GB | 92.123.128.164:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 164.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.2.49:80 | bazaar.abuse.ch | tcp |
| US | 151.101.2.49:80 | bazaar.abuse.ch | tcp |
| US | 151.101.2.49:80 | bazaar.abuse.ch | tcp |
| US | 151.101.2.49:80 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.203.85.209.in-addr.arpa | udp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 74.125.193.105:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 105.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| IE | 74.125.193.105:443 | www.google.com | udp |
| IE | 74.125.193.105:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 94.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | bonzibuddy.tk | udp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 8.8.8.8:53 | www.twitter.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 185.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| GB | 92.123.128.146:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 185.172.129.234:34244 | 185.172.129.234 | tcp |
| US | 8.8.8.8:53 | 234.129.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 172.67.75.172:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 172.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.34.170:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 8.8.8.8:53 | 170.34.67.172.in-addr.arpa | udp |
| PL | 91.223.3.151:4508 | tcp | |
| US | 8.8.8.8:53 | 151.3.223.91.in-addr.arpa | udp |
| PL | 91.223.3.151:4508 | tcp | |
| PL | 91.223.3.151:4508 | tcp | |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | 50.33.237.178.in-addr.arpa | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 185.172.129.234:34244 | 185.172.129.234 | tcp |
| PL | 91.223.3.151:4508 | tcp | |
| PL | 91.223.3.151:4508 | tcp | |
| US | 172.67.75.172:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| PL | 91.223.3.151:4508 | tcp | |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| PL | 91.223.3.151:4508 | tcp | |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| PL | 91.223.3.151:4508 | tcp | |
| PL | 91.223.3.151:4508 | tcp | |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.151.4.100:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.9.66.186:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | 100.4.151.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opensea.io | udp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 2.19.169.32:80 | x2.c.lencr.org | tcp |
| US | 54.151.4.100:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | 186.66.9.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| PL | 91.223.3.151:4508 | tcp | |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| PL | 91.223.3.151:4508 | tcp | |
| PL | 91.223.3.151:4508 | tcp | |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| PL | 91.223.3.151:4508 | tcp | |
| PL | 91.223.3.151:4508 | tcp | |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 97.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| BR | 15.228.35.69:5000 | tcp | |
| US | 8.8.8.8:53 | microsoft-virtualpc.duckdns.org | udp |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| BR | 15.228.35.69:5000 | tcp | |
| CH | 141.255.152.232:7000 | microsoft-virtualpc.duckdns.org | tcp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| BR | 15.228.35.69:5000 | tcp | |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b206e54d55dcb61072236144d1f90f8 |
| SHA1 | c2600831112447369e5b557e249f86611b05287d |
| SHA256 | 87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b |
| SHA512 | c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2 |
\??\pipe\LOCAL\crashpad_3572_VTDWXNDNJDQMUQEP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 73c8d54f775a1b870efd00cb75baf547 |
| SHA1 | 33024c5b7573c9079a3b2beba9d85e3ba35e6b0e |
| SHA256 | 1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94 |
| SHA512 | 191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ffec4fd8805b92cef825b3d27835ff81 |
| SHA1 | eb13fa55e735530b2196e1c68063e6a809c9f766 |
| SHA256 | 6b94a55fa7bc8e519a54e01c21e6fdd290fc2c35f98d9e5d11400cb61540f726 |
| SHA512 | 0ce8d0efe345fafc721c8f9c383dffbfaf8f31f0f77b46c6257024e542be9a2dab366563fde5fb84d35f9789840105fef79e6bdc0627077cd12de3f5a78e3baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 41c5a1078e552ec426a8fde486105ccb |
| SHA1 | fe49e763887bb018efa077c3237014fe926d5479 |
| SHA256 | 6da4da5e1eb50ce4cf76f3cc4fffb0f45cd45f6e09bad181c7c8101c6cc3728d |
| SHA512 | 6e8ba1eefd777e77ee311e33839b7df8da79588857d4d3a83ce151e630aa4646f2e5b00247b7670162c7b981d90a7d8dd90df00c29d6c7e0fc618add0369d51b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4feb5ab92f9909b37ddb25305ce66c26 |
| SHA1 | 49bffc6c5ea5a853b2a5842be7d13469f0fffbab |
| SHA256 | 0a710a1d581c5706ec2f84e557c8fc6d42d831810d2c1b03dc8f32f2659bd149 |
| SHA512 | 747322b080245bf4aaf4c87dcaab5dbdf3b0c8d09ef9af8ef7b670fe05a43961fa4b6c939c41fd23d5a79f7c28dcdc917149c5f9aed8566f9000859921568479 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6f2d9789106ddb6e449049c94ddaac6d |
| SHA1 | 5ce584aa3d2c399ce76d9eb2284daf6b688bc51c |
| SHA256 | 400650bac2fcb210994e11823a4879d1e9eca6dfa8e640ce9ea75e99791640bc |
| SHA512 | 0108225b2f853197e53af68c6f4869450dcd196a83ec67d828e81e2299269f76393f263184ba896ec583440b5da14868bb1d885dc83477d4952cb963b4fee07b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cbcc9810f269b98d875b1b9ce49dcbc3 |
| SHA1 | 23b4607b259231030f6e33bad56a906945959458 |
| SHA256 | 2f0c32b7c13c2ad2cb583fc6397ab3a1c626c6d153b5e688a72a2b786b3e4a9a |
| SHA512 | fc5344cfdd02a6de3358d784723a1ec44d60f49cd93581a0fc003371d977e33a05bbee0f253d32a57555b600d81add999cb35447370ad42a0deba6c6d1087bed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 86edf06e8cd3168d779a780b81c9f197 |
| SHA1 | bc639238648b9cbfdea5e26570b213e64d1a0c5c |
| SHA256 | e4ab290e53ed7ee89f5a2cb1f868ac2ed6623aec36823f7b1e2fb59d98cde039 |
| SHA512 | 2d534df53cc883839432094b55690ebee881c705768805f551cb860f86de7710985a093dc0a0371ec8b3572e92121fa539e9b90a87967d601a9f4cd84fe09e5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353664455849169
| MD5 | 360918636eb49ba07cadb6448b2d9e9a |
| SHA1 | e21f3cb5830d1896235471f84fab887da6091f32 |
| SHA256 | 39e2c696f258cba1dfbfc683c5bdd1af7f47bbfadfbfc5171a5c04d5647771a1 |
| SHA512 | 98255164013ff93417318fa6e6319fd7bbf7167f6b0f0d2d82433d20b04affa11ea2d0f65ca8253aab33e3af7456113240551be9195d40567b93cd29a0fd6ca7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 642efc06f5ad08b4e21cb69c0b697ece |
| SHA1 | 63a54c5f7fdc3c859f8fddec79076071b32eea2a |
| SHA256 | c823ce4de80d07a99d6289de6dd496a2c208df6185fa99e3efec57c2fe9e57ed |
| SHA512 | 8732b49b6a5395b9917a1d2bd350e795db5e4f6c34db52c21021f046b126e179304acce08592d7783b7ba064c6d8b82af4122988af68b0fdf7d826ada46535bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 6222de9636de8baf35f5601c3823b9d0 |
| SHA1 | b4f015a4d66e0f6fd661fe4b271d6cfb7498dc46 |
| SHA256 | 688c8ec036861d7e80c7515b0b6027a8f5ce1b19ed793143efc0e8b5f7677c56 |
| SHA512 | f7e0ed4305b3f2e2a7c563ba6f1025b362c5e5b1b8f2caf289abe2c9ddd357c545093be5514fa9711f4615223e5ab236acee5742d259f79b2be32db50d478b8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a9ceb5c307a57bb3180ecc0a0e653494 |
| SHA1 | db669188460e88d2b49bb30149527defff1497ee |
| SHA256 | 52d22c4f43b7b00be84cc2c35fd146e3e3ccb314cceedbb52b2d4b5d39c2f7b0 |
| SHA512 | bb726bbaf8abff485d2f50d7cec90504444f15f505b5b049d7b42ff2b4187ed518e04efed4ba0b44e14c62ac989eb2fec80db6fdc348b6b88e190b402a4d09e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 291ba8eeae1c1afed23cf8c428897b22 |
| SHA1 | 538d91dcb41fdef7790da3483ddd37c30495bbd9 |
| SHA256 | 74c30512d9df033b4dc0782d8588a354110dc3199e2f649d96323100de6788ec |
| SHA512 | 6c5159cdf50c48f8c7be036b9381b1ae7d562d438317bfa4f0780b29027d073d9b79517e2d8ef49760e2f3f84507afeb38d9e538389bbb8ce3a3202ba78174f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 7e1a92795e3cb7cdcd94e3ce621685e1 |
| SHA1 | 529689e9492d0b7c4ac72d98334a1fe8d54aaf3b |
| SHA256 | f7a7deba0840c7bb24453bb4c3f2185046845a30b82c181201fe9d12e18e0729 |
| SHA512 | b75e870c5c86ada672d149c592b12f02d8938788de5b3f4d6d881ce86795329436c576f036a425609dbb6f28742fe4e4b540b3997eaf496850700f41d7d62026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | a0423118ed3be0c60602be823669cd28 |
| SHA1 | 0317676c3f9b605b5dba850e1074ad710c2dcdf6 |
| SHA256 | 60ca84c698a889f4fb7d2741544713bf83bfae7a5ed45d48aa3ea03ab36bb2f1 |
| SHA512 | 482217a4f7a2473bbefde4610bedc4e0e6030ba78c4d28800edb462646168bea7df2455a267687d4d72757a75fb27231b062773cb6fe1f891f6fefd3937b54a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | d7d9437445aa960dcea52ffe772822dc |
| SHA1 | c2bbf4ac0732d905d998c4f645fd60f95a675d02 |
| SHA256 | 4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1 |
| SHA512 | 335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 3342e43fd862a5f70f8a026e701b4c0b |
| SHA1 | 7dc07c27a9440eb7835701800f3acc2dba5da402 |
| SHA256 | 64a26fdf71af7925da4b641c64d43420b87659b35176ec827eadc268a766c9e1 |
| SHA512 | 87768b228cf31cb91a6af72562869dd65f8b498b899e1ea4440705fbab8a8af973c8868adbc3f7da1319370779e5d5fd709f57ed11679257b4ea19e6f15c2c4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 94b4187c3cf0d41f6503aece55381d5e |
| SHA1 | f3b83eb40ccbcba9654bea319ebe789ee05b8531 |
| SHA256 | 8ef1254ea4e4f7397f34696d141fbe8fa4902e0853878c6e5438521008e98262 |
| SHA512 | cdba47703663be51cbc5384e2ff489932d4b7b07b3e5b6f510fbb292a8f0d910769b3e52451e8b21eddf23f09f85887fec7f6cf50db69f9751085e58f4ee55ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | ca93a8fe41af44b3d85e67cdfad8a3f0 |
| SHA1 | d6e87e8991346fef03f3557e8a3b57c28d446988 |
| SHA256 | e4936088dca69b004286239cc8c82ead0aece69c5dfa48e0bbb97d89c88b1abd |
| SHA512 | 6374659d6831928f87e9227b828d97bd04ef403118f826e4d8d1f02d440eacb66d7cfbb9f9fc4da5c748fbae8d4a65a378cc0a27e29359a2a2bb1f689a999dd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 53f6ec160b33e1a359d7ed07449448be |
| SHA1 | 963389761258e7f2ae1127a274eaf0279695509f |
| SHA256 | cfaecf9ea5cd4fbcbdd54c339f4fcdee71398e8386baea5df04b7714f497ea22 |
| SHA512 | 7fb94cf09ba3ef4b5869733336aaedd07bc9bd0484392df00fea0a7440a7a403d0677ed36e1be06ebd7c28613f7cb0f9491408c9cb6a3650183748516aaaa0cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 5742150bab699aeb3b118a48f52db668 |
| SHA1 | 77a931bb900832468acb07af0461ebd48cf2bc7d |
| SHA256 | d55b3bf9f9e136eda1b2dbe96746dcdf77803544dc884104019a99f29c54741a |
| SHA512 | 37808f9ef8da17808e6d7168af40abafb263d082fb35fc1af83ead8c9a81b3d3e485c8dad4a013aa12d33876ad2b1bbf28c4df2de14a2bedbf8658ca91f44262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 86e37ead36a44d3df28a84af1dd0c48a |
| SHA1 | 6529c6d2c5969d639d4930fda045ca75f374bee6 |
| SHA256 | 08bcad91d55e0eaa141c8b91c6aac9c1311b82f68d0a7486a9315437893ea83c |
| SHA512 | 92c5b8afde3be1f7ac952a323577f0aa3070e9baefb4d52418e727121d754ca90e98c4dc60ca62666cd1c28f5ff576977e9a99f5acc76aba5dda6a6ed324233e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | b5536ae4a6cdc22a4d9c27f51ef488bb |
| SHA1 | 871b933dec65666b97929ee7b68bef99b4822718 |
| SHA256 | 7e6687a72445e598375aa797cd0079c1a63183f37f3c853c625d808f96309e5d |
| SHA512 | 20f99f2d946a4a4813a46dad0f1e7cf4574c6923b7ecd02f80508ab6c6349fbe77de90ea2b354e7c5448723dd87f2ee00e573c75a2cb77cb73b92c668c28c39c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be555801-3827-4606-8272-6accc32540eb.tmp
| MD5 | f6ae3e943eb1022334f4e837a4e8604c |
| SHA1 | 55275ca850793bc0f1848f2581e80565808c11c7 |
| SHA256 | fead537d099bae8ad4ace1b18c8f8c9d884dc266a3e1cc3db225dfc022d2711d |
| SHA512 | 143a5d6e08286d883b06a5fc44012c7de59447347547056eb8513af5620b123a1bcb47ae5386f5e85e41bf55e4f59e7ff1ffa825a9b9df8ac145df3abdb6ede3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 81c0decf3c53fd6e65479611ba1bf02b |
| SHA1 | 9cbef53a5d4b9d768b54d7412e79f10f04b05302 |
| SHA256 | 40bc2837bd1b4812a80e70eeac4257dc8a8a4bfbd396144b23a477fe8f888e24 |
| SHA512 | 51bfc6c623709e0a081acb41e71b4ed504cfacb3bb96d67cdcf81dabc3f5f7902bfbca11d59d2a8f53d2f8fd67b458f8a8b2266d0c290479873d72e75436bbc5 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 0931d39bfc19b74f08b8f48bafefab59 |
| SHA1 | 1674247e234b601264585b746e96bd01447df679 |
| SHA256 | bddd83d9f70ce09cd6941f616b6de908863e45263ca49ea3673b86ff162f665e |
| SHA512 | 46159371ccbfc17015c05634dd479925f8c2d1cc609dc68e6b6a9c5d766c25df42d550fcae494c3f5b68d7bb2c787a13d764981920ce9d17019d4d6e65de3d54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 1ac9e744574f723e217fb139ef1e86a9 |
| SHA1 | 4194dce485bd10f2a030d2499da5c796dd12630f |
| SHA256 | 4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e |
| SHA512 | b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 0e7452cebb0d72f17c452ad2c937c795 |
| SHA1 | 9d5c096fc69c7abc314ec07acb35865dea02512c |
| SHA256 | 566470ae725dbb8ebe214c40de349edb149312f9d886f35d098b570c7eeea0c1 |
| SHA512 | d52560d4666c2e8fa1e3c0ed2881c7fc4d9cada18788a3bd303827e40dca18c758f82c1d0dfe0635ec9edf46575d3199cd9e44bfa66f19cd96b7e9d0f7d93db8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | badf2174ad5c39d6ac579bb052023c04 |
| SHA1 | dcabc6fc256b71d40918a9ddf794746cbfdd5d23 |
| SHA256 | ead95de340b255cecba9038f282a5f5feaf396e3c9fb82504f9d44191425c3c5 |
| SHA512 | e07f33a0ee661e41ca9c9a70896a4675fae832b72bb8f161dad0841dfc7bf335f1f1fe8e0347f55fc088a253ad5e12dd1006482240777c55503da9b5f1883c09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 821bfbb57943e620d3b63ba7b0b544b5 |
| SHA1 | 673798c6105e8fb948b8c867546dfc30c68becaf |
| SHA256 | 9b3cd9a5fbf2135a3dad60655b8d7f86606603e766079784bf5d885c6d5bcce0 |
| SHA512 | 10c104fbd1aa9695cc53d5c1fae2b5cf9131c9ed68c1b14449ba7be3757eaa8da45356f8a14893304d4cae5e8b569ea2f2fccb044e28dc401e6e05ee1bd16ff5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 04bb66539cf39cb27f164cdbd9537625 |
| SHA1 | 96ebc0bb9b2c7452a1bdfa37c884812a14b29677 |
| SHA256 | a8c7f4828b06848012417226dbdbd24de35176b741f420a65969766f9ac77bf0 |
| SHA512 | b2a6abbf8a7c2930a5b06464ab5971807c1c2991e6ab7f87f1b5a33a0115316010d1f7e8a34a2369970c4cd7a2c062f543d8c1e2f328f844203e8443df908b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | cd6ff2cccb035b5c76b20cf7b73298c3 |
| SHA1 | 16d12bc931ae0d07ac40b7cd6391bc2d55ee821a |
| SHA256 | 22aedbbee59e8fdda9acd1ac02d477563d68cc45b56e6727ee409efa8483c950 |
| SHA512 | 2f711a768dbd98ab0902242aa8045835e28fdb8d79f080343652e283aa469016109b64e1d491f77661fd7e7b3504c8d51466a6eb46ba8ed2e901e950cc8ccf1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353664455487169
| MD5 | 4217df51f7bebf3c766b73021adee4d6 |
| SHA1 | 39f7a1d90efdef4a0ad53515dfd9d9e601a64526 |
| SHA256 | 70030b86ef2b09faf01e505f0f04052e7b0c085a4a17fb23ba83229f801a8dff |
| SHA512 | b54755fd85c47b7b5890f2b62e3d9c43362d68b3415b564482562688a6df705b9947a96086c502e226ea4a2683d14d1e9262c2c39f0b2fa8541f147eedea697d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 225b8c61c4b18d153abc70ef0008d2e8 |
| SHA1 | bfb4a77135b72840618b85c07340cc2ea1fa36dc |
| SHA256 | 40e63b630f2c0a7a1f292a3ab2b6d480b115a1e617dd39fbd1fcb82db8c9b89d |
| SHA512 | ba5dbef0797255870205dce8aa18f03eb5e4a88d92149f078d7ca7dc5aa2e2468867479c697286512a7aca001f9f19ebc7fc547c353c1f5bf297add1d3b2b269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | fbee4fd2a367b6f19401077d667529ce |
| SHA1 | a413b42cff5fa2ae0aab614fb195c22b1e92b67b |
| SHA256 | a3d8b33849be0a56257e4edfcc234e69f56ca0d6d3f5ad1253f45c8a7ab2e4b1 |
| SHA512 | c5944469f37675e85447a364d7562c49c084bafd378566d81cc38469a073cb3a735aca1ff4206998fc37ae064744e2fdbb92bb4e646f8ecf626c48641ad594ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | d68fc5f8aa1d8e0e32cd8b5b229ea2c2 |
| SHA1 | 4fafa5b4c0facf7582f08398af4191ad34787ca0 |
| SHA256 | 4f8c96a7b8b88951ca81de19ab8b04c9872a3181ca832fe06e69e5181cdeef74 |
| SHA512 | 877b43695090c5579a22e1ea648df8b391be6fad8c2422ed737aac1f17b21baf59fe9ed6d3287983a1e530779dafb2b4b075525390a4a84827ad18fae4c5af7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | d196a65cc0ae730b050354bee68bf4be |
| SHA1 | 03946e1abdd656f56225f36cc995b59263dc3581 |
| SHA256 | bfbad1126a10965775f7555a7e52bf68e71de7006d2a6969e1545bd2c28c5984 |
| SHA512 | 892400fd4552405f2a0457aed30004709b98b57492a47bfb563b9b45e0d28f44acc37e1846e450a1f5f8f4e68c10bab91e343f12ed17be4eaff6a39956e604f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal
| MD5 | cba221c45548007c4e0d4baea76f74ed |
| SHA1 | ff9064100ca62761d30d5f7ca40e378102a73cf2 |
| SHA256 | 1c23b801c62f7925d619b1d836e63824f7f994ef4aea8a5fc67e4f27dd8f2f11 |
| SHA512 | b2f74876cb70ebb8f96411090d9f7da152f5f112cd7ab0051429b98392c74729134e46d9b0a3b15be79e4fabc2b85c4381e4cb6be721080a948bab9382e02148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 83fda49bafd9c3f2046c4b2ca3ccb12b |
| SHA1 | c8a2827ad96c832626527dbd44a0cdbace4439be |
| SHA256 | e546e78a2d5eab696ce1be45ddb959268dd98e81b4a8ea2806a594aebec40e80 |
| SHA512 | a9f4e6fbf685933c040fa8c5c878e050ec25e2954bfa0d6bbc7464379bee0d200c7d9b96962b10e0cf230c7432a031299f0eb4ca65f51c3caabb9b58c8f69cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5f4c7ed3f595ade240fe93751be14e1 |
| SHA1 | 134888e428eac344b0e041ecc10e2dd8412575bd |
| SHA256 | 8f4f1caaaf759d0a6837690b42d649675cc8ccad0f0841ebf3247681fad28245 |
| SHA512 | 4ad7988f39e95873282d54e7f089d5114f33f9647e4eaa1e164098bc82ea2bc52898341f251bc2cab0237408dd53218d16c03c64d490325e4df71ed146500bca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 183dce08f3c1974580fd4a465be4c92d |
| SHA1 | 9f8e2afcf47e4f08604e96013ae358f47c41f7a5 |
| SHA256 | a9ba80bad88e21cdf081d643f4fc38c0159fbba258d4bcbf02e1c3ec08ed3f1c |
| SHA512 | 3ea1c244b95a3255969c936491b1d13111e819814ebf8f2632949338b23c06f5820495e60614a7c02b01570276e69430fd0842a958fd283767bd224606ac786e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b3249457d8199f34a5aad947e843fb52 |
| SHA1 | 22809491a7f9fbb54c832e3b2d2909b6ca287dd9 |
| SHA256 | 18e021bb6d021ad52efc4b7964a04f056fb44bf65259e73d7a4ca314231e3604 |
| SHA512 | ed72f2196868bf8158a4dc51466b57388a59d42fc08e9e47b4174b793dc8b8c9f51b05a2ee4529b38d048bce0ea0a927e498bf302284b05c6e27a43d43af3055 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bdc011537ec005779e80cfe5d34f11a8 |
| SHA1 | eebe6c5e72caeaecf82c5c2858c8acdb8ff62921 |
| SHA256 | c89564b82b18e5472c923204ed7dc04130230c5d1e5c6fd1d9de3398ba73a20e |
| SHA512 | 2aab18a05cfe53bbf6f43d3c887aed9ae32886e16478b55be244a1a469afeab1d6f82c524236daacbe7b5c30f201b92d562be849772dc72e7affc94d75dc35dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8dc4628e346c45d742a31ec7e13b3582 |
| SHA1 | ce9db82b93ac5deefffda5f083ab979b32ba2720 |
| SHA256 | 0a86ee7f534534d849be2ac400f47db6f9a28c3849ff21727f156ca75275bbc4 |
| SHA512 | a01ecfb685a7bbf98957de7a35158daea8b8b2bfabbac5206baeed25a13e57c1796dd537fed0597b1d843066a91521121565eb42df97061867cf00329695ff1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e8f6bbdd4d93a546f64055962a6a5f9b |
| SHA1 | 2dc86cae931dc3518941fa386a603d135770db48 |
| SHA256 | 91533c647ec701a8b33912e1ab34fecb58d048e163571dc65ee1ee6050cf4004 |
| SHA512 | 59f8cf4fa0a7965fb9060335bc8ff6ac04f9c19c0ab02b0ffbb20bba47262fac5c02b3f3f664052d08b6998acc8b30ea975e276e07ec33410043a3bda2a4b30c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68877a0ccb5672501b231caa781d4816 |
| SHA1 | b3e9566b19ae470777df181441cc25a17365e61d |
| SHA256 | 9550635ed31d920447825fbb2a9ff1426515c2173ac8e72fca6dbb1e62c4b7dd |
| SHA512 | d744b71874abe7a1ff1718a84345774df01f92039137998f67daf91c57a4cc9b9942543ac5a64d0549c3a2e5aa1b68f944af3ddb074e47894beb295e8f435be9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 89d79dbf26a3c2e22ddd95766fe3173d |
| SHA1 | f38fd066eef4cf4e72a934548eafb5f6abb00b53 |
| SHA256 | 367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69 |
| SHA512 | ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c2de379a497f03faeacabd3e6cafa5d1 |
| SHA1 | 8ef179f6b96a1d06c1ca48337e07e0dbf5b87de7 |
| SHA256 | 6f068daac25a601bffd5697bd73abb572bb319ce515323cd8befb8c8820c677e |
| SHA512 | 4c6b0665d8bafdea8e8e03af512cafead93ea08c0cd33ffb2927710145df9b58c0d3203bb997cceae9b26b8d73e364b87d644a9ee2e81b162da239d26fb9f8ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f690.TMP
| MD5 | ef50facc436e29bc474ca93b178b3e0d |
| SHA1 | 2384de1f76c2cb14c7dd49d594a772aef9f583ee |
| SHA256 | bb6f9e6a74a4b27d5e7811988f9c394f6d2aa05bad9891ce99cc9c1370a82514 |
| SHA512 | 90702425095b996844686f6c955571e08e60508ca661b9006dee2e6fd6a6e0c1eefb1b18b68bf3b9552bc633d97d6f562a78279a48439d48a67b9adc5ff05477 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e54633198f886df4e3256c95469a812 |
| SHA1 | d6d986e0a9e5638e8253f4306b2a73503d8745d2 |
| SHA256 | 515f5fdc4eaf65a7c3623d497642969735a9768144ac4f6e47fd1239c180ee3b |
| SHA512 | 87a22fb0a1dc34a77b7630024230d8fcec1a1e7df547cfbf6af57652f76ce6cf0b496b29547062aa6d1ea4825a4a02d2affdd32ca1e2932a84378a54efa1e21c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ff19ce9b0967a953ee077ef0fdb75f22 |
| SHA1 | ec72ef1bdfdb0b8967358d7732e950f943b7b6ad |
| SHA256 | 629c4d6c7cb9f5e00f61bbea86267512b1a4587d40c983cf6c5ff30fa1436275 |
| SHA512 | cfff0e4624a188f9ef37cf00c48209415784ff5f5f45b4340378727ed0866bd8b767390f87e320dd7d6de7533c569a93947e07386193d0458d0ee949873dbcc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 706c6cc283f6f319fd7d5ac97e68b257 |
| SHA1 | 01e63f69c03314365658c893a033eaec9c7ac6c6 |
| SHA256 | 7b27978645b7c445dce549ba5eaa244cd4e728823cb72ce447c21d7a40d0b411 |
| SHA512 | 5a6b35a68098f7c2bee75f84c3e3a114bff3c7213efdd46c0d13b1f3281d62e60a0e6ae9f0fa22d40bc68ceb6dcd4afbeab508f8d986b9e1fbdeb21082194f0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09e62a24fc8c8596e3af6ffc60d1dfed |
| SHA1 | 2fd9775a4717cfd0ece72cdcf1dcff230282d277 |
| SHA256 | 4d51065aabc364c21e819412c5e7617d4201e40a8ec59aefe0d08ffafd1c260e |
| SHA512 | 95357176909a5f0a3390283816d916a05ca84909d94a7df23bd5a2b5d3f6e11e60d5631c567d3f1411cec7fb19aa5ce8d8803d75f779c399d0dd8dafcd91375f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 3b5537dce96f57098998e410b0202920 |
| SHA1 | 7732b57e4e3bbc122d63f67078efa7cf5f975448 |
| SHA256 | a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88 |
| SHA512 | c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 140f30497fd42c0beb08b895dd4f2518 |
| SHA1 | 00b34c776dc4f626f685e9700268ecf260aae8dc |
| SHA256 | 4c0aea9b00f4af1996496831e642b2bee079f5ee7e6ca63de089d128a211ed92 |
| SHA512 | ea5ee18cb62c462772ee803343d867488cff9c4911a4852ca53a67611f0d529d2c966ce587cc2fb4509c945dabed13d02b133c94fc7dbfbab272bda8e11487b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c08091bde4d1a762ae9677a4082f07c5 |
| SHA1 | 8c5d90ba70fcad7934cf107a8eb738a49977acfe |
| SHA256 | 7ae073b6c2b18573197416052a59088fe7ba063d63357d3b92254bdd913b9310 |
| SHA512 | 0445711d1dece6acb4a2a537cd4ceea602ec4afbb4ebe1d95a0635707de83ce5f663cec57f95b32c903b9cdb7a5b10d93d6a5f01ec2eb6239d14e17a4b639baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e48d4315ba8ec4694a12cc219ba073a0 |
| SHA1 | 28cdef98de134b90309589f955dcde97ab5ad88b |
| SHA256 | a8658f733db8f2ec797f95266edc72e2e196ce7d5c66ee83fc50ac7037fa9efb |
| SHA512 | d7b0076c531ea5685d49e1371da8c85845afd2972afa2f45b74ec31269bb62d9b3bf984f6a335f1d272503959431e2b0f64c6abe51f0abe6c3d5889a82929bc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 888c5fa4504182a0224b264a1fda0e73 |
| SHA1 | 65f058a7dead59a8063362241865526eb0148f16 |
| SHA256 | 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715 |
| SHA512 | 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | b15db15f746f29ffa02638cb455b8ec0 |
| SHA1 | 75a88815c47a249eadb5f0edc1675957f860cca7 |
| SHA256 | 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7 |
| SHA512 | 84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b9439184d8c15d63_0
| MD5 | 2d089055363bd22de9d1e81b237a1335 |
| SHA1 | 4e6f61c451bddb7267a419e0816c214be6f2dd18 |
| SHA256 | 18e9f4b46a130e66108352359d4831621135eba4a0d6cb3c8507904517d07735 |
| SHA512 | 1d8504a2a0afd232aa28a490414e817713261e60e42eba3b7d7c7120681aaf5c77b83f5e91f59a68ed8e0b6494969d7af329cb43772304e4bbe27d3cdb5a78b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41a4ebffd069515d_0
| MD5 | ded16335f789022191ddacd09f679aca |
| SHA1 | b1e5b87abc63f5ac90a37ea974ed0b43164a166a |
| SHA256 | 801b38ba837c721053f1afadc9b935135c2491b6384b3c373ef80397e28cd63d |
| SHA512 | 487dc23bc59c42efb7444b420bc73344a6de121ceddbc290c132fec8ba55fc3ca64e0ebbcb2547fbbba6461a72e9091f1b69d4688182f722f5f32d4b09709be6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c876a41c95383a313afd33c0da849d10 |
| SHA1 | c8e164c55cb0046c1f7b3bcc89986ef33099f9d9 |
| SHA256 | 8d0f4bb9045bf3e0a13ff44f96e23bff61fa116d018d75c31a680e70165ffb69 |
| SHA512 | 4b3cf698530b3dedd123c06c0e8d069ed5a32ab0bd57be8c228c49ca1a1e8aff4e188c7fac7da4e6e272015d3bcf1d43311cae8803b02e41a57bc9973272008b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e7bac783bfe8e8b346ebedfee4f3dab |
| SHA1 | e79a5a43ea4887f9807f706c8f1638dbf1cec8a7 |
| SHA256 | 7638317f909741ba80aa0af8a0d39272d92adffa99ec62f80123ef5a195fac12 |
| SHA512 | 8c140133790583717154e80d18f1f9f0978f714820dbf2fb345466cfb4afecdf7c868ca4882e7086cad7f7633d36f4be518cdaeba463a43b0abd222aabe6e2cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24a37706d3ab219b_0
| MD5 | 1399d2e60a6574e14c4efb43cfc630b3 |
| SHA1 | 1ca7dcc55fa885c9c6de4e0fa026a364c26055cd |
| SHA256 | d585d620d952d79780704e1f41b384af57bdceb5416a2c332e67de8122b95889 |
| SHA512 | f974cf601b37776af020a705592bca39cf5e187d8141f035a4f3cb82cc6a8cb69f8b4f93796d4e7453556602d24af3fe9effa8ddf239324f8ae33f29fa9d6ced |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dce38399b018ef8b_0
| MD5 | 1b84f5f9b17b6f188f60dc64121a1f03 |
| SHA1 | 4513c1e6bbfe4e207a69ed6a06a2fe95546db56a |
| SHA256 | ca011c5f2fc3f52ed2e754baed1a3725aa5308073453d20d21c278890cd8285a |
| SHA512 | d3d2cd4814f92ec635e3811557e4982de24b21bfe1dcfc658e088e590c2e03ca3a83e71a6654e502d314c2e21d98caa4fc5a0f051481eb923a890b2d95922bfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02aecf8da6f8f2af_0
| MD5 | d797e5f6b2164a686d12a85899dc4ea9 |
| SHA1 | 94a09f1a2e433dc99324ab1a392e23b302fa17d9 |
| SHA256 | 547eb6885df50dd79aee98b1b6d56f01e4a1c422d625b76597e08cfd6af68a90 |
| SHA512 | f3689d6ce7fce52e6b1ca83ef349359a75f9594166204142b6c0dd34bc1830397cf09b8815b4e8c3ef20723d29b2c2a41f4fe1d36032d7a957bc1eaf12cba34c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2ba64c141facb20f230d61fc5d977730 |
| SHA1 | 62884d0ae84365375198bef96630ddf10e445bdd |
| SHA256 | 8485d7fb61e07afcd4d5852c41534326a449cc78b4e5b0be508a669fe2b281c1 |
| SHA512 | 514bbcd8737bcd3158cf9b2b7a4adf334120d583b8a7c8be215878ece9d43579dfc637c414bf854601a5521c54d1aaa3ca61147a1a9804557bcbebf5d09b71f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9682f099d57db95c0209d330dd312036 |
| SHA1 | 3ce8a1020df0bc898591b5c5a762cc435a107d24 |
| SHA256 | 21e81d2eda09b84c45f3a6610cd97bfc55d23655025aa8453972210e5289d424 |
| SHA512 | 52a39ff3740b46cec6e456f592d56c6a69465ce2e468fdf6a5f7e1824bd920b3014c6f759d9a2ddb62f284a26c65878d4ca9e6cdf29a757587afd3aaedbbc3e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ac661ac551ee69f59013bca9d669da24 |
| SHA1 | c48384ee0da1b019d9c23b0a0770b8d459d98e2d |
| SHA256 | 55defa0660825689c4c47328b99142c57d01b6e9234617895cceee739c0f8941 |
| SHA512 | 00ae8a3783ac4916b9529e78ce225d2b1bca2c30b48a89ff4927b5b969462ff6edfb5dd73c852f8c2a06ce04e86ed39f791798b243f1b3e93a4edac14bb234e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30f7038aacf412ab4eff03df5883cb9c |
| SHA1 | 6a4677e217673d34eeebd8b65a55c39ca94c3622 |
| SHA256 | fca2f4d5690b3642d31d54d4df50332e9fc414d23ecdcc710a8c6c6e11b3e87a |
| SHA512 | ba4105e46a645055937086327367a9dd174e2c5886b7d70aa41504b193bdfe7ebd955f41a00d568f714e21a2cdbfe284346a396d28812188e00c6aacd24bd7ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 08ae7b97c9dc0325aa7188307d3ffb61 |
| SHA1 | 1fcab10a3c76056ef87c3bad0ecc320122bc5772 |
| SHA256 | 204a7a7b2ed3a54a94a7c9739dfd50f8365c6e413009df750f9900bb887d6de4 |
| SHA512 | 6d60e7386f1e72c690084b2c0c71b56750b135e5da8cab81178866d14dde81d8a621cacc8f8d566ee497e06bae4b108638135bc5794a53ed44b825d206c1a0e1 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | a0271509306cee4d52f98ec45fc5dabd |
| SHA1 | d11773db685a9967a6747e1f22d707eee1cf1c59 |
| SHA256 | bbf6e2ed56169cd63af1dd66f1c784b9ae20b7be179044f3909d8be2f1f0e972 |
| SHA512 | f5f11372f7b82821e95d93730aba8eaab259cfaee94285e43c998545df49745556eb28c897ad66c453bbdc2c289ea33b9bcdef995d6b93feeb6814c451fbb266 |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | b2433ff5466a3a6e99fcad8934a6d4e7 |
| SHA1 | 537e85a61c7d14d857580f06a5f6932d8a7ee97f |
| SHA256 | 3fe21da98304b62627aea361e354954e55f5ce0fa1001976bc6c4e0f9a03b863 |
| SHA512 | fa03566d172cbf82026904e33ee5f20390d283b7163984272c659a4242e49882b78ba0dd55448bded64146b4f023dcba42ac5fa70f67566ce2c2330a4841c14b |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | f38ef5aeb93c32fd19ab5be4b7c6e5c0 |
| SHA1 | 8b9e6f2a6a478631916c47557563c6ed22decaa2 |
| SHA256 | 3387693bfc34b14f4d20e33ef4cdaa12b77f6c29541370de5175063634662620 |
| SHA512 | dd752594857848173d461264c85f13757462886eb15f61c3e3e9404cff81fd3c8547d714510b41a26f59d81693b6920b6338c93c02c9141fcb815d21717a14d6 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 9b1ffd45a0befe30d17b9c26f66a7b27 |
| SHA1 | b03b9db41517279a61b37ecb687b20efc6e2da07 |
| SHA256 | 6649f1ed0242005af2d91598a7d9105c74db879734eff651047c6c5b8d4b0f11 |
| SHA512 | ebb616fc08836fc1fcfa4f476c4aec135e65a6c49a3171b1e6c6f2877c24be076b9bcdf50dc89b762ac2cf1611f252cba7804b4fb68f69dbd79aeea336a33209 |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 068ace391e3c5399b26cb9edfa9af12f |
| SHA1 | 568482d214acf16e2f5522662b7b813679dcd4c7 |
| SHA256 | 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485 |
| SHA512 | 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03 |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
memory/5972-1547-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
memory/5972-1920-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 3511c854564751c95d8546d6fed6dd68 |
| SHA1 | 4f635737f0627f7a8d10d31e7b865cce37f706da |
| SHA256 | 164c2c3fa153d88c392a7015d24c446bef45451b058ee75a2c68cd2df07379d4 |
| SHA512 | 59c974546e551e2008eadb17d709a8f7090e6f8cd1ac065822aea59dd15ae9be9b41422cb24eef7a395834ac11590eccc343485129baeb46fea4535dd12ce63a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5a45e222e7c2c7dd320a72320ac97e3 |
| SHA1 | 57a938d0887f21aeda8ff2b23538f0467601ca5c |
| SHA256 | 0262d09f2b5fb4ed7af78b05c6b3a2f78a37eb2adb8a9580b7ce3efd69e9ad61 |
| SHA512 | c9e5a62a13753f67e83bebaaa39463a0bc792d38956da2ac36c8078c439879e21ef7a6b212991efe6da4294822517e57fc72a3d6233d0f8bc6209d70e41a6bc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8bccdcf14f21d90d97e0af151371b0c0 |
| SHA1 | 2238e4a351c74b308be8a72041e7d6795afd21a7 |
| SHA256 | eb5cef90f32666fd45212a66784a0e02b778703c517f7c96cce940215a4cc297 |
| SHA512 | 4346bee3b99f8f0a61a52af0b4e32c51d81d9296f37ebb7860b048bd36e75920e305030b83bf67e1f51bd36b923e0cee574bb5de8e5d2d9410b6869370ecc37f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fa3d571bc6b1458d55a333543f5ee244 |
| SHA1 | 11171817c99f3b8cd7f0e69a28955c9ac1adf4c9 |
| SHA256 | dd0d347d72beb08016c94b23488c9bd21dd06f2d97f6e6e362f53f0197e32a2f |
| SHA512 | 45af051342a9cf5e2aa91bc44575de3e8977fdcb2489c01b49215e7e5fd45153a9b95463faa3c13a41ec5bc9092652806d6853011700a49961348aebf6e38f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe061cb8ce5ea375e82f8cedebe58639 |
| SHA1 | dd0dc4ec6f84512bc23c3aed8e887b212689667d |
| SHA256 | 5b9cf087aeda97125c815d3707ee2d9b866680aadeaeebf50304de24c1d2dcd0 |
| SHA512 | a2a5538ef5e9bb443b6e6b6ab8e6cd3b8e3b61d5e19ebe32555b1fbf15e292a12766080c72b7052af04310e725f0f65f9e1e56498057f416d9a4cb0e4d72392e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8facf089438587bff861b76617085740 |
| SHA1 | 0da09a27ed786ce38d3ddbadf18a6156c023f503 |
| SHA256 | ac2e790b73dd7c624399d7cf5d9bb3e93969b777f4d756be44400a0f03a361ee |
| SHA512 | f2e23192056024449c5e2f572e00482857285a1ef83d373f079b163bec005a22b3c0c2a9ed35bec742dd764172849342028e674bec5b2fafb73f72996e57892e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58a1815590e0e90502c1991a19f03201 |
| SHA1 | fba0e4a3b4ac797003f4489c4554d587aa09b49d |
| SHA256 | 171699e53b817e1ee2223a11c9e672ee161a67cd33a0e50fa0e1b18f7ff6b919 |
| SHA512 | fa3ef9789b6b511d28db9474f12b37b0206c828865162c3c2b3d3ed4cc10aef360c09ec92a27364722ac3b4760c1280165b0b809031f7e5a57e0b7c782a82810 |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 69bde2365eeedd858a8296b392dd7b8e |
| SHA1 | 5c485c57193b95527c5bbeb68ae635c8fdb9c56c |
| SHA256 | 5801deb1313aef8d3ab3804c48a7b9dc69903f6cfaf3af02165a8bac4dc69b17 |
| SHA512 | fbe057a13adc132b70b859bb25944e3526f590320c9cea00b6e015ecd80cfd34ec46c602546b419232aa947d08d934a6fe6910d1c944fdee55c5c4534b52a191 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 50bdfa81ca2779d6e2b1f76de260cde1 |
| SHA1 | 00ede6b5c8ed04cd2d68e600e33337725408a8f7 |
| SHA256 | 3f9c8a524652c1f9f6b1918deee92643d6b0812b3e6fc6d3a01ff9323ed51004 |
| SHA512 | d291a7ff52853cb6a87fe60a0e7990f9068a461d7567e2dd507c587a2b20017ba8dc808ea21c57a0b9cb96ddfe18579315b0c824aeedfc05bf8b24a903792617 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f49fdfeb4247643f91527def8836349 |
| SHA1 | a5a5f4c466e8899453613313d05ef0f1b0faf879 |
| SHA256 | 39a1c727726a60b960205ecb62dd123366a7e5133f3eb0036d69925a9638c89c |
| SHA512 | 3feda16f8d644ca6589d60573a130614f4fa51f600e0bc3ee90834b54938f451a8ffc8f8bb818600c907c5fd18f881f1caf6a2b0ec35ab2833b2b98d4530dad5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd6bfbe41f4822b2ead0112d7fbb13fb |
| SHA1 | 7a139350463ba0beecb487dfc6933f53157efc04 |
| SHA256 | b21dc9c5347371c5e4d285de81226caa1d22e6163dee59ee43a5db70e1cbefb6 |
| SHA512 | 722d22f938da055c0078ade9911c6647f9379b0de4e20b26ecff63d0db5db960f3e609f25204b17e2d7bbb0e3236d2084120a7ab6a63158657d743575be5fd82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0274f94b4369af4c84e988e53cba0c50 |
| SHA1 | 316a7eb81778c484b8ee18f56452b266cff6d398 |
| SHA256 | 787ee15c4c4e34c817a9a95bd361b4bd036051e64600528c9edcd84a25ae8718 |
| SHA512 | e55f6cdf60162caf669cab625825972e51c33ee11a579b1efe8bcdb3df79339f55f267422d9b94f85ee08e8a38baff12efbf413b690a3f05b2dd6357590ffb98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fb9e803630960304f1c120e622c38569 |
| SHA1 | 3bdce71bb841384ec686d778cb23881fcf5bb088 |
| SHA256 | 9a5c2d47c1b5c2811e1ad7b99b9a75d244be52dd851db6f071fbd43f337c9e00 |
| SHA512 | 07413bb824d77c52c283e1a404859dd4c1253fdbf2d224c750b5879b560651ef5227bf865dae33db00f91b66a50c72e922ad46e1561583fd3241de35ea62d884 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2993a9f4d42befb03381aff5215d3ce4 |
| SHA1 | 6ca4be2c953bfe62715dae694672078a6c0d2294 |
| SHA256 | ba945c37c37338aaed891088674c8d57db40c3b83a8e6ce61d544104d2f55dfd |
| SHA512 | 16c7d56a9167f9fcbbc68cccd194786892d9d366a175d8c5622ee0e53f60b3470b0af45bde8a60e6e3b87131d085f7ea6f7a19d05c3db8b819bb6463e669f64c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6a6bda80dd11e1fef44ccc98d477277 |
| SHA1 | 88c64b31fe010c4f977ad1b1cf1ae12b5cc3e8ca |
| SHA256 | 8c9ee9868e500903d18b8372d4673855cfa511b0c9a1771da007589d64210493 |
| SHA512 | 2554c3936b935ab0bbbd4aea57910bb28e01746bb31785c3dd799d04772d836b6f8625ca00b37419686b2db3a06d4f9aa3d8877b3c54242e5772ff363ba46332 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7c82d24b1fb1a475e6c579fa2647d291 |
| SHA1 | 16258622fd06d4ec1e280e326f988f5e01862c42 |
| SHA256 | 1bc788ec1b02596baf9a5fc7f0bba2f860be94c8350077d6719d387e198a634a |
| SHA512 | 448e709de9b5bbeb901be270b2e42f903bb8c228f8ca0ddc2241b2c13a950721a65a457b8827a99833b4b35bcc7348b4e1111c439d2d0d325309748f509dc49a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6337d8c22736fd1b39b1781b83fcf4ed |
| SHA1 | 52d0a315c205e0f251ebc737d213db2e4694e218 |
| SHA256 | 8c3ce403b4cee88454adc7711f63a86d0abe816da722eae711da05e89ff6d8f2 |
| SHA512 | 6996bdbdf2c3d8e594d7a273386a892e73426b77f5b8aee3a7c18dd0e8a1f291c8fbd8e37a3efe8f6ff5b11ff6cd871e83d50c2ac276404618cbcac9bafc0a6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 7d0e72a5e00e5a7827904ecb649b7333 |
| SHA1 | 0a3345d1c2056e532148cc7b7b53dde893690b4f |
| SHA256 | 4d5ad677fa9917aba64646f6c298bc0eb28f94deec5dee9a6903b3434ebc980a |
| SHA512 | b887b9c4712deace98eadb34acdd7000db3b3bad8e41dc8de02ea2776f69973e2e7f47f5fc407fb850dae8a81662869c9d87e7788e8d56f5504f404b40a77183 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 14cf834722666491a1f2b2868426e32f |
| SHA1 | 0dd830e042092830c980178453a1a9aea5592be0 |
| SHA256 | f8b2d08581788e38f885005ba4a5f7fa77c2a0cc2efc680041aac6b21a0cf4ac |
| SHA512 | 1e8194be6e9f0bcdb5b57b5da3904dfb95bfeb9d9951ee763436f2e92340dd63e42e0e519a532f19f80b7c64c2e96c5dd2b34d709139b9141b8d7bbfc7ba9507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | fef291823f143f0b6ab87ee2a459746b |
| SHA1 | 6f670fb5615157e3b857c1af70e3c80449c021aa |
| SHA256 | 2ccc2b4c56b1bc0813719c2ded1ef59cff91e7aeb5d1f3a62058bb33772b24be |
| SHA512 | cf28068cc1c1da29583c39d06f21ffa67f2b9a9c4a23e22cbfe98aacae6ddc3dde1f8dab7eaef371dc0a2230d21cc8fd41653fc5d812b14c389e07f5ef7fd5c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 253a356d4cf0f8be6526e2bf748f5752 |
| SHA1 | f9dae621348bb7825fc52839a5f0ead7f9b24e20 |
| SHA256 | 3476996d66e9b61dc2f6dec6bbd715a6bdaff07771721884cce0221a76da25b0 |
| SHA512 | 3d99f4f7059ae4c0b7eaed5aecb0f1b660427cafa77c321783ab59a698e5804699e10d447116b0690443df847b7223450cd728b1cd1aff956a90bc1e311e7300 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | c6334512044b038e1299c4edd3654bb7 |
| SHA1 | 490f7cd5c7fdd875227c49344de31a2ca58f9335 |
| SHA256 | 3724e559397032d8851ed76802b57fe479e56925d63e5d760aff536b9249df47 |
| SHA512 | b4c9d98a802525ee82dd8a0de6f07fc77c0243f7d001aca5d54b2ec71325119be45aa4e1ef5d1d035d6237ea9dcf2c976fa170550942c50b568326157d7bfd7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | f8325a908debef86e92219bc73da5fb8 |
| SHA1 | e99427becd50ef30607ccc72a1e88159bbd6a835 |
| SHA256 | cee02ddf6f555f84f1f11fecc4594a3d2d71c1486fbfe79de31bb156f6659e5a |
| SHA512 | b38d9fca5cf3e6cbc092989136a7dbdf143de3485c70cbd378e27a504af8a56716935092364cb77afe73e0cc9caec963853838654d029ade2a8265005907f992 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | b40f185cda34bcab137acaeab2afd3d5 |
| SHA1 | 05cdbac403f5aff64ca40d9bf4f1e7040bcf0f72 |
| SHA256 | 2ac410486727a5e4440c49cde4233e292deccd7dd84d70c81fd8951f0e51b9ea |
| SHA512 | e61732fd70b169b901dd4323132d9c854772e416639ec7b21984c96c6e94f5c77cc1a098265935135f59da15bc2c428e409c3c0209eca4c1415df3e0d42a63ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | f3dc9a2ae81a580a6378c5371082fc1d |
| SHA1 | 70f02e7dd9342dbc47583d11ad99c2e5f487c27d |
| SHA256 | 230189617bfed9ee9f2ac01d11855b9a784d0b6481d3411693db7e1c10ade132 |
| SHA512 | b1266043a310a5fe5834df6991537b61803ab14b737546a87dd422d2bce7277307973963a6cf4cac4a2a6030831611be9333f8ea4e56ec3d11b70313d30dc3d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4942f167-d9d9-4306-ae70-733017398c9d.tmp
| MD5 | 076256cca0fa7e4d6bbe6b4a44c73b9d |
| SHA1 | c51b4130eba57a9d27b68dae1e30ddbce89737f1 |
| SHA256 | e32eca729fd9f3ed1019f273762dd1cd42e1ebe15c2a3bb9dc11dd2369c55b32 |
| SHA512 | d82a6c7f1d71a3bcf4d49bfae0c4365f27326e836ac19b48cf1f6c15fd9a9ffb838dffc8bdabcd14230f20728874cdbcfff1bb8324789b040a7ff3f16f9ff744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07df47b04e0ad250fc4361fdf2a4bae6 |
| SHA1 | cf7ef04774304d6048034939efcaf26bd2fa3c34 |
| SHA256 | 40342f322b5c7a4ea862b897a7ef6903005a6658590560759d105cc019e265e4 |
| SHA512 | 872a1ea7ac1a77e5430d6ee01b5c24d5daaf468a0c6d509ad479db1cde02b68f02338ed092a6fcb26ffe8b359fef348f14b9269e9ea11db3c93fc7b5e833e35e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e5c3fbef846c34a516be96493d35491 |
| SHA1 | f7766d33141d5b5e6bfc5eb99088d9b8b6426239 |
| SHA256 | 3be08d8ac1c19e0014fa76d4a579afe41537f9982a5832235fcdfae404ced9bc |
| SHA512 | d377a7e3c52fbb8037ea76ba19304fad349f7cd1434988c4463f37cba4a41660d29ba4a985a7c5ef4a970dcbe00f137043768d2be0ac1260f86083d727af2fbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e5e9414890a4416953463ea7c3c3f487 |
| SHA1 | b0623659e0b2a7eaaea60442cb8f6d9e0ba83511 |
| SHA256 | c6f129cdebca76200cf4b27ff3662bb2117a779ed16592a76a6ed88415e2d394 |
| SHA512 | d39dd8af2ebc4cdafb2a4cd90153d88f420d3fe8dec0eff86a3ea5070811de2e65ed990184abf87d18e7ed0d92ff5bc9b1a33aabe2bd7e1648aeaf5468cbc29c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 546e8736eb58d9369950b2db84dc5d0e |
| SHA1 | f1f3af92d41a3f12b5fabb0e65b5d44e406fdd7d |
| SHA256 | 2e85189222faf12781a46aa6e05456d9b775fce5dbb20403cb3243b18360424b |
| SHA512 | cd98f4f4912ddfd519c988b4284a37a3d4f5f91fd375ee17f4263a11da913f3163f70f85fc599bd58f7ab61158aac47207dff6b849c949242e991bc01bde290d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8896c081d5036182b67ec59c2a5f1cb7 |
| SHA1 | 047d194a6e09967a5b5fa7a583c2102c13678339 |
| SHA256 | a116fae7ccc423c2681c5efe410e87afeb802dcb406f82bd6906dc3ae6760644 |
| SHA512 | da887cca1ebce41ec58bcece16a2431099eb16d052f25795a0c8f1ecf5a8785766e9bc537c8761c5f18155f846268ae571ccf51687a37302ab29703ea8ee4555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c54bc84f0b41c89b11621455fe51697e |
| SHA1 | 2b93a8c79a85b5c811f9b7fad356a63511b6e520 |
| SHA256 | 26ff200970811e7d478b7471ab0ae94199f154a62bea25fdeae778f67ad5d092 |
| SHA512 | 94018e2d968bb5c53652e8c69ecc6ea62a9edbf4a1fdb36f0597be1709cfeb228613684a7387ff17049f6637a4e1f766dd4c6260c6ebe875b1ee2966d82ad385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c16881a220dcf67bb5500486b303d657 |
| SHA1 | f0eb833e7cebb45c31e0d0015a158ad3949d7da8 |
| SHA256 | 8e44ae21ffc44787f2bfc8d95f270b48c02dc0ad5955e5c94396e75b2f037113 |
| SHA512 | ee99eacfe839cb32f7615921b83be2cd0cb9905f6b68473a8b978527c438c7ab027884701879ec945e31f23b32b412ea4fc343a094cc41fc77c2024efd0c04b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b3a3c9ffe28d1cb34ef5bfdcfa84b6c |
| SHA1 | 933d9af7d773d677a461d7cc89e1399765df2ee3 |
| SHA256 | 67ac9ecaec9f30453cdb1ed84682222365599733f6d2228d9e5c1bc24debc5d3 |
| SHA512 | 94725066b4ff992e81588f34b1424463883adbc6de4389b4179970139b5a4b2debd015331708eb3ef912b4e27ae07b883cdfcffcf6b5d4165e86d56255b9a251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3ff302bb76a01b0b0090286bd1b20822 |
| SHA1 | b7f8f0ab1d336dfd888bb81f23f0c117fc8a3a71 |
| SHA256 | 86fd3508e4078c9e10a51a7ab12cd71da53d4c5557275c4e6f796aee8e3c53d1 |
| SHA512 | 204391ffc132ee14326e7e623d7c0de6ef6b9b760db6c259a0049c9ad3b424d8f957d4d939789e95fae8d2c74362e3f1920507f59c96895475493b9d110aea28 |
C:\Users\Admin\Downloads\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.zip
| MD5 | c66d5e22f74180661f7e67a7c497bbb3 |
| SHA1 | cb442c30482f8d58b10fd71d0111374f76bb0344 |
| SHA256 | 2895fdfbd356e42fbd3149c5469545c67c190d3132e3db8193953a0732de81eb |
| SHA512 | 7e7bc279066393f16bc22f7c73a7f8f484f9e7ff386f16d20b6cacb4b4bd20a355fd1a0dd29ae275ba238d02dc01c0c1f53e7469880fb4cf1b4a94412f8f7873 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ea458180a10c53ed6d94591655d3128 |
| SHA1 | bcd5881003086067d0fdd40b6982bd031ccfe046 |
| SHA256 | bbd519e5ee7b8c7675f0b6f97d8c639fe6338866824d7084f69dd63c49914b8d |
| SHA512 | 58673d8ba9a80282b1c2c067eba19904f71ca4d420c425cb472f17a1b18ddd885edf4857c553a12af6b8427c6eafb5aa748caa54f34604b6f07984089e4cf7ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d2a1a5450c684576558dc19423e8c25 |
| SHA1 | 835441c32134aae22b6ff304157ce9d7828d76eb |
| SHA256 | 9862940b092c9ba2a9979aa33bab086da0f3067a4f772a3aaa5b938eb8aa0afa |
| SHA512 | 10486a4a3e2ddf90eda686b00dce77b56b750384d4a8d97eb8956ef240b8489f3de9f14e86647c27de23cb8d11f8a91a1e37f080a1d1df5f0fb7bc9f15a493c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c3dde20971b0b062223914d24533d51f |
| SHA1 | 23a935b085118de2982e1d35d7839e3de05d8bcb |
| SHA256 | ae5e5bf72d0d3b28542c2c16eb103cd9063a904a5a356d2ae09663a3a23afae4 |
| SHA512 | 6f4dd5eed2f5aa9a59abefc8019ff84030e94569ac2e18367f7fbb9178f45a55fc23a1cb9335d846308d5609581aa9d5f497028a41f4356a35d669226fe29c09 |
C:\Users\Admin\AppData\Local\Temp\7zOC4D13547\68ce0b654df185f888ce7bc64305873778b4090e38abe5b933ff6cc864194753.exe
| MD5 | b30ffcfb5f88625e8b529f45969d7b1e |
| SHA1 | b0fb64640b13d07e1679024bf1df0a492323d4ae |
| SHA256 | 68ce0b654df185f888ce7bc64305873778b4090e38abe5b933ff6cc864194753 |
| SHA512 | 502d57a1862333c0b56094695c152dbc1759e279771af2905e3f32838d36394807dc759c058a3804339d0e7931cbdb939c9632bfd34274de40d391b8c587f1c9 |
memory/5896-2483-0x0000000000CC0000-0x0000000001042000-memory.dmp
memory/5896-2484-0x0000000000CC0000-0x0000000001042000-memory.dmp
memory/5896-2485-0x0000000073050000-0x0000000073800000-memory.dmp
memory/5896-2486-0x0000000000CC0000-0x0000000001042000-memory.dmp
memory/5896-2487-0x0000000005F10000-0x00000000064B4000-memory.dmp
memory/5896-2488-0x0000000005A60000-0x0000000005AF2000-memory.dmp
memory/5896-2489-0x0000000006AE0000-0x00000000070F8000-memory.dmp
memory/5896-2490-0x0000000005B50000-0x0000000005B62000-memory.dmp
memory/5896-2491-0x0000000006600000-0x000000000663C000-memory.dmp
memory/5896-2492-0x0000000005B40000-0x0000000005B50000-memory.dmp
memory/5896-2493-0x0000000006720000-0x000000000676C000-memory.dmp
memory/5896-2494-0x00000000068B0000-0x00000000069BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zOC4D8F977\14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7.exe
| MD5 | 3947778745430bead87058e4e6b535a5 |
| SHA1 | d90bb839d36126d9b1d62adc7129d89272ec230f |
| SHA256 | 14794265b2e4b9df89342301d6c86831a72435f143b2493c02d323f028f93cc7 |
| SHA512 | 260c95c24b2ccf1a30dcb3eef2dfa56942d3868394d8c473f62b3edefdcf9ca61d3165983f3960d8a629ba929e81641372b1bd1c08b79c4d5b3712eea702cce5 |
memory/5864-2506-0x0000000073050000-0x0000000073800000-memory.dmp
memory/5864-2505-0x0000000000280000-0x0000000000380000-memory.dmp
memory/5864-2507-0x0000000004AD0000-0x0000000004AE0000-memory.dmp
memory/5864-2508-0x0000000004C50000-0x0000000004C5A000-memory.dmp
memory/5864-2509-0x0000000005770000-0x0000000005916000-memory.dmp
memory/5864-2510-0x0000000007850000-0x00000000078EC000-memory.dmp
memory/5864-2511-0x0000000007810000-0x000000000782C000-memory.dmp
memory/5864-2512-0x0000000009F90000-0x0000000009F9C000-memory.dmp
memory/5896-2513-0x0000000008A70000-0x0000000008C32000-memory.dmp
memory/5896-2515-0x0000000009170000-0x000000000969C000-memory.dmp
memory/5896-2516-0x00000000089F0000-0x0000000008A56000-memory.dmp
memory/5896-2517-0x0000000008DC0000-0x0000000008E36000-memory.dmp
memory/5896-2518-0x00000000090B0000-0x00000000090CE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp5B81.tmp
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\tmp5BA5.tmp
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\tmp5BDB.tmp
| MD5 | 71aedb906d07a830d67e43d5b1d68f76 |
| SHA1 | e92770a6cfa22f604aeae6dc8e9032b4a1a180df |
| SHA256 | 2d48f546bfd7869be07917f49b1c0b19168db1fa02995350f15e0442a1f94cbf |
| SHA512 | 77ae5465bcf15cf21a034482357d1958e023eb2eb1c6b04f965d136ff4abd380c8cf3d7d913205aa87c7124147c4cdaa53770285029a7bb9bf77b7e94e8530ee |
C:\Users\Admin\AppData\Local\Temp\tmp5C06.tmp
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Temp\tmp5C0C.tmp
| MD5 | a52240c38dae44eb21fbbb067d4b22f0 |
| SHA1 | 4e40cf71234a8940db74fd665bc5ecefc55bdc12 |
| SHA256 | 12b35d91452cd2c974319375c40ababb022c6fd81452d8e11d723d5c2e6290ca |
| SHA512 | 0e5ac2e6b64e8816f66d04c09d103389af8b98e7c572293c37a6f0f9ac75f574d61ffcf5189742cc7469e30e2a25f5712a46eefd429d568d6d122a73aa4dcc18 |
memory/5896-2630-0x00000000096A0000-0x00000000096F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp5C9B.tmp
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Temp\tmp5C80.tmp
| MD5 | e2f102d3c80436926c81c46bc46bbfc9 |
| SHA1 | 11052305627c9f65a9f280b70c410aef8221c8ce |
| SHA256 | 23de7842685e1fbfc23262072c83f112f298cf9576385b850db881a8456518db |
| SHA512 | 82abba1c2b43dbf15245af138c27dea341aeb4b8e77da2e67bed01838e76817c4762af33800cf34cc705410134cbe785c9d60e989d2d987d023948bac530ce18 |
C:\Users\Admin\AppData\Local\Temp\7zOC4D44F17\94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d.exe
| MD5 | 131c882c85e39c5a7725faf5e4dd9b76 |
| SHA1 | 4f9dc9c53a54bd636e07bce1a9a224513fd40304 |
| SHA256 | 94719056109fa3a6ef4bbb4830c9ba4046689dfad6ee285b8eead02b372fee1d |
| SHA512 | d7c6225051c8703a5b538e8fa0c8da54766ee699d944193271cf7513cc4c01b43efbfc52ec75e747daff0270ac2e7babd915a5862af97d0bb98b45c296d70128 |
memory/5896-2729-0x0000000000CC0000-0x0000000001042000-memory.dmp
memory/5648-2730-0x00000000000C0000-0x00000000000D8000-memory.dmp
memory/5648-2732-0x00007FFE5E2A0000-0x00007FFE5ED61000-memory.dmp
memory/5896-2733-0x0000000073050000-0x0000000073800000-memory.dmp
memory/5648-2734-0x000000001AD60000-0x000000001AD70000-memory.dmp
memory/5896-2736-0x0000000005B40000-0x0000000005B50000-memory.dmp
memory/5648-2737-0x00007FFE7F970000-0x00007FFE7FB65000-memory.dmp
memory/5864-2738-0x0000000000BF0000-0x0000000000C02000-memory.dmp
memory/5864-2739-0x00000000062B0000-0x0000000006370000-memory.dmp
memory/5244-2744-0x0000000002C70000-0x0000000002CA6000-memory.dmp
memory/5244-2745-0x0000000073050000-0x0000000073800000-memory.dmp
memory/5244-2746-0x00000000052F0000-0x0000000005300000-memory.dmp
memory/5244-2747-0x00000000052F0000-0x0000000005300000-memory.dmp
memory/5244-2748-0x0000000005930000-0x0000000005F58000-memory.dmp
memory/5244-2749-0x00000000056F0000-0x0000000005712000-memory.dmp
memory/5244-2750-0x0000000005890000-0x00000000058F6000-memory.dmp
memory/1968-2757-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z45pvvkm.rau.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1968-2751-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2759-0x0000000000400000-0x0000000000482000-memory.dmp
memory/5244-2765-0x0000000005FD0000-0x0000000006324000-memory.dmp
memory/1968-2767-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2769-0x0000000000400000-0x0000000000482000-memory.dmp
memory/5864-2766-0x0000000073050000-0x0000000073800000-memory.dmp
memory/5896-2772-0x0000000000CC0000-0x0000000001042000-memory.dmp
memory/1968-2773-0x0000000000400000-0x0000000000482000-memory.dmp
memory/5896-2774-0x0000000073050000-0x0000000073800000-memory.dmp
memory/1968-2775-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2776-0x0000000000400000-0x0000000000482000-memory.dmp
memory/5244-2777-0x00000000065C0000-0x00000000065DE000-memory.dmp
memory/5244-2778-0x0000000006670000-0x00000000066BC000-memory.dmp
memory/1968-2779-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2780-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2781-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2782-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2783-0x0000000000400000-0x0000000000482000-memory.dmp
memory/5244-2784-0x00000000052F0000-0x0000000005300000-memory.dmp
memory/1968-2786-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2787-0x0000000000400000-0x0000000000482000-memory.dmp
memory/5948-2788-0x0000000000400000-0x0000000000478000-memory.dmp
memory/4952-2791-0x0000000000400000-0x0000000000457000-memory.dmp
memory/5948-2792-0x0000000000400000-0x0000000000478000-memory.dmp
memory/5244-2795-0x0000000070EC0000-0x0000000070F0C000-memory.dmp
memory/5244-2794-0x0000000006BC0000-0x0000000006BF2000-memory.dmp
memory/5244-2790-0x000000007EF40000-0x000000007EF50000-memory.dmp
memory/4952-2808-0x0000000000400000-0x0000000000457000-memory.dmp
memory/3924-2812-0x0000000000400000-0x0000000000424000-memory.dmp
memory/4952-2813-0x0000000000400000-0x0000000000457000-memory.dmp
memory/4952-2814-0x0000000000400000-0x0000000000457000-memory.dmp
memory/5244-2807-0x0000000006B80000-0x0000000006B9E000-memory.dmp
memory/5948-2797-0x0000000000400000-0x0000000000478000-memory.dmp
memory/5244-2815-0x00000000077D0000-0x0000000007873000-memory.dmp
memory/4952-2816-0x0000000000400000-0x0000000000457000-memory.dmp
memory/5244-2825-0x0000000007F40000-0x00000000085BA000-memory.dmp
memory/5948-2826-0x0000000000400000-0x0000000000478000-memory.dmp
memory/5244-2827-0x00000000078F0000-0x000000000790A000-memory.dmp
memory/5244-2828-0x0000000007960000-0x000000000796A000-memory.dmp
memory/5244-2829-0x0000000007B70000-0x0000000007C06000-memory.dmp
memory/2020-2832-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2831-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2830-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/5244-2833-0x0000000007AF0000-0x0000000007B01000-memory.dmp
memory/2020-2837-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2839-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2838-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2840-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2841-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2842-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/2020-2843-0x000001E4523B0000-0x000001E4523B1000-memory.dmp
memory/5244-2844-0x0000000007B20000-0x0000000007B2E000-memory.dmp
memory/1968-2852-0x0000000010000000-0x0000000010019000-memory.dmp
memory/1968-2856-0x0000000010000000-0x0000000010019000-memory.dmp
memory/1968-2857-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2855-0x0000000010000000-0x0000000010019000-memory.dmp
memory/3924-2861-0x0000000000330000-0x0000000000330000-memory.dmp
memory/1968-2994-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-2999-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3026-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3027-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3028-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3029-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3237-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3238-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3240-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3241-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3242-0x0000000000400000-0x0000000000482000-memory.dmp
C:\ProgramData\remcos\logs.dat
| MD5 | bdbe4ae8791717246cb2db5e67263f70 |
| SHA1 | 4a3931f01eb9cf44309c25b138b2bbdad839cf3c |
| SHA256 | 275b4467f66597123187c8dd281e864d5decba0673195e59286170149333d86a |
| SHA512 | 647ef953c431cf4df6a64acac79ce8656cdf296c0f49b1563ff80b267dd1cd0c6f91eac89851e09662aed75509a04cca7b304f95bef0d795636e0fb8d50ef4f9 |
memory/1968-3249-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3250-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3257-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3258-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1968-3263-0x0000000000400000-0x0000000000482000-memory.dmp
C:\ProgramData\remcos\logs.dat
| MD5 | 2ead6d08c39088ad739ffeef0b063354 |
| SHA1 | 3127e0f2796dc881c94e6556c35c2a7d3b1d5350 |
| SHA256 | 53353b1c172bc974f726211a7bb0b61e1120b3b7f45f002a4b2745ab3922166e |
| SHA512 | 7045558d0d5ecded7d6d2b68843114c4dc119a2a068a38e3019359eef3bbed5e7c60d280234de21205cd764e1d4a3902819961cec7b3ef18fc61a78ca4dd5380 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4700d2d67e1e96d6c67ceeb714d36480 |
| SHA1 | adf1f94c1e8ba585403606fa36ab544714868fc0 |
| SHA256 | 1540f0d2184000ba4a771d04b359bf6a0262fcd6395d4893e8db3b99a54d2f30 |
| SHA512 | 8a04de975efd594f7cfc849989d07b3cc03fbc3c814cf97a418f1980fb5865d894f869f46856349d97a6f4752a46b53557a355d282729fa243521cf8c3ec13fa |
C:\ProgramData\remcos\logs.dat
| MD5 | 61be12acc9e6fe8e286e11442691ef8a |
| SHA1 | f90667d627aeefe8e1f265b241228d923625cef3 |
| SHA256 | d7c83032e08c083cf043d4c87d1c15768016a9b56c792f53d111e9853381ccbe |
| SHA512 | e5c352af393da520f47a2fdadf7dbe7e149ee941544e2ee9c765483dcf83a9df9d46d5ed37675b16dab07e2ba587ca6f6f496d06b801f43703134e7acfa3b10a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | a06da7f0950f9dd366fc9db9d56d618a |
| SHA1 | 509988477da79c146cb93fb728405f18e923c2de |
| SHA256 | 5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29 |
| SHA512 | b53d839c5464f7a2904cabcd1e7d6456e2ed1702254450833fc586f4b3a4e6dc07c24f443415a2710e241af8d2dda1b9c17f050045e76501e9b5aa2cb4801ea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 204f4aeab596620af7d0258bff839c36 |
| SHA1 | dee4fb828fad5c4e1fbe459141d7839ea8532bdf |
| SHA256 | 7388cac3c98f689f5b7e344001bdc3eb12ebebd9f99b079053043f7dca10764b |
| SHA512 | 3afe9317b8fe800189eca112c4a1b1587de4012d98faefdaa1588615dcb3387e5fbd6708aeb2f2abd4491739ef6137bc6cf2a96d875ee9011c6eb91d5c9ce555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 50b2a528faedeaa98ae583b7c936a281 |
| SHA1 | 392776233d8f915ef37674c5ed2ccea405af17b7 |
| SHA256 | 57c391feed8ddee7cd5585d551efdf01d10df002f80b154515687165264a9f2d |
| SHA512 | 183d4210c2dfa75c45f180619ad78bea804749f1d39059b67c559b36764bb983f703f3423969df75747a8146f7d69e86f047caeae4cdea82c6d1cdb671f9b6e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab49e6e9bbb3b7fbe964594476a109cc |
| SHA1 | d86d205bfe9f66b16b4f202447235de024a28fb0 |
| SHA256 | 90153837c6709f9883dd0500b0dcec7ef558a80231225fac40eb0aa4f517f57d |
| SHA512 | 34da10c50c7ad8af74cee6d7d85a4ce5b40bd858a87eea0c83e4d4a9b0e8614fae4408a8b9488a4e0a3c3b7bfc2a63a6f309f865c9b57be3162c25d63a4e0dab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | e6516fcf63e3b56f9d08a5396088609a |
| SHA1 | b63912bb4c8f49843bbf7163ca63d658d9da7f20 |
| SHA256 | d65a2cea73ae0709740f929a63d154847cb9db537577e738b408048b725bb8b4 |
| SHA512 | 541e3854debe8dc5a2f51b426598fc4811a0d24dce9559daa87b217bb3abcbef963d5bde06a282e136c9f03b18a58fbc359720623d44e916ecf048119f722e0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 78f6f4cd1dc1aaf94faa79d728e8cb69 |
| SHA1 | 7cdae2c0402562941b7e129f8f1244b782b13cfa |
| SHA256 | 58039383792652b18360482de83409f39d161255e11c0ba5f5e68d229e2e0a14 |
| SHA512 | b3221352e53f4b4ab47805fb692fa1e4a895857b0e06dfff266a7f21e6d9f4e3955f16325cc02c4d60e77b78acc9f2449252103b65d8168c01853a1f7d029779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d76e42f110f0e8f2cbd328d9a068bfc |
| SHA1 | 4316dffd9c6e4b6a129260efbff63ebd024df695 |
| SHA256 | caaa3677e8bb199a21b628a5c47a7ff503d65f82633048df4e5d0be9e65d1a01 |
| SHA512 | 4d8ee2577a6b908d70549c6a119d3235a3f8cc4e7b0531795d1c737f32d16fcb7519a5ad109bf4ae599060cafa3e3a79fb858f4d86d69e35a6a69b86de110237 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd031df6c0d1a02e57f34aca6c411cc5 |
| SHA1 | eefc90f06f203a4aa39af173b319224c61be44db |
| SHA256 | 3ba6335fc3e62935f1c0fb5f37f0237467f0cbbc8f8d802ca8429db6168fdec0 |
| SHA512 | 1ea66734a0fbf539b9189742568c893080b1ace5f946160ec03636a37b063e44d2f897df58e5cc4a78ccf1aa4fdb72ca5fae0c852de28256475e92784633efea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fdabd762bd82201f129cf0e94561957b |
| SHA1 | 5746611586d031b5de5398243f758564152b0072 |
| SHA256 | 9287f0947c7b3a002254c214e55eaee75b558415594a8954cc8888c7c647b0ff |
| SHA512 | 4b1780b5d5547a827b1de01aec72570bc77d906a4c462d1c9ae64d0baf01670ddfd07bc249033ed676ffba0063473a5fc2620bb44cdd9f1c0d10904aa6d790bc |
C:\Users\Admin\AppData\Local\Temp\7zOC4D43E9E\128568f3d106f5646d80885a44c080c3e8e90c3b061b16b1096bc97caa6a78c3.exe
| MD5 | 47f726656e3f00c0eb04283a249bb11e |
| SHA1 | bdeee37bb889edda3acf5cd34c7f59de4a58f5f6 |
| SHA256 | 128568f3d106f5646d80885a44c080c3e8e90c3b061b16b1096bc97caa6a78c3 |
| SHA512 | 536c4869582b0be1dfbd043579fea714f3ae55d0db4364977aada6746dd7164ffd94a38fd383f20ec6fadfba96551ae653b4f65d4bb44f79295af09cb873c634 |
C:\Users\Admin\AppData\Local\Temp\7zOC4D6FC4F\dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3.exe
| MD5 | a2e967bb7b16a6a7f0e74ec9033682cc |
| SHA1 | 4b59a0eb2004905c8c14506bbca1bf34b2e4dcd9 |
| SHA256 | dabbaed6ef1a2e69fde3fca24e85a909b3ae5aaf52a039f7167918ff2711bcd3 |
| SHA512 | f50f5498fa2a397bc8936299946a9455fbb2433dd77dc52aa6bdaa20c1f5cc5b4c681642b984284310cd360e551b3c61ae547fbc38fed44dd97c48c0860f0fd9 |
C:\Users\Admin\AppData\Roaming\defender.exe
| MD5 | dd18bce36b184e2901a8ad94e48c30f8 |
| SHA1 | 4a4ab8d0a064fbb8a85798c9f3cca2db8779d9bf |
| SHA256 | 8f3f9db39259dd1da7cc464765fe901516a5180d646c426e2f3867971a75faf2 |
| SHA512 | 423079c29547796b4c03810b6a6f78af8886fdb94450c480b501d34085192dfc1b73e0ac17b2c7b4f09c280b44a38a6783530dfdc0e6cde0b71e23571f4fe17e |
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp
| MD5 | 8708699d2c73bed30a0a08d80f96d6d7 |
| SHA1 | 684cb9d317146553e8c5269c8afb1539565f4f78 |
| SHA256 | a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f |
| SHA512 | 38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264 |
C:\Users\Admin\AppData\Local\Temp\$inst\temp_0.tmp
| MD5 | 53d3f0d0b6ff9b232893a7d77d0dcfaa |
| SHA1 | fd5898a7decd93fb1dcc847e8309e49b94c642a3 |
| SHA256 | 3b5d08e473d9456f30da44ae94880b5c97dd4a4a8bfcc9f9b3861d6a2f717614 |
| SHA512 | d0f6415d829082544105a105961bdf5afd84eae352f82c7e5c881860c418378b0914c566fac4718c9fac60e96d5e7152de1102a9073733e23585505817ad8b59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5cb37354d0576702aadab9ee74df8529 |
| SHA1 | 5f00b9fb4ebfb391e03d749f99beb6c3ef7bb393 |
| SHA256 | 03d1fd31481b606d520f86f1df2ff79189b5ce5a01cda1028718b71d6b70ab9d |
| SHA512 | 6af5501b9cb2fa5162c2a1350178afac452d3aa0e0dcbd50319e4fc4710e24204be4bee6da6156ea2d77e9a6ed3616733788b0cc6ce3ec050b814c29bb613532 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRC0001.tmp
| MD5 | c2280d3cf00dbb325e31de5329883535 |
| SHA1 | 02907c921c39d508327e64cca6618cdc3112e72f |
| SHA256 | 4b3c280f10ce0cc3c025a80b794a0a201541a076821df49b3dc6e9282196f156 |
| SHA512 | d4fe01f7f8af4d33c728c06e5857cae9327e62e1860b19069ce0734ed358feadc0a98989c9f70f7c6f71917db8e254c87aa4beaa78612f23f93f815401a692ad |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | add56ec49f8f478e84a934606effef1c |
| SHA1 | 1262ae87ef755e40752740df90d21352d5fc81ec |
| SHA256 | 22e509cf2b7202fc6b04c3d9a1b137477f11471d58a48c1f9514f89450217327 |
| SHA512 | c095f193d221696f3b087c3f224a559ad0efe4852a5392c8a3ab03f80183beec2a8327892aa481c85f1bf8165b76a029555f250e0dd5f396c823feacff4c06f1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 152c5c2cf1245547b0a40813c01a9f19 |
| SHA1 | 0c84538e42fde86a015e6c25e8cc295118740533 |
| SHA256 | 0f6edbe6895f46ec360942838c967d15674fa82254a912822ace02dfd698f85f |
| SHA512 | 2dbdd795ff8ca5e32f54473c47e44e0a03be78e045aa08ef16be566f3a08023b15e7992ce26364c5945e4f1a8c946af65553c5886d2e35cc1a7537f1cd872467 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms~RFe6fbbc9.TMP
| MD5 | ef22c8089ee68d4f81ddcf48b7b87271 |
| SHA1 | 317eac2adc9a20b52bdad6c695a76df0dd9362eb |
| SHA256 | b64091194fde06287cf2b2fda7bb864d4455200e3a3cf9d752e1666a2883d525 |
| SHA512 | 967fb4e52fcfbde13e18d31d7a228a1c991a32bb190165e81d23c8dcb3587f0dfaa25d450a386a8beabea4ea7f02176e1d30bc7e03dae2c777654b2fcc722e05 |