734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
1844s
max time network
1888s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Size

39.6MB
MD5

b949ba30eb82cc79eeb7c2d64f483bcb
SHA1

8361089264726bb6cff752b3c137fde6d01f4d80
SHA256

5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
SHA512

e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
SSDEEP

786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa

Score

8^/10

bootkit discovery persistence ransomware spyware stealer

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE

Sets file execution options in registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe	MEMZ.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	VineMEMZ-Original.exe
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	CScript.exe

Deletes itself 1 IoCs

pid	Process
6292	Installer.exe

Executes dropped EXE 12 IoCs

pid	Process
5036	MEMZ.exe
3932	MEMZ.exe
4084	MEMZ.exe
4604	MEMZ.exe
428	MEMZ.exe
2356	tree.exe
6292	Installer.exe
1236	MSAGENT.EXE
8180	tv_enua.exe
7696	AgentSvr.exe
7352	BonziBDY_35.EXE
4260	AgentSvr.exe

Loads dropped DLL 34 IoCs

pid	Process
6292	Installer.exe
6292	Installer.exe
1236	MSAGENT.EXE
8180	tv_enua.exe
3500	regsvr32.exe
6456	regsvr32.exe
6456	regsvr32.exe
6932	regsvr32.exe
316	regsvr32.exe
7128	regsvr32.exe
6192	regsvr32.exe
768	regsvr32.exe
4072	regsvr32.exe
6724	regsvr32.exe
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
4260	AgentSvr.exe
4260	AgentSvr.exe
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE
4260	AgentSvr.exe
4260	AgentSvr.exe
4260	AgentSvr.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DesktopXmasTree = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\tree.exe"	tree.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	Installer.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\SETD65E.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SETD65E.tmp	tv_enua.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png"	MEMZ.exe

Drops file in Windows directory 55 IoCs

description	ioc	Process
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETD4C3.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETD4F6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD4F8.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD4FD.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD4C5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD4C4.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD4FA.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD4C4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETD4F8.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETD64A.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETD4D5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SETD64B.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETD4F7.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETD4D5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD4F6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD4FA.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETD4FB.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETD649.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETD4C3.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SETD4F9.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETD4FD.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\INF\SETD65D.tmp	tv_enua.exe
File created	C:\Windows\MsAgent\chars\Bonzi.acs	Installer.exe
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File created	C:\Windows\help\SETD4FB.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SETD4FC.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File created	C:\Windows\fonts\SETD64C.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETD4F7.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SETD4FC.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD4D6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETD4F9.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD4C5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SETD64C.tmp	tv_enua.exe
File created	C:\Windows\INF\SETD65D.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETD649.tmp	tv_enua.exe
File created	C:\Windows\lhsp\tv\SETD64A.tmp	tv_enua.exe
File created	C:\Windows\lhsp\help\SETD64B.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETD4D6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F95-055F-11D4-8F9B-00104BA312D6}\TypeLib	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabPanel\CLSID	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ = "DSSOption"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CurVer\ = "MSWinsock.Winsock.1"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ProxyStubClsid	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\TypeLib	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\ = "0"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\shellex\PropertySheetHandlers\CharacterPage\ = "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\VersionIndependentProgID\ = "Agent.Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Control	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE2-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28E4193C-F276-4568-BCDC-DD15D88FADCC}\TypeLib	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\ToolboxBitmap32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCommands"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A1-C5AE-11D2-8D1B-00104B9E072A}\TypeLib	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSOptionEvents"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28E4193C-F276-4568-BCDC-DD15D88FADCC}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CPeriods\Clsid\ = "{A031FBF6-81A7-4440-9E20-51ABB2289E4B}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar\CLSID\ = "{66833FE6-8583-11D1-B16A-00C0F0283628}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBDY_35.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3932	MEMZ.exe
3932	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
4084	MEMZ.exe
428	MEMZ.exe
4084	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
4084	MEMZ.exe
428	MEMZ.exe
4084	MEMZ.exe
428	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
3932	MEMZ.exe
428	MEMZ.exe
428	MEMZ.exe
3932	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
3932	MEMZ.exe
3932	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4604	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: 33	2812	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2812	AUDIODG.EXE
Token: SeManageVolumePrivilege	7988	svchost.exe
Token: 33	4260	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	4260	AgentSvr.exe
Token: 33	4260	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	4260	AgentSvr.exe
Token: 33	4260	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	4260	AgentSvr.exe
Token: 33	4260	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	4260	AgentSvr.exe
Token: 33	4260	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	4260	AgentSvr.exe
Token: 33	4260	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	4260	AgentSvr.exe
Token: 33	4260	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	4260	AgentSvr.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4604	MEMZ.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
4260	AgentSvr.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
4604	MEMZ.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4604	MEMZ.exe
4604	MEMZ.exe
7352	BonziBDY_35.EXE
7352	BonziBDY_35.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 5036	1232	VineMEMZ-Original.exe	91
PID 1232 wrote to memory of 5036	1232	VineMEMZ-Original.exe	91
PID 1232 wrote to memory of 5036	1232	VineMEMZ-Original.exe	91
PID 5036 wrote to memory of 4084	5036	MEMZ.exe	92
PID 5036 wrote to memory of 4084	5036	MEMZ.exe	92
PID 5036 wrote to memory of 4084	5036	MEMZ.exe	92
PID 5036 wrote to memory of 3932	5036	MEMZ.exe	93
PID 5036 wrote to memory of 3932	5036	MEMZ.exe	93
PID 5036 wrote to memory of 3932	5036	MEMZ.exe	93
PID 5036 wrote to memory of 428	5036	MEMZ.exe	94
PID 5036 wrote to memory of 428	5036	MEMZ.exe	94
PID 5036 wrote to memory of 428	5036	MEMZ.exe	94
PID 5036 wrote to memory of 4604	5036	MEMZ.exe	95
PID 5036 wrote to memory of 4604	5036	MEMZ.exe	95
PID 5036 wrote to memory of 4604	5036	MEMZ.exe	95
PID 4604 wrote to memory of 212	4604	MEMZ.exe	96
PID 4604 wrote to memory of 212	4604	MEMZ.exe	96
PID 4604 wrote to memory of 212	4604	MEMZ.exe	96
PID 4604 wrote to memory of 3952	4604	MEMZ.exe	106
PID 4604 wrote to memory of 3952	4604	MEMZ.exe	106
PID 3952 wrote to memory of 4128	3952	msedge.exe	107
PID 3952 wrote to memory of 4128	3952	msedge.exe	107
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 3000	3952	msedge.exe	108
PID 3952 wrote to memory of 1540	3952	msedge.exe	109
PID 3952 wrote to memory of 1540	3952	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe
"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4084
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3932
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:428
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /main
    3⤵
    - Sets file execution options in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Sets desktop wallpaper using registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4604
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=animated+christmas+tree+for+desktop
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:4128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:3000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
        5⤵
        
        PID:1540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
        5⤵
        
        PID:2524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
        5⤵
        
        PID:1240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
        5⤵
        
        PID:4864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
        5⤵
        
        PID:5664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
        5⤵
        
        PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
        5⤵
        
        PID:5764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
        5⤵
        
        PID:5772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
        5⤵
        
        PID:6052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
        5⤵
        
        PID:5660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
        5⤵
        
        PID:5532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
        5⤵
        
        PID:5980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
        5⤵
        
        PID:5592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
        5⤵
        
        PID:5844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
        5⤵
        
        PID:4560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
        5⤵
        
        PID:2264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
        5⤵
        
        PID:5856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
        5⤵
        
        PID:2016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
        5⤵
        
        PID:5776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6208 /prefetch:8
        5⤵
        
        PID:1452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5944 /prefetch:8
        5⤵
        
        PID:5292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
        5⤵
        
        PID:5296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
        5⤵
        
        PID:2908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
        5⤵
        
        PID:5520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
        5⤵
        
        PID:2572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
        5⤵
        
        PID:3628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
        5⤵
        
        PID:4680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
        5⤵
        
        PID:1656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
        5⤵
        
        PID:4768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
        5⤵
        
        PID:5692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
        5⤵
        
        PID:5588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
        5⤵
        
        PID:3572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
        5⤵
        
        PID:2396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
        5⤵
        
        PID:5952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8420 /prefetch:2
        5⤵
        
        PID:5284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
        5⤵
        
        PID:888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
        5⤵
        
        PID:3648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
        5⤵
        
        PID:6440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
        5⤵
        
        PID:6652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
        5⤵
        
        PID:5716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
        5⤵
        
        PID:6468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
        5⤵
        
        PID:6276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
        5⤵
        
        PID:5736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1
        5⤵
        
        PID:7076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
        5⤵
        
        PID:7040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
        5⤵
        
        PID:6700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
        5⤵
        
        PID:5604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
        5⤵
        
        PID:6980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
        5⤵
        
        PID:5512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
        5⤵
        
        PID:3748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
        5⤵
        
        PID:6304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
        5⤵
        
        PID:6496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
        5⤵
        
        PID:4076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
        5⤵
        
        PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
        5⤵
        
        PID:6876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:1
        5⤵
        
        PID:2028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
        5⤵
        
        PID:4288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
        5⤵
        
        PID:7664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
        5⤵
        
        PID:7768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10544 /prefetch:1
        5⤵
        
        PID:7452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
        5⤵
        
        PID:7564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
        5⤵
        
        PID:8052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1
        5⤵
        
        PID:8140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
        5⤵
        
        PID:6268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:1
        5⤵
        
        PID:7816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:1
        5⤵
        
        PID:7216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6928267589819228600,1836481937926289739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10860 /prefetch:1
        5⤵
        
        PID:5096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=smash+mouth+all+star+midi
      4⤵
      PID:708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:2712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=smileystoolbar+download
      4⤵
      PID:4992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:2128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong
      4⤵
      PID:1428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=snow+halation+midi
      4⤵
      PID:5276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:5320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=cortana+is+the+new+bonzi
      4⤵
      PID:4900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:2532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cool+toolbars
      4⤵
      PID:1912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:2308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=bad+ass+mafia+toolbar
      4⤵
      PID:4280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:1208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=john+cena+midi+legit+not+converted
      4⤵
      PID:5260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:6080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=is+bonzi+buddy+a+virus
      4⤵
      PID:1656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Roaming\Data\tree.exe
      "C:\Users\Admin\AppData\Roaming\Data\tree.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:2356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:4480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:5052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=preventon+antivirus+download
      4⤵
      PID:6372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:6388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=free+midi+download
      4⤵
      PID:4536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:5688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=succ
      4⤵
      PID:5692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:4548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=grand+dad+rom+download
      4⤵
      PID:4600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:6232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=mp3+midi+converter
      4⤵
      PID:6840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:6880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+cursormania+in+2016
      4⤵
      PID:6796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:6804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=limp+bizkit+mp3+download
      4⤵
      PID:6152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:5876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=cat+desktop
      4⤵
      PID:6720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals
      4⤵
      PID:6888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:6360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer
      4⤵
      PID:6824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:3840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=bonzi+buddy+download+free
      4⤵
      PID:7600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:7616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=stanky+danky+maymays
      4⤵
      PID:7396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:7412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=fuck+bees
      4⤵
      PID:7976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:7996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=myfelix+download
      4⤵
      PID:7864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:1368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:7684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0cf46f8,0x7ff9c0cf4708,0x7ff9c0cf4718
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Roaming\Data\Installer.exe
      "C:\Users\Admin\AppData\Roaming\Data\Installer.exe"
      4⤵
      Deletes itself
      Executes dropped EXE
      Loads dropped DLL
      Drops desktop.ini file(s)
      Drops file in Windows directory
      PID:6292
    - - C:\Windows\SysWOW64\CScript.exe
        
        "C:\Windows\system32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Bonzi\run.vbs" //e:vbscript //B //NOLOGO
        5⤵
        Checks computer location settings
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE" /Q
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1236
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:3500
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
        7⤵
        Loads dropped DLL
        
        PID:6932
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
        7⤵
        Loads dropped DLL
        
        PID:7128
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
        7⤵
        Loads dropped DLL
        
        PID:6192
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
        7⤵
        Loads dropped DLL
        
        PID:768
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
        7⤵
        Loads dropped DLL
        
        PID:4072
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:6724
        
        C:\Windows\msagent\AgentSvr.exe
        
        "C:\Windows\msagent\AgentSvr.exe" /regserver
        7⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:7696
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe" /Q
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:8180
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
        7⤵
        Loads dropped DLL
        
        PID:6456
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
        7⤵
        Loads dropped DLL
        
        PID:316
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE
      "C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:7352

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
1⤵
PID:940

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7988

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
1⤵
PID:3164

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
1⤵
PID:6436

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4260

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
1⤵
PID:6872

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
1⤵
PID:4044

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:6548

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:7432

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
16KB

MD5
53548c87f54abfc4c69fcae6e9768088

SHA1
a145d9ab761b8486eb3b58dcfc0c3eba3a6b8824

SHA256
b795af62efcce9a04ff501675c824345ca8b1117ff424c492570b20156861124

SHA512
ea75917f7d9cc58eddfa847c92a26510dcf303cf0ff7a864d4995a62cdb9e27d6df69e2093ea405605380e9cacfafa910ffdfcb35462e99529019bf377d35ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
35KB

MD5
5f8bfe3eb6c1026884c9b0691c0fa144

SHA1
6db923ccd275492834342be6852eb555ff30f021

SHA256
e3200e4af96e58178a89fcd4695ea31ab9b506a9837620d4229c2e30b8132520

SHA512
2add075c9d7c735ac99744c8fc1dc60013e2de3e788436e4303f78da7d2666b8fbf0982e518f2463d0f866b9dee52c7ebeebc2d3e6ebbf6d512d5a443d481b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
cee30a175170e47927374b709f61978b

SHA1
4e813770ae0af2c964ca80255bf4fc41fc96e75d

SHA256
f6bbea7fde2fa1f836a7f15dccdeab1b933fbc22dae76dee706b23538db5ec5d

SHA512
47cb584f9f335230ff26733bc6fc8f62e2b081342386b8f67cb99b9c21319e81019abdb82da8cff22cda45c607dd7f5e933e122f4e02b7c6151fa265526eff8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
97KB

MD5
e49d439317491fdbc18fce1fafd188a4

SHA1
5aa67a7171f6d5104acec0e2a711309757c96ad0

SHA256
b0036d55287b44c76ccbdcbdab7e1dbca6e315d8f6f6b45f5d7245e0d6d55cca

SHA512
88c9258d54c6ed092b69756d5a3f06668e20f4f7c1bf6b5663d0fd5132ebcd018a93cb7b734ff706a7da94b891c6c68baaeaf376d159d3aa4ca539ddb01fc00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
31KB

MD5
1fddfdab08937ca30e43dc454840c64d

SHA1
25af586ab7462e30465c9306426062b9d10bd058

SHA256
c578d1b5c5f608df3926d2658217ae728beace6455244c0cd9e3e3d15e455013

SHA512
b0f5666b0fed1321f525f72b5950b8c694032160e6e5fe101201f4fda3ea3c04fae226a997f949478a93705c8a2f25e3567eb69e35dd7bb6bff85d4bdc481fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.1MB

MD5
60021246cef1f0978983114d1fd51250

SHA1
b4cd22c3fa223376820c53fab738473732a0682e

SHA256
5cf8acb556090e2c26d420340e174d7948ca191e0334ddb1258da8844d4a2f3f

SHA512
ba1395b1814e266915c44e7b72f6f4d3a9528eb60948a1d9a6b501d129dcee6d8fe22125e569a618c25bd89b9128e088b3ba6c0ebcad3804a128f38f0e614b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
50KB

MD5
818c7336515256b547576ddf87bb4c59

SHA1
581d01b769f0d3e596ddd552fceaa279d2bc4884

SHA256
3bd25b6ea9dad8e49af3ad2e3af09460bd2cb7f9376d5cf0838d095cbf85f137

SHA512
20a23036689138160844ac72e564439025f238200eb7d33682388e06d79b6dfd742abd3e6e7766c7514cf9761b83d50dda95dc5cd8a78b507349d5158585bed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
42KB

MD5
a7c6a9443e888737623fd680ebb09bdf

SHA1
5a2fcb5e706eab9d65efcbe805bc1d2c619fb669

SHA256
b491d77084cfcbf4f79aeff7074c9fed641eca169902315af31be1856de8cf85

SHA512
524edc3ef6eb61715c8414b2ce2d176379d4c00c913f659dfe1d79794936ba87cc2676743e556d438be04010923edf1231a767f89a5749b6771cd51befec414f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
99KB

MD5
e4f0d9099c7ae3b903c48c173990cee1

SHA1
183eeba9982c7f74c345b489a6e95f89d4ae5759

SHA256
d64222674e9e320a815849456ee5b23b1d689d74c596fca9cc199661d061222d

SHA512
573fba44edaf2c71dcf034c83a7c920a1436c520adec98177eb5e154fbde06337d4405cabb9d53aa4bdb02927db4a5da9c0b4bb58e13a728bb69c8e61265c841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
68KB

MD5
b1fa2d198f9c85377f19067cc486ce60

SHA1
0b61ec35c64f513ac02988cb4786ed7dc0b8ec6a

SHA256
afcffc5ff17424a557fef485be111e35ad788023cbeb863ea6ea70940b0362fb

SHA512
5efa88499d24ed3bbf229cac139f90b2779ba6bf5546743568e2c542e2a0428d7bde751252347bc96d794df903fce4f5a8dd37b91e55ce5c01c22756737a60f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
29KB

MD5
ffc507ab662c24424f3fcb9e8d2eecf9

SHA1
f447984c038d8ece67915c0492e8610894dbc255

SHA256
0468c9bba7e5bb67ac35bc4f4609a257e6fc542e4faddcb494e285e60e9bf170

SHA512
6cecb73607062e2f7280b2cd0f33c014b1fc5190c34120452bd297001b0ed585dc35a451fda300de6864098896a76006a6577ffcc98fd8c0b0d4ed7f961ebece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
74KB

MD5
c5b1803c97122ba506c507cbc82d3e9e

SHA1
36b750ec25d61bec25d1cf6161c1f7f35f0226b9

SHA256
964e49ef062d9cc1295af8d4b7f3d387c8b34d9cf7118b25feb4aea14f8f86d7

SHA512
b0b9b1d7b1a5088301fd9b1ba9c2ed328508ed004622baee4fd3c30aaf633f9aee371d6f80f4d3042aff827fadb5406cf7ebe3b7bfe62f53a782065901b566ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
104KB

MD5
e66dd2567f726904a546a2ef9738eb06

SHA1
4aa632531c1e35964568ebfa776c38f7eeede689

SHA256
e9485c8e4b4a255e582e3cec7d1fd174c435c61f06ce87d2326780aa0ea24760

SHA512
ade2f98380d6cc46f51f8c120befb142db22cb78ace34ccb38506796c233ebb45a5be6a2f568a0bfa4acd79daa12f857b7d563668f63bdd259ea723604cc1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
116KB

MD5
e68aa512e5cd2a9371e45ad87071eb63

SHA1
ad8d854c23032f0aeeda82bff900862b6e7ee471

SHA256
0e0bd6f4dccd1324f285d20c0a131baac134ed32f665809c70ed7a9397de89ab

SHA512
a15a5fa6773b2cd0384d52e03d872e598ba1672edc3cdd01d33f209be3b5b49e15a2e04746c23603b178f59e8aac6ff6050eb8b95c7d3e703d26708eed53ec89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
79KB

MD5
6f1c34af9579a56d40795f7b4c23863d

SHA1
20d02cb01c4b4f0971f8e200fa9a21d1d27053ce

SHA256
3cd6dd45fd956208bdca40fde14707a98a199517ed3bcf6d76e69c2b7de0e154

SHA512
a58d755664cee1d063e7937a8b1083c78c719dd3b4e0b6810a98703a0f07c78fdfbf6c8ba5d6d457095bd8845014f789a73deddb79d22258a5ec9eff861996df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
3d960db12b3de30d0e92c416849d4a20

SHA1
241da7dec47d4f90f4e995cd0356dfdbb8d8cbc2

SHA256
26c31d9b3b54fb0dde30b2f8b826a1d41b8de53e5620afec814da04da239e935

SHA512
73d9106a9ba83efdcb23c82552745b12ab702b9258e7cf85fdfdc85a6031640c94eda3a99c28c8b58bc4454cc0bb03d29b31e95e107210d1ad2e41eb0b361f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1af7a2188f883f42_0

Filesize
4KB

MD5
c63f67300d69ea1770fa933465cd6d52

SHA1
11f38cd2349b7a7f88dba15ba2bc9e569f034f5c

SHA256
a4177e18fabada76f873fc74f1206d7b16b8d75066a1d53ca7b134a440517a1d

SHA512
9ca9f654219bbc9513715d2431e7b7e434a751f937361088c7616c64271656a5dc529c63350755b0e50312647a3b1c4011b541407580477822bc5944f87be5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fb39168c677abb2_0

Filesize
5KB

MD5
ab77fc698b4c350ac8883b642a19d2c0

SHA1
01d7886ecfb5c91130d1096bfc0130266bdbd41a

SHA256
11de669e7014e9979164de20943f3b12db88aabe890e12e3c939b07722b237af

SHA512
a239618bdfdea868ebc40c67854776895b4c63b1282ba57a27b2dbab5ab10712d425d2c05be542b2b46d11a36b3e2576d0618d3f9492cf6b21a1bca596a3c4bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\276bb8c3ae1e7a20_0

Filesize
4KB

MD5
c23cf992b5fc58c51792574c509a766c

SHA1
cd47fb3e31d12d0efa6666a6f04e0d39bacbe5ea

SHA256
8c69dfb42191d51b539ac9820be5c80ba681932e1bd25120d98c41d6f70b8785

SHA512
f15c2b0e36e850c2983983033d573efd55918dbadf9e2aed0df2fff5fed2df55d56ccf71b4fd5d0abc6e176a35dd188f30eceffc2d1460113e7bf4395f80bdd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36bdbbe65fa3970e_0

Filesize
288B

MD5
fd3a8f4fe0d5076b3a6d70fb199ad961

SHA1
806fe147776b130223a2d17481492c3d15f10e35

SHA256
7c7a442aa51a35df38d52aa58ee67bb997e0d9d06626c656299fd8762be924a7

SHA512
b44616a75894a699c1267f6943ae5939adff144db8508697e9e48cb0af24b9691df569e94478bd856a50406d5f2955e4a3ab2a99f696bcd50cab7ce3221729bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
e298705bb1e55b0ac28db030fa272ff8

SHA1
68d5bb71281bc5abc2f76cb9ba27b901f8811075

SHA256
be937bd0e542eb9ffa6eafed09316ef904be66c38165e6b4950cfcbc1c0c80fe

SHA512
a448580e7c9e4e546dd941df6cbef1f2b8a5fe8aa5c0348a5512560a24185f6644172e2e348770ee64b82538e9577788eaf3d641ccd5b637eac14f1bc93866c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
d3f90d7444287a616db2bbef9b0f704d

SHA1
c147085ee8a5ff2c017ed9a3806e4402c31b3e93

SHA256
69df1cfdeae6c03ecb67bc6a63f0c22ee2a4f122ed33d7aa34a42617f62338dc

SHA512
fce4ccbd6ab2eb23d90eb86c04496bab22b80aeae2cdab6bfe2c538025cb7a51d0b2d83c792406212fc9e2558a2e962a487f6a409c86322bc34c290d93f102cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
1e9f63e8539c038167654fb978b1727c

SHA1
1401c21ad741eb9ff133f6bc25da955999c46922

SHA256
cab31d572dc259b5bb76ec9d17c9bb70a27002ad8f63c5385a5fdb8f4131ca27

SHA512
d14a881f1a30675a88b78494f2b1dc4ea3f7bb42d937665c060423a09435af57438e43bb94f42902c4a4b8d01036374cd8b2d4868f99080a78e142cf849b87a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
7451d80043f9499f72f444196a0f84c4

SHA1
73df3ac947721bfa0e8f70ffb02449c8281b5e61

SHA256
7bd759e823aaf200c0c62df081271a3d5b0f496d3372b252cca2f2a638ec7f5a

SHA512
715ef669743d708b80316f3176779b7ec6a025771235ab02ef92610af7d98022f89f8b265fae4a59c8dc306fde6d0c28aa4001dfef08470893356a4e5ffb54f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63d8dc2da45228d7_0

Filesize
397KB

MD5
013c38af4fb04dbc1b5771ec31747165

SHA1
b527dc626b47c7e07208f3ca76a9dbde11accbd2

SHA256
57892829ffc121d18634c4c9714e433fa9b32c7bb3b0a2755a06c40193aed4b7

SHA512
381d89c2f71ed4ea4aa4bdf35951ac386b3eaa0f09c9cbff332c753874177b3cc16b9b322d0010b45f168b32cc1d0e2edd8645d92af087e1fcf5716518b86c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
6KB

MD5
bd832d1a411c29293d4b6d29437552da

SHA1
ae8792b95bc42c7a305b4afc45488ad7d91f9426

SHA256
65a1996e88b8f8ef6c49d1102065ac0a9ee7d61eb3ae0042476f01c6fba38424

SHA512
d2444107bc3a5585c3f946220872320ade0868215f10b8a7e25e1e715bd3f867e5b8fa31a5b690d68bea245e4620a91dc4cbf2fe8e6c0df45a4361cd283573e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
bfb26a46acbe27545301b1282869ab80

SHA1
ea758312634aef8a642682eec14a93fa68639e04

SHA256
8b14375d73078c10220db59f51eae4c21a01ce81ddd57c26ca88249f3a63f836

SHA512
5f382927622fce6347069d689a8d1fa6983868722d5a0855149ae364355a0bd68afadf67737cd1b8971d9be9fa7a03b7346791f83b28827d968d995e0a9a79d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
4602366165f41bfebbf8443ffaab87cd

SHA1
d4d1b12268fbaa0c60401dc8e4e1e2b2c627c3fc

SHA256
d9d7aae5703e7e860d6b1ee246d1d8346b947b294e3f931109d30c430f228394

SHA512
228700a1bbe88d87d81290bfe3e9dfd5a0c5584a4c394cbe7b5e96c55d729a36cf71f6d1ff0d5529fcf464389fdf4a119f401f83999a2418c6791e8b9cba75fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
56b4f3503c5972665f0599e0b7f9ec32

SHA1
44c7f4cfcfac973043107c2c2b184e56b413ef4b

SHA256
193e5e66424ef92f05555e1373186458c8fcc4c55e8c0e7aa24620f2175872d1

SHA512
2fc3d6fa55e1d76d96567368863c3a04ba48882f6d3aa5753eb89d3a67543cbe0caac928c09122425b7b299891e4866b6add196c61673d0f251c76cb1cea5d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
8433b417f897cad416b47ce320508df4

SHA1
12bad8eed75fc133bde27cd11aeee6e73cb65243

SHA256
5fe73feafde72fff18d4a3c23278c0109eaecdefbb4e93769abcd875c3f3ee98

SHA512
346993160a43c27adee0a5f7d84b13708882d51f4cb7a2a5af2f1b6702ced4254d172c64551af0919df086b627606c7e6a1f7672b97fadc54e5cc6828ec32b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
ca4f031737317328a36f88bdb7fe0a0a

SHA1
c5c4362e5c96bd4d07db0a4e878a1ddf1d7b0123

SHA256
b62985eb86cf448331202649e79f70f4d085315ce1d889ad45cfd6ffe91e79c3

SHA512
8680bf8514fdb970d47ed98f42a24578a01af22ce5406208d7f6e8c5d812f4f9d2cfa318cd1f521be5895e329d1c74b1b2ee49e9e4e77092eb0c738ace90b52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
7e4dab7df54b7a39e0a4dee2a0bd383e

SHA1
51d201dc573d7237315d1bc3b670efde7dc33a41

SHA256
7435b276b32558429ab755a14dd76d20e838da48e845b650e44e23bb80e897e4

SHA512
1d49db3da9686f073bd2cd2fc3ec66a5b941246d4fec10c91d420031d2de642d226b294517c7b4604ac09b73624ddb552c7f2cb87dc4ff873dcc6ff18cd510d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
6e194173a2510ca24f2e3297284074e3

SHA1
c095fa971fc23fc7ee8dc0bb830dc3d4b61aabe2

SHA256
a2088414b10030adbc89e667b2a246ea778de97b95decf84975b25a304dc4268

SHA512
9769466c630e3ef74093ad61cf33ef19a88fced40025c66d92c19b4786fae9d4ff823534da8b0c4cd93c8378d0acb4f0aa4ca6b7d288d7b517626780b313fa9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad7edd4a5aa0b9c2_0

Filesize
11KB

MD5
f73a594d382c734df19f67d0a07adb3e

SHA1
0a17045d133f08af78eed99e9edbeb4c095ce6e6

SHA256
88e307090b9d3b65c30092ba4dba1c386faba4e1a58bd3503bfbd8d2090a0c59

SHA512
4d4c6ade7237ff80992c9a3306f88e7f21be0cce7342b4a3d2ede246cd877292b0502dafb8eb2452fb09b438ae47b2209bdc5e3f4807dbd64ca33f07cc3c10db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

Filesize
26KB

MD5
9727caad4f1bafc0233efc5f11f6b6e4

SHA1
f525481eb9769d5089dcff49eb4c27e23fdde031

SHA256
b2e71de02544af5b94ccdd556930bcf708a202a07157cd25b2d13ab04a60ede1

SHA512
b5ee9eb339028befbf431c567fc3a350dce155c486f920b2915f4ee6981cec5269c6bb2851b074cb0d79152ad824f065ef2dd86161e5ad5f51bd380efa14c33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d700e0dae9d4f8c9_0

Filesize
3KB

MD5
22105ba6871865e13561b1ba1d16119a

SHA1
0a46edec591a837d0c76167f8d42da95690045ba

SHA256
8c97ad3aa6712dd479829b8da2ae38ff0b813be68dad111e45b2968562441567

SHA512
013aa3cd3904c9f6a8ca2c5de388904d2b4ddea6012af0a9d0940de9619b1ef057cfb142e30d99497294a3b0107154a13eb269e9729c303449516d1ad609610d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d86829ee97a8a592_0

Filesize
6KB

MD5
78ba78451525be853e45882e2c2b7072

SHA1
4e3b06ca49326345024d61d35c62fb3c6caf280e

SHA256
437d419d36ee32cc4f994c357d6a74960ed9cc665268b1dd4453f4a9fc4a7885

SHA512
b93a2b8d7963d6fb95099ef3b22d52df98031e2fd15b2c26ca33b35e0cb0f08652c4e5fba1a049fc0bf77cc44d9a48601f19240130a76d06b59984457920ea87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da1be081e56403ce_0

Filesize
2KB

MD5
7619168190bb1010232bb630048fd546

SHA1
8e8213eadc04b45faf83e91b69bf7499e9e8c36f

SHA256
945848409ef84791189fa50310713e99bb572f794928ae4991f63e7abae5e916

SHA512
dd5edd5a62d11c6c2771f1a557b26bed7b5052a7776ef5a32388bf6dbbad227b02fc2d40b064c13167dd50e125107fc95b0fea713882ce7222ded884923b1038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db45ab005a164b91_0

Filesize
573KB

MD5
1aad638ac2e95b311dbc6354f5b21c9c

SHA1
49b5fd30970a2d6727f5016253f8f9133ee98556

SHA256
1915882025f4ba643a05a19716855b3e1648fe6f9b7c6941a7398e9b6e26b8bb

SHA512
cbbb6b5d712ab1933d4a4a0b31a0dbd787a0b681f8a1ed26a1042e007b29df0bc6b0462d74c2d06c8f52350008f92c41af54f77aa6a7d25ad065a996787ba1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
018dca80ba0b6c83ac3d8d9b68c706d4

SHA1
4a38d960fb84a696e0f610ef48d683aafb9d30a6

SHA256
5a4b97a30279f77b6a6cbac4c6623a9ce750c153a9db4a83f5e4a3cd414f5f3a

SHA512
60852d272b4b742ada4f1aa750762ec72a585c5f3bb615e6581e8f08af0abad379eb790528ded0c5dcaf58a1dc2f6238c747b88e2847fbc943f547ccbb1d99b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ask.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
cffe67dd208a03966486c83cbb69d38e

SHA1
6619a1c9b7d8019b4650e04eaa226023864e606e

SHA256
40088e57a3a49a57f2ba2ba13d7791259076fc7c4b0dd14f2be0e86aa8cced43

SHA512
7cd20fe34cf6fc3fb18f1f7db1f0a2deeb37b21be4e85ff8e30120a58c52493b5506e1d8efcac97bb23673d4156895fe80d6e36a3ef01100b3b53d968f44d93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a8091bfddda67f6342ed8297d8eab61a

SHA1
316faabdd30b4d4049d6d3b4852b7e6f41a3f658

SHA256
60eab557d3b81e95fb5fe417869a918a1bdf8227f35fba11b5e3f88994c7a470

SHA512
ff2f6508c61430d3437d09b716b8b8300ea5ad0bda7c347e8a7353b58f5895f461137713a390758b9945d67206b035d5766f2d2fa468c7b70cf5320028de2f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7f3ff96dec195378f7e5a5fc0cb9599

SHA1
d985dfd0247096b7e4e56c75c1e239191027d159

SHA256
d8802daf60decfb384220b8fb27d2c9c710c7943f3b0835e51690a29ba73f6e7

SHA512
75418d613d892d1258791fcfb46f15193209fc18ba863fe6796435fc6ffc50535917c715e4f232aba4d82c517a770b83b39c1607a2da8a40fbad93a31828ef84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
6a144e1625c7f79d0c14b290d3090f4a

SHA1
6a68a66052a7502e2d270a61df5533e68205f56c

SHA256
82873c5ffaedccbc2693d571fc92fc08499e67a0dee32f04b2efdcee0d922628

SHA512
2e4365dc96e39919617ed2b305d0ff3d3a18d60c6011fa8d573e9087d75e07bbb59c43d39da1861d2b0c116fcf02f4fc48e65d7eb34a6e8199583c8b7a7b4b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6aaf8eb76e83fa99a50390bf40c84f16

SHA1
70cc4cb0c9e6971e67fbbe5f172896a7ad31c66c

SHA256
15c7abf9e818e727a97770c5dc169fce7b4eb22cde2258ef22c267737796b580

SHA512
18f07434e1cdcfb77834e8355fdedd6ff53270da6e3523fc94d83dd39612945af0aedc14f458824ec2513eb2c02c13fb5c83623a18b2b0c569c8519c5f008941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c877add747402b76e337abd70c5b8424

SHA1
f53b8b3960d76930afd8746bc5786d95639a696f

SHA256
60d1f4ef0dd7818c3b57f8ece0bb76649ce313ddeaa3f0af4484804a1eaed08e

SHA512
2e4c283001252b15fc6c4f1d0b5ef072c1d2d3f7c9e200abd970d1cdbc0162c667fe6083f91e0fa8338e237db7e1d4d4acf44cefc14440fe8c48591b481601ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d75f10171a41a9eade4c019df68317a

SHA1
c739405de84575213a14e1440214209ac1ac0723

SHA256
320e7586a09c849d94e0682cc1545da260f0808a70def20c8d0a09a0c280d4d2

SHA512
d0d589e7d7496ba0544bb40698fbeb3ea5c66383a6b63d64d79696fb01fb600c1113f111417aa90675948f26cd064e0678f325145a36166201e82327129936b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
386dfeb838d03efab0b10dc353487a7c

SHA1
583229a02b7b57a7107fb246b061dde8674f2e88

SHA256
eebb6d895af3196b3f00c8cadf27237514ee6b5b24bb3f696e00ab376fabc012

SHA512
b289c2182404b60736b3c5e3f551383f07be3242db4a4908379a7de7c4e715f68e6a0d25769f906e7e7c377e1a722ae8751e81544b94834504a3cea9d2ad52c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
993c7c0d5b265862e8cbb7b0078aa959

SHA1
2104d281de8567cac1ebc4e2e4014c82f9162828

SHA256
6400bfaddd2a7bf8cd80f0b2824d88e4337884a98c6c0aa3594f661944f28d4a

SHA512
abe1d010df0c45761853745a9fdf22ef2a4e10127b87dd1f83c59086ff927838a86a027a4c3681aa7f90ecb4e2bc7e7a9b80af02b4ed937e7b95fd130644ea7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
485e12581e45bccd6c10633e5eff7589

SHA1
4e47e685a9088842a32f32d0ac7462c8bcbbb7d7

SHA256
8fd177855621aefb7e6ac522ece7f4b903197ccb0e49a7bc89d30cb8f834aea4

SHA512
00e9528c88d45307349e9586a393120cecf3cba0feeec88c16541e438756044daef0dbd3ce76290917b9cb9a9e3050fc235538d2581bb9a0970bd8f9c851b503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
475247ded536f49e518dc04ec63c119a

SHA1
98f98e60cd33e9b1dd5919ef2b831c6812ed344c

SHA256
3678ca591cb7443ae8fdc7936b2d9aeca2af553341b4e05101b9dcc0c3642210

SHA512
8587d93c17b594e3eb73dc793c57cdbd65be704ee25f67c7dace9e9dbe1843b0d7c1925ef9bd4fb94da306ec74b4064a0163e10b9a2f5e2c3817a826f0b5292f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
332d88799f63141c4416862ff826ddec

SHA1
a39a75b06bcb5e90e75412e9ee6bac32e7fd489e

SHA256
4548e96d5a1bab7b93288141a4744f6efcbf0001d1f3f8c2d60caeba510be749

SHA512
f0026450afa14f0eae52c0463eee30ea2423201b58ff5b2e572056415d4631467557fd8f9e4e2e3b56e5763ff9fc8a92bf49ea458a26526d477c59335d9b9721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6be8cfbce75ba39aaf355a1d8053129a

SHA1
682d4319967c2fdc4bf7b15a9237cb1f7fc00ca2

SHA256
73c982f08afdf1eb4a8b211b0af135e54fd4fa246264890515ad407f6a442bae

SHA512
43029a8c37ab7d7fda7bbf31082e6c183aff3d5707dd3293f79cc9952e4603bcf035dc62c5737382057534dafb8a826715195fc82330c6a817f8bde32f27f7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ab69c941a9c6aaaaf01d41a08a80958e

SHA1
6a471d075daf143d42618f64a890699c209b834d

SHA256
8c7c41ee91f55731ad699791c5909f578031cbde34c4da6534d22af9825b5fb1

SHA512
8c9587791650d7e0dc789d77d66cffb11df14dcb34cfd955a43659c5bbd4f451fc62135839667b83d611ce7011d7263bdde91356610de78390c20a31439ffcd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7815fd88e78f39387a2ad3b5a436ef8e

SHA1
af6d747b8a0a3303f7415d0e752a0fb21ab34d7f

SHA256
8ada1ec99723fc746846742d5342a092812ee525ce1562b57991bc2a324f8869

SHA512
4b720f8c535a000989a38bb5c1dd867f4fc3d4efc0968290110e20c31b3cdad199cc2cb4bc96b59be856b67367971624d718aa22f32614173a7fb14057bb93ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4098b834242b1248e2e78b839c6c1b45

SHA1
acdf9b73bd6f996788e5dc64f31cd02f08469ef9

SHA256
e7dba2bd989c74546a7bb51c164f35efc2d1a9bcf892023304e4215f53a5c308

SHA512
a9d0b6b99003500b92ebc6dfc379e7d676c640934320baacb842c8fb66ec66197eea0c6b94be5c0e041bcafde11c5dd43f7f0e9b8c5e5bf519b36ae2463bcdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
34d27671b55342e6db8e3de684788552

SHA1
087227bd209c2607c1dd7373900c12dc443d667a

SHA256
0bb084b187ddfcfc064c24a353efc6b71d835d0f45a034412db53afb3905cb0c

SHA512
b72793f157f6fd39bc7da00498852f3c6daaa80ecd8e53907c22724f0042c1bf532d61d6424bd9623a98fcf2c540c183b54a8599424c593e3caaea0c151b09c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cef02de9911c9331e998b3d962eb45e4

SHA1
3888f7ca5061af5271af0278b530749f63dc18ff

SHA256
0481f99dcaad608ac3f8e9a93a7f730183d1233af2978129191c7a491418ac42

SHA512
e54f2f592699113053fba09c625c1b13392fc848a9c2142d5faa9333786dd31029decd1e467391af73d841f14beb8693e913dd9941be561793107212352f816a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d41905fd66cf73c6504fe9b7d2a69771

SHA1
5d6f173b6d3fc9c4e34c3c0141c18807142983c4

SHA256
0cfa240c7e707ea6d579833890ae73a391079ab604b2595152390783025a5e9b

SHA512
1c13c018a11e170017f07fb6050aec557e9a8fb73a42ee3cf3d030c83313a4ea3c400f369041f040e85e0ef9c975ce4121f3a003db34b6ffd32ac5847121a725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9fe75621981d84dc42dc27a3852d8072

SHA1
0328e8250b57fdbc78d599ea7e17e81e5e492fbf

SHA256
09a4c26ccaaaa2385bb7a54fa01fd3f354d3944c3dacac20cd474a2eee4e9b10

SHA512
d330046489356157a845b445b6d6868b3a628dee3ffb123a0294785ebea89f52304c38115bf899c6c03aee6cc88f256bfe36c15770a8698dd3f8e82a1b4af98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
da0bccf97fb331b32e1dcc6b83c808d5

SHA1
8f94462ae2240a99b0d1cfdd9110d99f672c3cb5

SHA256
ef9695ea9a0632181ae5a1e3e27b8b87002ee704847850312f6b393cc4e77822

SHA512
984e53f3d42ddcb60be052aa8bfe5f4b8a9658a2c0b45c2801f35dee8cf5bc4f06a5c59161e8e5150fca0fd12ccd1786ea808b9109a8b02740afda981a3aa7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66dbbf1b9d59a687d9a4871fe73aedd3

SHA1
ffb1f762538dfc87db5f9d993f96b4a3b5b4edf2

SHA256
66a94a6827769609fbd80fbbbdea254e4cb936faccfba39eb8fe836372ed4ece

SHA512
c7fd0539a22a3fc3ff7b3c207ffc0542b757754f234d37362281f932d166d063c63491e259eaeb0b5ab45aad290afce5333cde3d8664ce56b9633e78c3a90205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7dec6de8bffae5f81caed7fc7540e037

SHA1
1b101cbf6c88a275535e3b9f506b1581e38d9ac3

SHA256
bc623b21b83960bf030a41a5bf0c28800c3e7076672295a6ba28ef242ca89202

SHA512
d97b0b6829e5922e159ed66be49093d4a5f522a323e9c680cc1723d80251da8d5a0d6422080bdf64db3414b05a253b3afb85d4d5da95b4bd1e4cbc3a627ac935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2ed45b74d62f6b358d6a40f26d265851

SHA1
4b705724c9ecf63d23909cbf97ddf22aa0d85f5f

SHA256
9f2f7504d6b4fc7bd5f805f70176b9e3fa030e450fcc36e71cab08f1c7666a78

SHA512
0f73d292a935e11412e8ef5aa7af3aa8f3dbd17c0940af31fe4e66d135dd833abde6a210c8de3f91730f598a109eb6ab100574e7edae3da9e1e804b05412db9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
aa5251e3186c8bdad0b6e63641c77df4

SHA1
5166c80ace8166b7d71e2765341e798e29065971

SHA256
1773bdbd2b2d2d23fd11fbfcf3f00b3270aefa90a4790664794950a0fc615dc0

SHA512
7567b23889022774436d4614623f458839996c4b0ed558449ed922c44787d35febf1c1a4fffead09a508c69edf2a652558edfde4ee9372358b9b6bfc12f2a317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
22a526d7e0009c25307f78b0bf0ac97f

SHA1
0b0edc073523c420210bb95f5e34f08516af2caa

SHA256
6951c46e1ef1bdeb1271fa2427057eda7b49c98fb721670faad0e5d11e9401a9

SHA512
92098d289671f0a01fbafe11f45307ba0a1579e7fb1e28bcae1b94de9cddb1c263cbfab2b4b9783cf10bbb2d510cfc5312dd7d98d70eb17c2dd9755c95bb7df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b161a338-855f-46c7-ac0e-88da4ecc7262\index-dir\the-real-index

Filesize
2KB

MD5
7660b935adc5dcef5ff68fab4beb1b8f

SHA1
02fe216cef23afe5d5ad0e96d9c953a70a981a66

SHA256
eb3514e5222f0e64c7e27baeaac138f82097e8f7b7ee3c5b6e53a778da5389a4

SHA512
b41369744c2ba7eea5045ba4444970232626e5b551bfcceaa5a62a7b0a3d36482e02f6f200326a2be5feebffb4eb8a2ee2783499d97d3d7c6fce517ccdb0b95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b161a338-855f-46c7-ac0e-88da4ecc7262\index-dir\the-real-index~RFe5dde4d.TMP

Filesize
48B

MD5
001424f820de03d55e1f5748bb1ca216

SHA1
f0987cdc6d70fedf456b9a1bc777478dcbab67d8

SHA256
0a6639cc01929839895b22f97c7fc67d98761078fb951e60bd89ff07f6def4aa

SHA512
37a7a6882c402cbd88c681a7c3fc2dd50f44750bf3ea02245c273d0eab8f01bab56156ce742a94712bf793820944fc13f8bdead892c542725f163c5a33aae9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
155143d83e8360010924448ed7faadf0

SHA1
cd7d5dfe2626d3c03934f3518c38efe6ae83b435

SHA256
496600cda9916a5cc61a666d679b202fca2625bbf6960c9fdd033edb8674d781

SHA512
e53d8f1e5c1d67c2afba8afddb5b500190131f9d0edb8063070747ed4ce619e7dc9c19e0a48e6f484d2db5bc1be7dcc1f006d2009f23884f50b1bfbd0d229962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
05702fc669cb58bd5298bf38e4a876b4

SHA1
14e589b19f9e8e73c2c0f08549a8c24f66fa2d98

SHA256
7a5877ac0cf4b68c88d87228734dccfb08121f9424c2ecfc0b39b931440970f0

SHA512
f7cbdb9ae569de30dc9d8979ffd0591f9a52573be40310ac12f8c5ecd5fb9255ff0828d42fa313ac967ac8a92e8946dfed073769825580fdc571fea7b642588c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
8b721c4f951df7d587a9076a57b9a1c4

SHA1
d65ba2c0940a372cff3c5d12fe0a928b982eedf7

SHA256
04916ab617bd01bdfc0bf5a7891e33cfc760c7149b17b1bfe92f74cb39179394

SHA512
7dca045588569df82e10381398bbbe4f807d19271da14e557ada02665d8b637ca6362191c27ef1f73cc845f4a44eb09cb1951c39580022228bcc989ce1078772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d5806.TMP

Filesize
89B

MD5
5cf32046fbd29d26a9a4acc2abc6d468

SHA1
e4210009741a76d2ce81df0b66406cb1ce8f618b

SHA256
aafe28fd6fbc23451ebb9070772eb1670ab1afe8f02f7e377fa7650c03271678

SHA512
d8c7703a8f24c815e34c7e048733e0a31d6d1dfc3dd04ee9ec488eeb8fdcfe159b431e8565622432b50c937a7e9433c093766ac9b9c04cb84b83c5ecd9b12524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dfb4688a74c1daf13ec5e3a105e7930a

SHA1
6b48ff41eb1c89b07502f9b7e6beaeea23951ccf

SHA256
0332bff629f477464b85a3201d8e2f74c504d354fc5205726e9d36a63591e473

SHA512
a9ceed572149ed8b257fc318522348b52c84cf9d9de50a2034698040956d0899c8fef177b4af94e92feb8eef0c06164dbd295d48305942571f6110934dd47ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
360c7be4c6c8406b3b3da84124148282

SHA1
0db71492bf9ab2982bab6420b11c21aa8f73a540

SHA256
9e35beab795f238fbab8109c298b1b2be5f8f415273c930ec1994e73aeed8738

SHA512
fb909ddb43990829151c98b3e561b37f9b4946e0d0697e75aa500851449e588dacbaddb8e58510cacbf45af7b440e932ec09ff1eb1467d0e603011a65dabce5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c30eb.TMP

Filesize
48B

MD5
536c387e14dcd31ffdc7bddb2a76f07a

SHA1
e1627e1e460909df8f42c3c60cdd38b0ebf6c184

SHA256
7ab3cacdd712c7b2b093e7ad58f28ce2695e2c8d386649914b592f2d7ba5e7fd

SHA512
081948fe1c5cf4768826661db819693bafd891135724413f5e4f8885d445e91de32792655cfed2f571d4109aeffd4229e3b7354e90f59a1beba36e6dc7ad8a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
082b2adecc8543f932e9b857e5fa0d93

SHA1
c231e1d9d0087de4fbe3f9821e8f62572a31a060

SHA256
1596f018ea5ee547454c72ba9bd0ebfa9a670e80cf44782daaffca18535a1ff5

SHA512
fafa5f7e209fd50bc134b7e9dafaa33e9a2cd51ee4110efccbbe5fe99bdb19e6adc03c62538958402e05f288d5d19c70b7f8166c081afec16c168b8dadba2bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cb976538a97bbaaef024a662b38ebb4

SHA1
d1791313fc6bc3eabdeb02ffb2993b00b10c589f

SHA256
e9c39ee5c2abafddf5533576faf17667f7477ee0ebed164236d7488e8f3ff84c

SHA512
6ca80e74dc5234c336db0b5488b9c86cd311b14def636b297462859f4e1acc855a017a6b746adaa07f5d78b923656e5ef9029eec4bd02262c53e9cdaee17a7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e21dac8b96c50f1b70eeb76a745f25f5

SHA1
8f01dcfc7baca72388579b26b94251ec2f6c853d

SHA256
eef4dd5e8603c57ab319f8eea823351289e249a7e9614c86952a4ea310d70276

SHA512
be3228b5928ae14b25fbd5ae74eb6d623ca8decc1aff3efb586c175cbc66afe5ff92849130e845129d8dc8f9de231e1c9795d8dabce90df58720af1ee8cbd190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95bfa5d8f55ed236aa261e1d52fc3d5d

SHA1
2cef3e30ca0f4f22708576d57aceb3a366c57367

SHA256
4497e120d2f77eeb780832771d5267d4e8fa09cad45be47c1c481e9b4f9bca25

SHA512
b8a61b585827e969f10e7c6466bc9fc67041dfe86145612f7e7639330a3189570baba4cd583cc7c79e84d5c82795b0990c6f39ca294d188b5e84e7d66d736ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e8a81566111cfef0bde390a0494f6f3f

SHA1
8aba8ebba900f51b627829f4309222748ec43dc4

SHA256
99b537a80d54136c3da3556d3c8777695cb2f6d4c91488f240107c33a638ab06

SHA512
158b5435e494a388cca52a8743c94b2d33cde51d4d3c29bc7777e4ff75a14470c8b5ba7a38ab860c197a3ed4849036670fc2a075675f7ff044688da7c3c88066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
624fb22bb723e1c34140caef351c82dc

SHA1
90433fc34bac7a8a3e8def0f97d4e132304619a1

SHA256
01e77da3c47d5f8051b3fb0d696493cb2444ef86f39997209084b5cbd774834f

SHA512
7852e7a9c6f561aace96c8433966a09edb023e79eeb49f0d1fcb966a56e8fee34ba95a3b948e6e0124181e8ef82af2326407476916d38a95a7d2f5141ae6878f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9df43062f73f2c60762e5affb49f59f7

SHA1
e0c580d3e11a05b5f29da8473c6fc84cba385633

SHA256
33cb2c573af6bd842a380c02bd58e136c4f237fadc72db588ca21c5e72f117d3

SHA512
acae887d7a57d7de77e3056a9cb4bdddb37d4878e936b0c987e7cf2773f0793de3bf671cb82de9f6d6ac23c5a4675b84570e10e0146b44ace45a4734f23057a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
859d2bc14cee29e6b466a27c82d41adf

SHA1
3ae00262323b7ab9e901372fbe63ed90a0945981

SHA256
36a9dce6593bdbf6b6c06a728144fc16f70716a22fda76dd4e954d572fd17fa1

SHA512
b18d728892bd18d38c9a6eece42c25895ebea548625ece7339b87c395be8176f296bc04d13a68ab8ede0c54cb4ca8312b18c31b25209ef876aa31f05c80f7349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e4e4b429519d712b8dbcc44724831de3

SHA1
d0cfe3fdd2f9027e11eb3bf9be1b3c45561d285d

SHA256
98d8c3ff7cbf025e689949f0727cb59b6f095f36ab2ced2328e9b05aaa9ec357

SHA512
03d72038ac7c9b96165ffef4356d6fb72ee13aa4d6117fd86cb1851c1a03724d0750921155465a148f5e2d19f03fab49f91c95d3482faf6b644c1666c48a02b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f6fd3ae37d64c331f7e9019ae9e6e069

SHA1
f3d215c5559a5b0dcd4b88f9dbbff4bd8ba4a5c8

SHA256
384fecf8f4fdf9b801ad45c3d9b99885beceb2f4bea6c804f6e987e3598bb52c

SHA512
c2d834a4639d10ec026fcbbd3bb89b6957bffe16497649ec8235d42ffa225382ea26483154076a041464beb71a37677141d7677cdf81171b7745c1a80dd7f89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0411c8aea013e26dfc6bbafe99713f3

SHA1
35a01c84a8c9824b0c70a94ee62085efd7caae06

SHA256
dfafd47cc2198cd22679093ba8263a74317792c707839924e283cdd141299d71

SHA512
4c565c9261005a43bfd3bdc41f69a2ca83b5386d5b251f62198e1cb17969d812d7e33a368ce3944a8572e350fe00de6a2a1ae47dbc8c090cc047ca46e48ea052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60846545f137cdf4b6cfd00c138ed2d1

SHA1
761c6c0489161fd5e95f7f15c3e26a31cef99fa7

SHA256
eb7963c0e6bbd8712e9a3d79498c5a4d274348fd5bd229ed82547b9f581d9bac

SHA512
e8a9e0f623b9e02fb2eef23830987833e54ed5fc364f135b2f7d4ff7246eaabe7126a2e9a9074c2441a5609869372036fb36f294d895d7c51ede86db3f5b33b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d384b108185d8447ddaeb2dd0707a326

SHA1
1ee2a4318c0c624d289772544075e6def40fd3c5

SHA256
295d0a9aeff3a5b165b3ab3634118350d68e2d61faaa46d0d295b9472572a431

SHA512
31b2e2b6c1573b43ec3c91db21e748e8f88abbf77969360c93e471d98bd4bad7ecd3b3ca6b219b34d03329a7f0e388160f16ebe2e0c3ad99e50dfb3e760f9ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fc747eb3e8d3c49ab844867439e4b066

SHA1
ae1ff8bc729a475e5b5f3779924d292e099f4e2b

SHA256
9558e961d2cf4ad8755b86faba11ac5048b4bbeb5254fb313b1b299f39776575

SHA512
d3574ba7625465b71ea4ed0a36d45bf500289cfb0233f6ab49b9970f418fc5f0e6dd198c8dfe34379bac8f7d8ae83fb04d7be2a326ba07cba1be36a0da7b1dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a8454.TMP

Filesize
706B

MD5
d73c240620facb8e00019e13d2ffe8bf

SHA1
2468bb60d44668a30b6761134b0599aa2ef48ae8

SHA256
8f9a911b8b93dee69ebdab0a0feccb9459815aac9e3275e5c8ccf2ab2e923c11

SHA512
0515a39369c02425208b1df35f9216408a324732a89587e5766ab0d4893b190b7d215e6641364320022ed1d58c94e2d3eb0422beb1d1965de746283afa60ca5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5404162f5c1c582c740e66cd39489d81

SHA1
4fc163bd0a15847494e3910502b382d232717d7c

SHA256
173448aa21fc994398d148b939ffd21aa635d9c284c065fcd124caa5c7b30e85

SHA512
200a94b74c0345f5a4b3a2225603ab469286baf34b895c92293b947f37dd64584b46352d8d8a73c4b18a61ddbcc008429db0b8fe8a93cc54726777654429e21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b6013eeec9c2197bafcc374292f1a72

SHA1
092a2b9f50ed3180de93c6bcdba18bbd3ab5d09a

SHA256
21976228517504c60807afa2b44cb8093498adeff18e24402f9a8718f7cd26db

SHA512
76484ad4eba6db8ee203ce805392ea392eb4012982ca06343e1f1c004fc1541eef1e4765feae5244d6e92d44b9ca942e08207b35671ae0642f7b9698f18b3c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA065.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA065.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
C:\Users\Admin\AppData\Roaming\Data\1.bin

Filesize
7.4MB

MD5
0b3c41fee3a69110fb58554519cd4639

SHA1
9537cb0405973ae630c3d926cda6a2825b9288c8

SHA256
587b3d5078538290e49d2a8fd1740a8fc7960a0faaea4d5cae0959d99ed14fef

SHA512
ad2eb4a04db685649d70bdc521cf59f570d5407d284f5bb419efc60b94802d91a755417ba4bc44bceec78b155295b084fc6edff31d4760c08058cc04ebdb0008

Download Submit
C:\Users\Admin\AppData\Roaming\Data\10.bin

Filesize
452KB

MD5
a2f47c218e2507db3b22eb7e6d780001

SHA1
218a59915bfede4b5cbf2427200566709aa05bd5

SHA256
5b60fc854544978a715bcbca8f5a3abd28bcd0bd8b50fb953318640f7a266d37

SHA512
ae7152c080773d3910eeb05a47cfb551875e65dc5d88734114d03a6526348164caf179f2fc3b743850ed90b4fb80542e8b36ca31b3ef8168302500fbc0a701ff

Download Submit
C:\Users\Admin\AppData\Roaming\Data\14.bin

Filesize
479KB

MD5
e80a37c42ca0d2bc7f004afc4b822d6a

SHA1
f17361409ecb19135e3b4292199fb69bd4b012c8

SHA256
71ec6f96779240d530ddf16fecb1df97661b9e1ba8201135459729c8d4d2bac5

SHA512
b3ff7e71af33dc3368a198de8aaa4cbad8daf7ae90b3d398fe9f2cde490bacca07e6bcce08f6afec5943b634a2ed0ef9b121b89a68992d22bf3f831b6f33efed

Download Submit
C:\Users\Admin\AppData\Roaming\Data\15.bin

Filesize
528KB

MD5
3948ca5e92fb2d019a8f16765f7a5e40

SHA1
5290a66876ab0f62ba34b6b524a0e7771e31ee3c

SHA256
ca362bcaf0e62fca16febafc2d15cbb1ea92e2ad6cc22fa5337316ab8bf2bc27

SHA512
ad56d867e1040bfb5b2998a2d62ffc508989a5fc501f22ab775bc9f715f1cc2d4ccb0a899f8b2a82e7597bf715ad70b6826875e72e23273ef306f5bdca47df03

Download Submit
C:\Users\Admin\AppData\Roaming\Data\2.bin

Filesize
353KB

MD5
8766dce04feb646bf62206d64d6eb0ba

SHA1
91c5d588028c6c949e9cbcec950bcfaa35a791e4

SHA256
f87e1ab69bef059744ee9244f37b0f21ef7d7b06fc5245094cfa22637ef6ae9d

SHA512
0bc8fc880bb94ad55a732f2be207d88a6bb0ae8d97f91819e889d04420a71ae5d91af21861bad351c5fd7f4e944c1899b17df326bf19d310cc31a95fd38ee6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Data\7.bin

Filesize
372KB

MD5
22df6fab4552241b0a7d650a15a336d1

SHA1
1e2b12c9ce52e5b433413d28d96be0974f6f7390

SHA256
d47f4fbfe7d145a737cf2e9a6c519e38510957a2ae663d4295e00ce0f6e651a2

SHA512
505a53580f7f76df021a466fdaec6ad8230ba04acc7115286d1a801d51a686fce08a23aaddaf0e134e94ce822191892987db8541edbefaa6928a2927c5508292

Download Submit
C:\Users\Admin\AppData\Roaming\Data\8.bin

Filesize
408KB

MD5
5ada580c290b53327fc8db29d5cd66c5

SHA1
a504aff6a9fa93bf4ccb69df17b5238804c659f9

SHA256
5dcf1f4b285a6dd70ec7acd77eeb5752a3d381a8a697eafd394fcde615f3ba63

SHA512
36da1958e7b4fad5367b257d9343c4eab59d50b01c610514d48eae2d0eeabf7efd06dd8fc63551a0a7e11df91aa3ceb063003cdd9c30c6755431ba218524fd49

Download Submit
C:\Users\Admin\AppData\Roaming\Data\9.bin

Filesize
13KB

MD5
f0e3d4ad2f1d09acf314a9e7a92777ff

SHA1
958224c3c98945c38f4e12ad6d1c64c4b91e189f

SHA256
b897644e314b31e0dd5159d061b9e77a512178f29a9f36076ec105e286212bb4

SHA512
28ccc056d2f5bde039cc3502a584cce3baa5cf9700fda8775344935438a6951989b3a24903693ac5e5292ff250cc27f338b783b29191948bed7ff4cc8038c8ac

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
21KB

MD5
5761ae6b5665092c45fc8e9292627f88

SHA1
a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef

SHA256
7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2

SHA512
1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

Download Submit
C:\Users\Admin\AppData\Roaming\data\12.bin

Filesize
5.4MB

MD5
9e0ab3181d32ac9950dbe1026b197207

SHA1
d8b53f3a93d5e2df9507b6256f2e414712347256

SHA256
a3091d14161d268924a4d6195f820c64b1811d6afbd6948dde29e267ecb56cae

SHA512
424f8f0a6e945fcd831ca0d0f73f898dad0214f38cc477cb3be8b161836e349cd5d629444033e134e2fd6b8c85cae088f177aea4e26d7192a4f60a5739584c2e

Download Submit
C:\note.txt

Filesize
133B

MD5
910efec550edf98bf4f4e7ab50ca8f98

SHA1
4571d44dc60e892fb22ccd0bc2c79c3553560742

SHA256
7349f657a8d247fc778b7dd68e88bc8aba73bf2c399dc17deb2c9114c038430b

SHA512
320de5e34c129dd4a742ff352cfe0be2fac5874b593631529e53d5fe513709ac01f5d1d3dfae659f36a2a33aae51534ec838f5d3748cd6d1230a0f3d29341442

Download Submit
memory/2356-821-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/4604-51-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-56-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-48-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-55-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-49-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-54-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-50-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-53-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/4604-52-0x0000000003C40000-0x0000000003C50000-memory.dmp

Filesize
64KB

Download
memory/7988-2628-0x0000022872910000-0x0000022872911000-memory.dmp

Filesize
4KB

Download
memory/7988-2638-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2625-0x0000022872900000-0x0000022872901000-memory.dmp

Filesize
4KB

Download
memory/7988-2626-0x0000022872910000-0x0000022872911000-memory.dmp

Filesize
4KB

Download
memory/7988-2627-0x0000022872910000-0x0000022872911000-memory.dmp

Filesize
4KB

Download
memory/7988-2619-0x00000228727C0000-0x00000228727C1000-memory.dmp

Filesize
4KB

Download
memory/7988-2629-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2630-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2631-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2632-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2633-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2634-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2635-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2636-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2637-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2621-0x0000022872900000-0x0000022872901000-memory.dmp

Filesize
4KB

Download
memory/7988-2639-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2640-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2641-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2642-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2643-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2644-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2645-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2646-0x0000022872930000-0x0000022872931000-memory.dmp

Filesize
4KB

Download
memory/7988-2647-0x0000022872940000-0x0000022872941000-memory.dmp

Filesize
4KB

Download
memory/7988-2648-0x0000022872940000-0x0000022872941000-memory.dmp

Filesize
4KB

Download
memory/7988-2649-0x0000022872950000-0x0000022872951000-memory.dmp

Filesize
4KB

Download
memory/7988-2600-0x000002286A590000-0x000002286A5A0000-memory.dmp

Filesize
64KB

Download
memory/7988-2584-0x000002286A490000-0x000002286A4A0000-memory.dmp

Filesize
64KB

Download