734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
600s
max time network
606s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Size

39.6MB
MD5

b949ba30eb82cc79eeb7c2d64f483bcb
SHA1

8361089264726bb6cff752b3c137fde6d01f4d80
SHA256

5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
SHA512

e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
SSDEEP

786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa

Score

8^/10

bootkit discovery persistence ransomware spyware stealer

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

tv_enua.exeMSAGENT.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE

Sets file execution options in registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

MEMZ.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe"	MEMZ.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

CScript.exeVineMEMZ-Original.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	CScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	VineMEMZ-Original.exe
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Deletes itself 1 IoCs

Processes:

Installer.exe

pid process

7868 Installer.exe

Executes dropped EXE 12 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exetree.exeInstaller.exeMSAGENT.EXEtv_enua.exeAgentSvr.exeBonziBDY_35.EXEAgentSvr.exe

pid	process
2996	MEMZ.exe
856	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
2128	MEMZ.exe
2904	tree.exe
7868	Installer.exe
5176	MSAGENT.EXE
7364	tv_enua.exe
8564	AgentSvr.exe
5680	BonziBDY_35.EXE
8184	AgentSvr.exe

Loads dropped DLL 35 IoCs

Processes:

Installer.exeMSAGENT.EXEtv_enua.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeBonziBDY_35.EXEAgentSvr.exe

pid	process
7868	Installer.exe
7868	Installer.exe
5176	MSAGENT.EXE
7364	tv_enua.exe
7820	regsvr32.exe
8308	regsvr32.exe
8308	regsvr32.exe
8324	regsvr32.exe
8332	regsvr32.exe
8372	regsvr32.exe
8496	regsvr32.exe
8512	regsvr32.exe
8528	regsvr32.exe
8544	regsvr32.exe
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
8184	AgentSvr.exe
8184	AgentSvr.exe
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
5680	BonziBDY_35.EXE
8184	AgentSvr.exe
8184	AgentSvr.exe
8184	AgentSvr.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

tree.exetv_enua.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DesktopXmasTree = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\tree.exe"	tree.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 8 IoCs

Processes:

Installer.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Installer.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 3 IoCs

Processes:

tv_enua.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\SETB821.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SETB821.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

MEMZ.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png"	MEMZ.exe

Drops file in Windows directory 55 IoCs

Processes:

MSAGENT.EXEtv_enua.exeInstaller.exe

description	ioc	process
File created	C:\Windows\msagent\SETB7A1.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB7C6.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SETB7C7.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7B3.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File created	C:\Windows\msagent\SETB79F.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7B2.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB7B4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SETB81E.tmp	tv_enua.exe
File created	C:\Windows\INF\SETB820.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETB7A1.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7B4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SETB7CA.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7CB.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB7B2.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB7B5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETB81C.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SETB7C7.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SETB81F.tmp	tv_enua.exe
File created	C:\Windows\MsAgent\chars\Bonzi.acs	Installer.exe
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETB81D.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETB79F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7C6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7B5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETB81D.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETB7A0.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB7B3.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7C8.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETB7C9.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SETB81E.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SETB820.tmp	tv_enua.exe
File created	C:\Windows\help\SETB7C9.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB7CB.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB7A0.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB7C8.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SETB7CA.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETB81C.tmp	tv_enua.exe
File created	C:\Windows\fonts\SETB81F.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

BonziBDY_35.EXEAgentSvr.exeregsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E26DD3CD-B06C-47BA-9766-5F264B858E09}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CLSID	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\1\ = "131473"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\ = "BonziBUDDY.CPeriod"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F68-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\ = "0"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE7-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA1CA02-8B5D-11D0-9BC0-0000C0F04C96}\ = "ISSReturnShort"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\ = "Microsoft ImageComboBox Control, version 6.0"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ProgID\ = "Agent.Server.2"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\ = "Microsoft TreeView Control, version 6.0"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2\ = "Microsoft TreeView Control, version 6.0"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\Control	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32	BonziBDY_35.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976287-3692-11D0-9B8A-0000C0F04C96}\TypeLib\Version = "3.0"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CurVer\ = "MSComctlLib.ListViewCtrl.2"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSCOMCTL.OCX"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0A45DB48-BD0D-11D2-8D14-00104B9E072A}\2.0\HELPDIR	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\ = "ISlider"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlSpeechInput"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RegistryControl.RegiCon\ = "RegistryControl.RegiCon"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2\ = "Microsoft ProgressBar Control, version 6.0"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Control	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\ = "_RegiCon"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\VersionIndependentProgID\ = "Threed.SSFrame"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\shellex\PropertySheetHandlers\CharacterPage	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent Server 2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32\ThreadingModel = "Apartment"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}\3.0\0\win32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}"	BonziBDY_35.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3364	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
3364	MEMZ.exe
3364	MEMZ.exe
856	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
3364	MEMZ.exe
3364	MEMZ.exe
3364	MEMZ.exe
856	MEMZ.exe
3364	MEMZ.exe
856	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
3364	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
3364	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
5072	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
856	MEMZ.exe
856	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe
3364	MEMZ.exe
5072	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

MEMZ.exe

pid process

2128 MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

Processes:

msedge.exe

pid	process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

AUDIODG.EXEAgentSvr.exesvchost.exe

description	pid	process
Token: 33	4648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4648	AUDIODG.EXE
Token: 33	8184	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	8184	AgentSvr.exe
Token: 33	8184	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	8184	AgentSvr.exe
Token: SeManageVolumePrivilege	9072	svchost.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

MEMZ.exemsedge.exeAgentSvr.exe

pid	process
2128	MEMZ.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
8184	AgentSvr.exe

Suspicious use of SendNotifyMessage 25 IoCs

Processes:

MEMZ.exemsedge.exe

pid	process
2128	MEMZ.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MEMZ.exeBonziBDY_35.EXE

pid process

2128 MEMZ.exe
2128 MEMZ.exe
5680 BonziBDY_35.EXE
5680 BonziBDY_35.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

VineMEMZ-Original.exeMEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 3020 wrote to memory of 2996	3020	VineMEMZ-Original.exe	MEMZ.exe
PID 3020 wrote to memory of 2996	3020	VineMEMZ-Original.exe	MEMZ.exe
PID 3020 wrote to memory of 2996	3020	VineMEMZ-Original.exe	MEMZ.exe
PID 2996 wrote to memory of 856	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 856	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 856	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 5072	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 5072	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 5072	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 3364	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 3364	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 3364	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 2128	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 2128	2996	MEMZ.exe	MEMZ.exe
PID 2996 wrote to memory of 2128	2996	MEMZ.exe	MEMZ.exe
PID 2128 wrote to memory of 3104	2128	MEMZ.exe	notepad.exe
PID 2128 wrote to memory of 3104	2128	MEMZ.exe	notepad.exe
PID 2128 wrote to memory of 3104	2128	MEMZ.exe	notepad.exe
PID 2128 wrote to memory of 3708	2128	MEMZ.exe	msedge.exe
PID 2128 wrote to memory of 3708	2128	MEMZ.exe	msedge.exe
PID 3708 wrote to memory of 4048	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 4048	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 3312	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1520	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1520	3708	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe
"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:856
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5072
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3364
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /main
    3⤵
    - Sets file execution options in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Sets desktop wallpaper using registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:3104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=limp+bizkit+mp3+download
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:4048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        5⤵
        
        PID:3312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        
        PID:1520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
        5⤵
        
        PID:3524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
        5⤵
        
        PID:1552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
        5⤵
        
        PID:3296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
        5⤵
        
        PID:2360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
        5⤵
        
        PID:4360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
        5⤵
        
        PID:1108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
        5⤵
        
        PID:4288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
        5⤵
        
        PID:212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
        5⤵
        
        PID:5028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
        5⤵
        
        PID:5460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
        5⤵
        
        PID:5856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
        5⤵
        
        PID:5972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
        5⤵
        
        PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
        5⤵
        
        PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
        5⤵
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
        5⤵
        
        PID:5536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
        5⤵
        
        PID:5528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
        5⤵
        
        PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6560 /prefetch:8
        5⤵
        
        PID:804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6572 /prefetch:8
        5⤵
        
        PID:1828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
        5⤵
        
        PID:5204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
        5⤵
        
        PID:3264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
        5⤵
        
        PID:5152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
        5⤵
        
        PID:216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
        5⤵
        
        PID:3588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
        5⤵
        
        PID:1192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
        5⤵
        
        PID:5752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
        5⤵
        
        PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
        5⤵
        
        PID:4184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
        5⤵
        
        PID:6512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
        5⤵
        
        PID:6596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
        5⤵
        
        PID:6220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
        5⤵
        
        PID:5164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
        5⤵
        
        PID:6996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
        5⤵
        
        PID:7068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8064 /prefetch:2
        5⤵
        
        PID:6864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
        5⤵
        
        PID:2068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
        5⤵
        
        PID:1072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
        5⤵
        
        PID:6708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
        5⤵
        
        PID:4744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
        5⤵
        
        PID:6780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
        5⤵
        
        PID:6848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
        5⤵
        
        PID:4132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
        5⤵
        
        PID:5960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
        5⤵
        
        PID:6384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
        5⤵
        
        PID:2324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
        5⤵
        
        PID:3508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
        5⤵
        
        PID:3824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
        5⤵
        
        PID:2256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
        5⤵
        
        PID:6544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
        5⤵
        
        PID:1600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1
        5⤵
        
        PID:1624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
        5⤵
        
        PID:4568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
        5⤵
        
        PID:2616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:1
        5⤵
        
        PID:4452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
        5⤵
        
        PID:5680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1
        5⤵
        
        PID:4532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
        5⤵
        
        PID:3824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
        5⤵
        
        PID:3740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9988 /prefetch:1
        5⤵
        
        PID:7236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
        5⤵
        
        PID:7472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1
        5⤵
        
        PID:7564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10772 /prefetch:1
        5⤵
        
        PID:6848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:1
        5⤵
        
        PID:6344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10868 /prefetch:1
        5⤵
        
        PID:6692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10840 /prefetch:1
        5⤵
        
        PID:8180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11100 /prefetch:1
        5⤵
        
        PID:7816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9696724711211410155,17208580535451119243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1
        5⤵
        
        PID:7560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=animated+christmas+tree+for+desktop
      4⤵
      PID:5388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:5788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=myfelix+download
      4⤵
      PID:5368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=bad+ass+mafia+toolbar
      4⤵
      PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=smash+mouth+all+star+midi
      4⤵
      PID:5720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=stanky+danky+maymays
      4⤵
      PID:5844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cool+toolbars
      4⤵
      PID:6428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=fuck+bees
      4⤵
      PID:6152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=how+to+get+cursormania+in+2016
      4⤵
      PID:6924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Roaming\Data\tree.exe
      "C:\Users\Admin\AppData\Roaming\Data\tree.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:2904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:4652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:7032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=succ
      4⤵
      PID:4448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals
      4⤵
      PID:6256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=grand+dad+rom+download
      4⤵
      PID:6148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:7040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=mp3+midi+converter
      4⤵
      PID:6072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=snow+halation+midi
      4⤵
      PID:3712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:4528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=smileystoolbar+download
      4⤵
      PID:3420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:4692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer
      4⤵
      PID:6844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:5784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong
      4⤵
      PID:428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cortana+is+the+new+bonzi
      4⤵
      PID:3388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:5372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=is+bonzi+buddy+a+virus
      4⤵
      PID:7408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:7424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=preventon+antivirus+download
      4⤵
      PID:7220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:7244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=free+midi+download
      4⤵
      PID:8064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:8080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=cat+desktop
      4⤵
      PID:2248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4dd46f8,0x7ffee4dd4708,0x7ffee4dd4718
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Roaming\Data\Installer.exe
      "C:\Users\Admin\AppData\Roaming\Data\Installer.exe"
      4⤵
      Deletes itself
      Executes dropped EXE
      Loads dropped DLL
      Drops desktop.ini file(s)
      Drops file in Windows directory
      PID:7868
    - - C:\Windows\SysWOW64\CScript.exe
        
        "C:\Windows\system32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Bonzi\run.vbs" //e:vbscript //B //NOLOGO
        5⤵
        Checks computer location settings
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE" /Q
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5176
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:7820
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
        7⤵
        Loads dropped DLL
        
        PID:8332
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
        7⤵
        Loads dropped DLL
        
        PID:8372
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
        7⤵
        Loads dropped DLL
        
        PID:8496
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
        7⤵
        Loads dropped DLL
        
        PID:8512
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
        7⤵
        Loads dropped DLL
        
        PID:8528
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:8544
        
        C:\Windows\msagent\AgentSvr.exe
        
        "C:\Windows\msagent\AgentSvr.exe" /regserver
        7⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:8564
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe" /Q
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:7364
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
        7⤵
        Loads dropped DLL
        
        PID:8308
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:8324
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        
        PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE
      "C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6732

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:8184

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:932

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:9072

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:912

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
1⤵
PID:7064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
35KB

MD5
5f8bfe3eb6c1026884c9b0691c0fa144

SHA1
6db923ccd275492834342be6852eb555ff30f021

SHA256
e3200e4af96e58178a89fcd4695ea31ab9b506a9837620d4229c2e30b8132520

SHA512
2add075c9d7c735ac99744c8fc1dc60013e2de3e788436e4303f78da7d2666b8fbf0982e518f2463d0f866b9dee52c7ebeebc2d3e6ebbf6d512d5a443d481b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
53548c87f54abfc4c69fcae6e9768088

SHA1
a145d9ab761b8486eb3b58dcfc0c3eba3a6b8824

SHA256
b795af62efcce9a04ff501675c824345ca8b1117ff424c492570b20156861124

SHA512
ea75917f7d9cc58eddfa847c92a26510dcf303cf0ff7a864d4995a62cdb9e27d6df69e2093ea405605380e9cacfafa910ffdfcb35462e99529019bf377d35ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
97KB

MD5
e49d439317491fdbc18fce1fafd188a4

SHA1
5aa67a7171f6d5104acec0e2a711309757c96ad0

SHA256
b0036d55287b44c76ccbdcbdab7e1dbca6e315d8f6f6b45f5d7245e0d6d55cca

SHA512
88c9258d54c6ed092b69756d5a3f06668e20f4f7c1bf6b5663d0fd5132ebcd018a93cb7b734ff706a7da94b891c6c68baaeaf376d159d3aa4ca539ddb01fc00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
cee30a175170e47927374b709f61978b

SHA1
4e813770ae0af2c964ca80255bf4fc41fc96e75d

SHA256
f6bbea7fde2fa1f836a7f15dccdeab1b933fbc22dae76dee706b23538db5ec5d

SHA512
47cb584f9f335230ff26733bc6fc8f62e2b081342386b8f67cb99b9c21319e81019abdb82da8cff22cda45c607dd7f5e933e122f4e02b7c6151fa265526eff8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
31KB

MD5
1fddfdab08937ca30e43dc454840c64d

SHA1
25af586ab7462e30465c9306426062b9d10bd058

SHA256
c578d1b5c5f608df3926d2658217ae728beace6455244c0cd9e3e3d15e455013

SHA512
b0f5666b0fed1321f525f72b5950b8c694032160e6e5fe101201f4fda3ea3c04fae226a997f949478a93705c8a2f25e3567eb69e35dd7bb6bff85d4bdc481fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
188KB

MD5
e3474199b5616a2de542b9da47ee81f6

SHA1
996d5ef7f2efb36bcc19350b16a84ee553ecdebb

SHA256
57499b57609c0a9fb5deaf07fa45cabb6f209d4b04111914df0e404896733556

SHA512
bb33e52bddb51c598f59d81f11c297ef39240b4bf384743720ffa498a5a44e673fedae66cb40563ffeb286566108704d2b861df42cff0f127f0fc0364cf8d230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
50KB

MD5
430e04d41ad50cf37be7c348f9730b75

SHA1
726a41249ad1e5e56ef28b42e4252be4018b1a81

SHA256
c16906021252b51bc85901864ada2fc54794c38f9d35da5d9b1a268ac32b921a

SHA512
f9cc2ee77bae578ce7a006a5f1289b1843cdebe82640581a38815f73efdfa66d1f993ebf8eddd12bead98d0fe4d0875493a495e608f3be9ba59c953b38963043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
68KB

MD5
b1fa2d198f9c85377f19067cc486ce60

SHA1
0b61ec35c64f513ac02988cb4786ed7dc0b8ec6a

SHA256
afcffc5ff17424a557fef485be111e35ad788023cbeb863ea6ea70940b0362fb

SHA512
5efa88499d24ed3bbf229cac139f90b2779ba6bf5546743568e2c542e2a0428d7bde751252347bc96d794df903fce4f5a8dd37b91e55ce5c01c22756737a60f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
29KB

MD5
ffc507ab662c24424f3fcb9e8d2eecf9

SHA1
f447984c038d8ece67915c0492e8610894dbc255

SHA256
0468c9bba7e5bb67ac35bc4f4609a257e6fc542e4faddcb494e285e60e9bf170

SHA512
6cecb73607062e2f7280b2cd0f33c014b1fc5190c34120452bd297001b0ed585dc35a451fda300de6864098896a76006a6577ffcc98fd8c0b0d4ed7f961ebece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
42KB

MD5
a7c6a9443e888737623fd680ebb09bdf

SHA1
5a2fcb5e706eab9d65efcbe805bc1d2c619fb669

SHA256
b491d77084cfcbf4f79aeff7074c9fed641eca169902315af31be1856de8cf85

SHA512
524edc3ef6eb61715c8414b2ce2d176379d4c00c913f659dfe1d79794936ba87cc2676743e556d438be04010923edf1231a767f89a5749b6771cd51befec414f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
104KB

MD5
e66dd2567f726904a546a2ef9738eb06

SHA1
4aa632531c1e35964568ebfa776c38f7eeede689

SHA256
e9485c8e4b4a255e582e3cec7d1fd174c435c61f06ce87d2326780aa0ea24760

SHA512
ade2f98380d6cc46f51f8c120befb142db22cb78ace34ccb38506796c233ebb45a5be6a2f568a0bfa4acd79daa12f857b7d563668f63bdd259ea723604cc1d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
99KB

MD5
e4f0d9099c7ae3b903c48c173990cee1

SHA1
183eeba9982c7f74c345b489a6e95f89d4ae5759

SHA256
d64222674e9e320a815849456ee5b23b1d689d74c596fca9cc199661d061222d

SHA512
573fba44edaf2c71dcf034c83a7c920a1436c520adec98177eb5e154fbde06337d4405cabb9d53aa4bdb02927db4a5da9c0b4bb58e13a728bb69c8e61265c841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
116KB

MD5
bfccd714140281a9c4ad27e70d92c9d6

SHA1
a32cbd3be72be7c4f28028667a703297df772060

SHA256
24b219d61cb000858438e65c413213b190112862561f5e9ff210fabf4aa6e861

SHA512
a522cd603cdf5255f1b79188e75fd3448037aab2e70f9e295e6b30f6b04454185243037e888941bdff34c38dd5adc5d3583c62272fc75d75419b6d471125bc5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
80KB

MD5
6ef4b0454478a1e2ee3ed6c97a775385

SHA1
f11642dc9aed603159a978f244e94fccb54d2247

SHA256
1328e176541519fc0762b7c46364d9ae92c71fd25e595f6adc8a1d9b99d97088

SHA512
cf7986c251b6c40e883effd5206f748eb00891ff36288d777f9927d0c4448d4daedd252cad6983a4ac164f381c8000230325d8fe48d2bde5c72e1ae8ec531f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
79KB

MD5
6f1c34af9579a56d40795f7b4c23863d

SHA1
20d02cb01c4b4f0971f8e200fa9a21d1d27053ce

SHA256
3cd6dd45fd956208bdca40fde14707a98a199517ed3bcf6d76e69c2b7de0e154

SHA512
a58d755664cee1d063e7937a8b1083c78c719dd3b4e0b6810a98703a0f07c78fdfbf6c8ba5d6d457095bd8845014f789a73deddb79d22258a5ec9eff861996df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
74KB

MD5
3c6d17d82a9e2f9b235b0643b551bb38

SHA1
f1419d9ac22b9e07921f758058a1218c05ab5114

SHA256
5f071594c35715a3b2233c46391dafb579d658d085d43d022605bfcad0adc118

SHA512
adb53b718b56750791cb8ecc507fb46b5397f34d27b8b4cb0de1898cc1e8f4041cdc57eb6e22fb5fe78949b7bcb2bbfa81f80775dc5b27558a5ad5409cf537d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36bdbbe65fa3970e_0

Filesize
288B

MD5
3fc2efefb32a223d1f86d426a1d32049

SHA1
534b13f2a98768318d7e511a1f878d6aa06c6bd9

SHA256
b33f97708ae5045683be4744090e84d99f4af747b340a8a2ed10cdc485b5a276

SHA512
540dc7e92ddaf511cc6c5b81f950ce89550681f79cb630bea9f30d1a88e2da47df3860c4e2fd32908f3d98976681fadcc9f842f6db605d24f31c2e8cb18f9e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\493cb3c518847bad_0

Filesize
317KB

MD5
27a08daee8768c173cd1b1b5fc6c0075

SHA1
0b686bb33fa2fd991e433027970d12677f34fa3d

SHA256
93e9805405498181508104dd04b8e6fd4ebe2bbd4d53cd3782ad9ef2349253cd

SHA512
83962b95754256171ad56734a768b9fab5177a5d6ffe6c5f835855f774e157d3bd7e1e7d0b0d0f0c4667cad55c9f0370f68756a6173e2480b8447eea86f1e114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c5bce7e97afc2e_0

Filesize
18KB

MD5
8b0071a8a5e713eebf42de744e4a1283

SHA1
25cd14877ae7a4e905afe6a87f894a897c027ccd

SHA256
dc9129af70969bc55552f504341c4bba3b2d3a95c86a86d7508699c972674a1f

SHA512
928c6f5e5e281aca342641f1a98607fed9d0cf3ebea4813e4e01dba5fec029924c245f94f2064213543b78c4de7b770e7240fece89c9eb52b651fe7104a5920a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
797bd8162bab2ea63c3b17cf449b9cb9

SHA1
3a709220e97f2bf86cb7ae34d4b259fd2e92a5dd

SHA256
b92024f321cdee60802f1719ce44ab3e711ba62a1182d0d9754b6ba31d7ca7cc

SHA512
12a6bda078dec41ea404f1a410bcf2a9bb9928391817e23a43a82484db67a93ac0dd7ecd53c2deecc3f51fc3ea6e888b129c291e23d554d4cb6ac88b3635e841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa7d1231afafc26f_0

Filesize
397KB

MD5
cfdac6f750c98bdd9f2d4ed1e938cb7a

SHA1
ed7a254a61cd091de7c54b23c5aefe1aa86c853c

SHA256
db7c036b1b456ac13f8db804bc621b59660b5b1ddb4d7a7f49d1e308e3697787

SHA512
d08c4267dcc958cada48fcfa46876bdbd5c8e713a6b5acaa27bbe110ffa3e60160717d6d4f8717994c542b60da53ae6b3ac523e0d31c555aba0ab9ff92317e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad7edd4a5aa0b9c2_0

Filesize
11KB

MD5
29a1749e711d930e8ce0f6842d041fa7

SHA1
12192dfd78b0553cab67117c3866369e6c91d715

SHA256
fbb6c00898b7723fbf386b173d40c04e580e230e19535a479f4e32cbe6028c15

SHA512
0e2a2641fa45d091a1309e653ac3e58d65cf7e0d1475f8e1c4c16b1e7e488b3171abd7405845d9821a6e198a7b1c40d9ce02941276f03faf2cf0cdb945afed0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e3aa88bb1a9d30f84fd7ab15f9567c0a

SHA1
62e158bd325893f46cd0f124e55a28d49124a595

SHA256
9e15ebca6f79bc794b2ab9439084aaae489a5f276801121b717535b9d52ed674

SHA512
c19fbac79a26fdd6e06c15ffd2b7650a44a9f16f4d3fbc9d44c184cd439869f56c8de2c2f5387c1aeda6e8d04db7df54e796c73225918cdd78bf84c0e6811c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ask.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d307dd4bfd2b8f948486329d9cdbd192

SHA1
be63e17253a4fc109b52724c748adfff96318798

SHA256
025cd2ccb8189e0bd17336292dda1b09cb1cd56cd4a274aed06792e7a9b587eb

SHA512
e9e7f987bb1afcfe82af063e00cb9148d21b496a27c7ac6f4df6d72b3e32e4d013d77ae0a41fa60e66f3e24dcc6cd0961da13df9b73912e40dc10f0a280c1278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
549B

MD5
006e9a26726c67837bdf2db802b50bdb

SHA1
69bb66324c272255e547b77306bc57b215bfdeff

SHA256
aeaa3a996b89de8b29d36a37bb88db1e2854876fd709506d8fd2007dff7d1223

SHA512
5734fb136da9393b184c210eb225173f2473bd72768ee9fb22b841414b88ad2f1b829e3e00d5d9199df0953d25246a34d4639bd53f68c6cb4ac1fd11b20cd69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
549B

MD5
3b2d2046e2737f964d891cd6f8169bd3

SHA1
fb63cf729bc030c13c08f86a780ea7f36ca36343

SHA256
4ebce04207f7260c7bdad594eca89dc7eef863ed264edda9e18957bb2ee0f3d0

SHA512
bcaf2ec738988136fad0fe6c17d6ede466bd4db6bb38d61ec1bba908bfe6fa5315c657e565d68ead97e81c3d0c64fe2169595d523fbdadf659655d44b1cb0b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d6f6279ba3f1ecb34bbd0035a676fde6

SHA1
2e2b2541feb034af87c4c6f1189fbe4d73405361

SHA256
f84d370911fcf4ce56ac4d98fb5eaf6d7a85d3d8b4c8c321aa57c18eda5372df

SHA512
156096f6f7472c2137641e11483eb7ffe4631627c340cf1377779e89d86fdf03919c35580d7a8c2ecbee54efee8ca2887599479f5f2154f316e99aad2c792324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d0294575a99da6199142369c5bba77b7

SHA1
693fdf4d64e113073258625880f556c4a0560ed4

SHA256
9f89f4d6218bb2d5149bd2f7bb2de44602682212f8038dc1b1a19d9f4ca0da56

SHA512
2f2279fd325afc8115269185e1c7f9af36ae38693668d21b3571549a3e701a23a2472a5312949a08ad1d0eabc399967873874713f0a2c4c6743448635d223944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b6757af6e301f0dc3fd53a22cc296505

SHA1
93248def47e3e18dc84d662d87692ef98c4e9a91

SHA256
115ed151d58b3f3887491861b15d254096b2afa675d9981bf1ef0cca0b06a243

SHA512
092aa71e4fd2dc6c165e334feb63b8fe59a92c7d6272ca3249b25b6439a0e7766681bc001d21f6017df70e98c1453424571a9ee83fc9227f912cce804bdc936f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
100d8f392f98df5c5f3db39c77222042

SHA1
172d60d0e65498807e884be10e37aa31f5e75527

SHA256
709654dbe5bd6203196526f602db08d9fa6d74af2bf99177731be8983a0d588d

SHA512
ef9426d29d35605a4efe69c7a989f95c6dc91f33470b868465849ac9bc2fc0a1cb5ac907be98adc1b0bc943107b02988fb022e251dd075bbfc1978c421052755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8235e269a27d927ecc75db24fc59c0bf

SHA1
dcbb891cd0298354d9d2122c353976eeb2c5456b

SHA256
b4b96fe22e48f49dafcc7461a58d48857244be6ea3baccd1db66c9ebb652975f

SHA512
4b288e84ce792b0d4bfa89c88961164d30efe3ecb9dc50ed6ba467f9fed12775ef8ff0ceb5fa181ae3eacf2431594d4ee54e2ddb5afb1c2b7ca00bf48fefa498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce6dee2f6574ae857eb8115eb8fc55cf

SHA1
516e317c9fcebe2ac77b5aff0c4ebc183f741b00

SHA256
7e58319149dc1be38d4d37aeace00923036c1778381462d6ae1b18e3c07dda8c

SHA512
c38acd6909e04e207657887c74ffd2349da2faf6178f964b6ace80fc8703d42b139ec1339d848d6e8af7374361b0f01be42c9b8d56ce3b55cec30fec643372e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b6c3bd7e1f305b08d76fde3a6a7c15c

SHA1
986c52eaf2fbf58934f8b08dc60904e3d58f7218

SHA256
630e7a1b70b00de344201d10ec94fe17e1091cd5358d99cde0d814978bcd1b4b

SHA512
580f9a24b3a2be1734a7b9ac04e412e5c46a6a71f794c55cbd18d1f0a814898e133c292a88a03e095b6f72c92a72ec6a69836a143968035aba8bc81caed57a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
731265d007870ccb10cd13aabd0a6bdf

SHA1
84ff6642511968e9b7eb5ab74a2bf7ca89c973b6

SHA256
dab4fdbf97e21abf9e219fbedf2cf2a4537a9ca1531516881e028d3ea0afd57e

SHA512
73eb975d302edd7d86123505fdabce82e28b60b361bbce61777437b5b1b5c4176476773eec2e1f85cb83c38af3d15652dcf46d451aebfa6e9aefb6b30b088cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fa0c1084d03c001e4a8420baf40ddb17

SHA1
dbb3f6e6ebacfa11a80eebecf9a08d2d8fb86f37

SHA256
152c94c8d57c5fbc50bec9c79ff654f446390bfe9ea265c622289f37e61474bc

SHA512
45e00b55e1ede8d0eb2ca3369632d319aedbd41c002a01b9a89990e21342a235726dc04e8b0ed71073aae4dc5eb18887a842707c1409da16f935b590bdd9ccd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1ab565aea1c2828cad674bd3e60179b

SHA1
60b2e24af7b425890611a4159799b6d7df344fde

SHA256
bc1f63f222c095771b35b6b8727a380e2e30853f4790e3bda02b29d2709e431c

SHA512
0f5e2c31d18370b50bbd2b163cb9e0c0c597ff3e2e3de2b56fbec3b2d9070620a1ef192b0ead1e134462cedc2422046eb126f8c8e23d6c304b550d9d42c7a05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7c65bdc09f16a542361d7d96212f30a1

SHA1
55177778b106707ca3c7167a6548e7329fb56a80

SHA256
c7faf5eecade7d95ce0c0d971b7e3f181bbb6c8669d9f94cb2c2e0771b847ea0

SHA512
e965ffcff8bbc6a76189cba7cf4afac533529d14c15e1903a141ba8d60ebfcb1a59a74b91c82c7f9e035dbc3a3f1b5bd9813729fa0b8ac4b3b7d37e9ededf115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f175e9a1f483fc5af3377aa8b5797d2

SHA1
290598afc6c69f74498dacccd3d073da3ac4905c

SHA256
f86470432de3c1adda3566e9104224198d921eee9904ebd27c8f4f0a6746ed9e

SHA512
e12586b58b06eb83619c37d38f845f280488d49fd97ebe614c09756b0da050af18a51c64a6cf9dba68f2d99bbdc182916464eb57c528e1b762168ad691d1cc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
856093bd7be392761ce3493a080d58c9

SHA1
9ee5ccf9646ca3cc4974131c5845ac2403791644

SHA256
1ee7a928938e5480346f1d795a75186bf0771cbd50866e4a8bc871d0daa5f0a3

SHA512
e5283af0ae735cb39b18717d614ba77d7ebdf35106a7e94a3c485701a565bb277427ff0fb2d99418261d825553128f5cb517c523857ac9368592aba3cf0fa564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fa5a675da153a83684267a1a9a957a6e

SHA1
8c1ffbbe2df67950b67fd08c81e72d71f8c1d275

SHA256
413eca640d39a783f11ce6f4666b11d0b24924b01449b50d4109d6c171117b22

SHA512
2e06a6eddb14460d315853033694a926909f278f7aee8baf71978dd01665f9067566cad39d04f52c4e18bd2d8bfd58e78c06c0ce7978abfb0bb635a765597353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f9e4bf3f4980bf9531bcbae75a6b9440

SHA1
843c926678650b58f50bdaedfa4fa82aefd42bd5

SHA256
29cc567bedb11667e186175c40f2a60b06bb992a6c9e29c45101c7d787b369ac

SHA512
acbe67885674ec084dabe0b1b8f9459a3c1a8f2abd9d66a10d8472a16ee8b6e49780cde8068806769fbab45750bc7c6397ed95dc33bdf7e9334c75bef5041fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ddfd34eb8b7418e279c8f14feccd74c2

SHA1
7a22724a1db0ea3f6dba027014523200697c0394

SHA256
b12cb422ed7ea4f877db54d0481bd269581529afe351afe1326275895ce934b0

SHA512
532e7844cba9d08cef90b852fac60891695b4bba2619d632c7bfc48303dfb97d392cc65d2c97d06fcb8bbd63032990651a74e624e814948ed123b18d36ca58c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5029a67bbf9f4bdb1c5666f4e7716a21

SHA1
73c35f5ec3d0bb5ff86084ca7dc7dffecfbaff44

SHA256
fce00eede5c3660ea5cb06b192c96a285713f34b3a8c00fed08d1abb3694f7e5

SHA512
2000ee350685b0a53446155f59d4e56fd1aa8f30914e18fb4a98b43de9d7358679c3f9f01c394e93dcf8233c84c0a535cdc9b13c6f7c0ecd14ff27843892f9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8c89281eb3ce90eb7b4d80845a75989d

SHA1
795d6fc2868e1b92a80b21f2e7043264ac5c27e8

SHA256
b7a37e71134cc008a56396b5ffcf1d9f0a87b5c65318f0348a866aac41e37872

SHA512
fb16463fecc52cd248a95ec790994b1c7bd05cb580913d8798c9063028046c92daab9f961e17689f1b7674e47a6bae2202b1a368db8c2bfc25cf65b192956fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
02a53ec2ac440a13b4fbec030f0f7b88

SHA1
1540c1f2c20deecc29d0d6c3b590f15a8699c22b

SHA256
ad242be04b2a8c5525e7052746c5cb2aba7107067949dc05699590b83cf44e36

SHA512
4a04c18565a10f5c2207d7756c959920dd18ae0e952259d592e5cbbfb2f39bd2f09617ac292249e626963db0ea2f73e7447844981ff9ec07a0f84b57a3746e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6ecfcbf8-b6bc-4913-b0f5-c87e8f52b141\index-dir\the-real-index

Filesize
2KB

MD5
33d359fba22b78f81a58d839cecc0a12

SHA1
f8489f157437d344e1808d4c5b4c33cdd61fa90d

SHA256
792feb4b581301e8b122ee4fe17e4cf587273a760e28ca7386325dc33ba9fbec

SHA512
c16070b85393c92e852b3a97fffec36aad8d06d3f036a07ecf3558da3724aa14b990b5f2ebc9fc866ad2af28d087da85df53f117abf98be6973a2e205d940a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6ecfcbf8-b6bc-4913-b0f5-c87e8f52b141\index-dir\the-real-index~RFe5ae698.TMP

Filesize
48B

MD5
37fecdd052b0ba927f270f9c3829e2ba

SHA1
36e0d1a8845ad59ea1083119a8d51ba17c53945b

SHA256
2df94b4be50ca62a1869f12e34387d5bb80668595e80c154c57a70d327542731

SHA512
ab34baafe34d69a8986d6569e0a1a334e39cd4f0112b03463be1521814070d6cfbf7a3206d93ebeb91875e8f539765d3c731c84d52ad9e81b8a0791c77cb8b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f43505eaaf77c306a647f4df702ba02f

SHA1
6daf235efdfcf21d216acb2686bb177e494db6de

SHA256
fb5d94361863f8bc43e153bf1181b2e962f6dde9089b2a756a9943bb07085817

SHA512
3dafac0b73628b582ab8a4eac8019e4d935cbcd6ca27a1b171abb90e74857690994a8f75ea5676aed7806259f0fd65b52235e0d7ba856337fb8528385cf0624c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
89db62e26c9c3f716d6487601dc30714

SHA1
189984688dadef6395fc9d39acb459b82161292f

SHA256
bdb45bf00728ede13f9bbccbf06fae3fd70e3473c411e63d3c77f5658724452e

SHA512
d7a8e0d11b3803f5dd4223ada870d3849a9fd4240606d136096be30b497a6431ee66152ffd31963b6651c998d146db7b7629295ff842bfc22040b947e426c413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
a9ef89547cc7290f02e3543930fc4abc

SHA1
6aef6f1eb65eb14caa46cf2154dc7be79dfedf02

SHA256
960a5ff34b129594364ac831ed7d1d7d03783451d3221c34f2e97867e184f366

SHA512
ca7f66987d616817a58f0f23a3092dd3c3f15d2227f179d382add80e56f5d716c928db8353705b407ebaa23f260397e6bfb012a1e63a97fb42632c4403953892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a7e2a.TMP

Filesize
89B

MD5
5c40644aac46d7b0ef0b5a41a205fbd0

SHA1
70e910d69b0bc331567fdd738a69b0da55bb856d

SHA256
f5045494b66a2e25ccede92092d432d3a0ee23d0e5f3bff6d79dfcf8ef3e246c

SHA512
bd768c57ef77245e1cd31fb239a06952eac9d2e241e7db8b2d76c06a74c176c6459c911d86b7ef8666a6d4de33a71a23d9e733a531e34a304b35b678bd971618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5dc9bf635c00f5346ca885739115df1a

SHA1
47ec95c1adbee821cabe31fa0af30749e596a201

SHA256
99e17d58d3a261de75a42f3d192d7da90fa85b018a954eb62ceab00c1846a93d

SHA512
63b29b68d71e393c21d52e52639c26a072a433bad9c23135fa13346c850bd471aa6f0214510c4242c9b856d87328c1b9a176f2a2356da20706af6a56f06ca897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
282491ccbdf9e4a7a17f38e7f6c0db4a

SHA1
d452b5470865a8d6bdd12b95a72f8d5bc481d29c

SHA256
db9b00958c16c14e2604e2bdec71202ba859b5645c8443aff8b71e72c469d8a2

SHA512
be5d8ace9a51d0f00cf04885e178e824536d8d567221092e91b0a297b73be4cc2034f536f0d64cdd37a003516465f5541300ced8cfc156839e404d7e15972483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59dbb0.TMP

Filesize
48B

MD5
bb17a13630f97f02e60217b0e380ba5f

SHA1
1eceeda1bedd606b2422bde8a53fd961237fb12e

SHA256
305a48289ff2e85e7bed3d79a345851e17590befff2d46924e13445f78b6d7f1

SHA512
54addb1fbb0391b1eb57f41fd9c61b54e77eaed7d7b5cca2095b2677c967de385f6b2dae7a8976947bbe437c9acc64566759e672f4cd8a73b081f80fcba7cb27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5bd520b5d3f755a4f07076a570b54cd7

SHA1
0409198414b3113ce9746b5e5bd0b04fb98a6011

SHA256
f4dd53723b3fdaad0704fc040aa23525f28ec3f19c538067ae502cecdc604eca

SHA512
ccf3db857b76e1d36bd018cfa0934dc37dbdca187dd2085ab5829edac1e25fa72705e030ba85fbd7a9c900bd91f54982088ea171bc26bdde8993683800b622cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8ac31d177d20d5a24d86d97abe80f641

SHA1
d2678c44eb229951104d95366da45b2277435537

SHA256
b4230be127b30a76e3ad5319027536c29d3762f82c3fbe365f4d9b55659789e8

SHA512
0273c5b76caa0783e88313a5b6bf9be3995215966cfd3d764410d3531ade9177efc4740c8d1e211a83bd7c0d4203b4fc1418a82582dff361a387dcbced16c1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9a95347e985ee7974c594419eb9a3b00

SHA1
cc9b71742454a5f4fd139727f48019f7a5db05c2

SHA256
7b788aeb892292148ff9410a9b1619df57117df57221a09143f0150c6445d043

SHA512
70ea92f17c8bf1b23815f37e96871ec5d652c6febbee65c9fe98dbb8a73c24985d0ebb1bc82e931e56e2c47bc18fd48054202c7272342c43999bf494fc800c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e892d26d7a95858bcaf33b4c28314120

SHA1
d04dbd34956a8bfa75f3f26941e96fe70b34c5a5

SHA256
06c85dc657af206da6b1fcdcc7013f758dd6d3e78e426bb235ebf618a1759be5

SHA512
a5fbbca1f05bf67c61644f321cf45d8b7e1770630bab4463db59a4d3eb2d9b8abd29af2661ec4aecf6dcbee00c91f174baaca9a5348dc8785b8be4f181ec60c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5ff553456e3590d61cb4ce1331a06bf2

SHA1
5eb892a8ba52fe88fedec53ce731eff1e2f40dd2

SHA256
d114578a1cb1514d16c2c40bcc784bdb806366714dbd4307ab130c593bb5840b

SHA512
329232d19450852bc0263cec1c4c3899477bcb20b5b2ac10913b65530449adb83a83868bfc201051ae97936011f99571408b81f81b7fa6d91eb5fadc717d3199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77e5d1a11c6c8d703fcaa3a9d5dbeab8

SHA1
24e8b958c5bc9f511dd1dfd735789fdb6367218f

SHA256
93a8785e7a5dccf39bcbdf32f117b599c5abb920de9cb6569c271ef25caa8e17

SHA512
06576f03e76ef4787cbd5ce141fb6eaf4c4cb10b10ea08b78f3bd4d48f1feecadc3b3b0594c0af5a504738a71ef2b7b584887a83a82949e39ce5710561dc5c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
622c7ab78dc3998cfd9f05cc4634498a

SHA1
d2ae8175171a3ed0e7b9ffbbf5ae51a2411210f9

SHA256
c39a55630bcdd7c7792e660d9bb688f424d2af78a1c888dde1b9f30cacdeaf4f

SHA512
d0c977d27336a7bc34b8ace3cfecbec1cb9843111dbd9190786488b021a43d6e6b9c72d1949f30a713ec81468705ee8c617adaeb4653a0fd782b3c4e6abad9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
24553f3494fa3cf83862986c3753178d

SHA1
73a3929a780d7ebe6427e3d8f0d0e64eb20fb74e

SHA256
c8609acbfa9600e86d6866746b029afda2401b142a4bf1ea4cb9ebe713cbb34d

SHA512
1c51b153f74b5c9485b17a87e4dc8e964dc9f40b20d5d586151502d798d7927c721a22d728ceb878e07141327951ca0b86a8aded8d7b667c57d0ac9b7003b0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e2e108df37637984b62d0e585cee5705

SHA1
c2c665a2dcabcaf127ffbd89cdc2512105e7794f

SHA256
a803fc7c28a4ff838d49dc2692bef727b9dbc7b85d8efbb4970d236d26a7f940

SHA512
b2bc99baadc28fbb610ac58b31a5023d04fd9f20529f2aa3651607a50f53e929678e4f973d8e01c56da78a0c231d1e1e58c1ed072a3f62d9c282f9d1cbeab3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
255efaf8ce026ffdd748253fd3f01162

SHA1
24605acabf30356cb9e9415718bfd43f66982fb7

SHA256
2c7dc7fbac858183812964978d1c0226e466b54cc8dce00b356cac2a9b22493e

SHA512
0227fde4ed9db1cb346b6618d766d1274fe9574dcdd7b8aafeddff25afb2c044ef2889e3c131890660e8beed95a7ef93dd5ecf0af070999d057acb3d3220fa89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6a83348fd30e2cd507563a4fec24ef2c

SHA1
3f62db0e6b99de4791233a8ef3b0f5eec38af7a7

SHA256
86d914c7cee855ce59dd2452a1cf408c6513d49d6504c7cd7b79533ece109b01

SHA512
36732d03e14ee77a1812b412c0fdef55d5b8c6bb32a15d8cc80e42b0fa6f21974fc1989d2928bd378beb49aebf5b37f9774498a0be4853a255e321f6d20d0f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cc496d82bf1068eda540878a58ef6627

SHA1
d28d8d4219fc413ad0aac7bbfb2cb763ed7904bf

SHA256
1d2a28f218a01cec54ed2be0d9d377ad29ba820513dd53724b951fcd3a857786

SHA512
e477d4a44c1d025070766309be6b1501a0b2307fb01b52fed1c63c2e97a42c028cbcfb155e60063078fbfda636d1f9c0bbe0730ac895501dc1297dd389d0637a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
79b560630457b6bfd49b7e42f217a1d2

SHA1
6b25b7b418b2dcf70f3dd43a2c61d232cd8d76f4

SHA256
77ad79aaff23e7a821e5af1ed8b791e94fcd4e22165372fd32dbbd7f9088214e

SHA512
27729d43443a1cb1a599771e905947ea44559bc4c28ae225d43749b29a35af431bac43509aea9f1921da968b2f979b3c5b275b51763d3c74efe06c4e8602fda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
423f8909c9e890e340519e4f331ac80d

SHA1
a203c1f74d34b006369a290aafd671b1944cf00a

SHA256
29875bfa7d0555ad93379227f09a903f42aa3decbfb365c40fbfb21d9a593c81

SHA512
479e3597a71b3054269db2ef6b5ea8383f253f65d3f58f94bcbfde8ad510a9c4d789c3569d702c5e0526ced713f8a438a84950dadd03ee0a88f7f4d064a690a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f27e7ff2200ba74b8ac8e7fda30bb68

SHA1
c6bff32fa3b2d5ef32ef396d18fdc3ba106f50a1

SHA256
39158e7a5812a890044eb49ec555db29bd86977e76f8c9627aa8b0b301e4c610

SHA512
ff8a3e28c0bc612653bf8450bf957f532c95d1178aeb9dc6f72214e1aeac82a25c84405e596f8448febd048b59d034ccea512b0923c2920b9fa24033f95529a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588558.TMP

Filesize
371B

MD5
9e7cafc8dd0165d2c78ea02e03d0683d

SHA1
ccd492c09385eda4a1619dd63d11a60f10bf9f20

SHA256
6e5a66e76d7d97da49bd3873f43a2e54e4ae466316ee909d76490949f28375bf

SHA512
f29cb903a9a9c8ca6393818908f23ea81e9312c7534771696f128323222d45a6c88d6bcdac07f5b60e499118ed7578fb96778d46cb732e19c3682c23709cfc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d36ebfdb-628c-4224-91ca-18fbfa8d42f9.tmp

Filesize
6KB

MD5
5b2e28c496565a474849a0f5d855c744

SHA1
225e7256808d98602063edf5fa76da268363a632

SHA256
cc46cbc0690f26eca41a742afeeb1a833edbe70325e5c64dbab8bedb5b75af8c

SHA512
d988b44774ff040a2ca9cc86635c7f7dcda73fb299f1e45e4c09952f91855fc79ed04c2f5268001d4d8d639d34d170c91dafcf9587a317be1abed18b036095bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3eb05ba8f614169bd78cc08bb383d29e

SHA1
ffb66fdb4d38cf2d8712bcd1c6bbaedfd013ff99

SHA256
878799942da9ea0ea01385bfca24cd599741f32efb5c039ffc249695fdf54529

SHA512
cc7a749d27738531ec826634de4382b83788be48550d3b1f7bca2e5ad0de6e2dc7a13ee1b382804d713b42f1712ab82c192e828cfd20188a118a4c4d61087a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74bda27249028ccf128079d2334f65a5

SHA1
023b696170fe8914718e08409c56e12bb9b6b3b8

SHA256
be0d0364a582458c060bad874a824b167326a075e5bc48e85cb920884173dd40

SHA512
5d73a380d881bb3d8c4b35fbf98e36b42b898b7aab161f4b14004eadc5cab8262c0c5952470e36e188fb2c3017bad584e33225620a6b52a0ac310534778efbf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslB08C.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslB08C.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
C:\Users\Admin\AppData\Roaming\Data\1.bin

Filesize
7.4MB

MD5
0b3c41fee3a69110fb58554519cd4639

SHA1
9537cb0405973ae630c3d926cda6a2825b9288c8

SHA256
587b3d5078538290e49d2a8fd1740a8fc7960a0faaea4d5cae0959d99ed14fef

SHA512
ad2eb4a04db685649d70bdc521cf59f570d5407d284f5bb419efc60b94802d91a755417ba4bc44bceec78b155295b084fc6edff31d4760c08058cc04ebdb0008

Download Submit
C:\Users\Admin\AppData\Roaming\Data\10.bin

Filesize
452KB

MD5
a2f47c218e2507db3b22eb7e6d780001

SHA1
218a59915bfede4b5cbf2427200566709aa05bd5

SHA256
5b60fc854544978a715bcbca8f5a3abd28bcd0bd8b50fb953318640f7a266d37

SHA512
ae7152c080773d3910eeb05a47cfb551875e65dc5d88734114d03a6526348164caf179f2fc3b743850ed90b4fb80542e8b36ca31b3ef8168302500fbc0a701ff

Download Submit
C:\Users\Admin\AppData\Roaming\Data\15.bin

Filesize
528KB

MD5
3948ca5e92fb2d019a8f16765f7a5e40

SHA1
5290a66876ab0f62ba34b6b524a0e7771e31ee3c

SHA256
ca362bcaf0e62fca16febafc2d15cbb1ea92e2ad6cc22fa5337316ab8bf2bc27

SHA512
ad56d867e1040bfb5b2998a2d62ffc508989a5fc501f22ab775bc9f715f1cc2d4ccb0a899f8b2a82e7597bf715ad70b6826875e72e23273ef306f5bdca47df03

Download Submit
C:\Users\Admin\AppData\Roaming\Data\2.bin

Filesize
207KB

MD5
f880360554744e362e71ef7864e7defa

SHA1
7b7bf7fcb4b339f2cae383934210b68f0e989902

SHA256
94824b251fa9e6a9ca3819d5d9f8defabc6456fe31be3d8b914696329af36cbf

SHA512
a266c24126a613a12669f45483a0c5632c2ea187ebc4fb2d73d2e685dc8abbd9b213a7456648df2131a85851383f8777d220cd3b014517c5f008e981ed7bdbe5

Download Submit
C:\Users\Admin\AppData\Roaming\Data\7.bin

Filesize
372KB

MD5
22df6fab4552241b0a7d650a15a336d1

SHA1
1e2b12c9ce52e5b433413d28d96be0974f6f7390

SHA256
d47f4fbfe7d145a737cf2e9a6c519e38510957a2ae663d4295e00ce0f6e651a2

SHA512
505a53580f7f76df021a466fdaec6ad8230ba04acc7115286d1a801d51a686fce08a23aaddaf0e134e94ce822191892987db8541edbefaa6928a2927c5508292

Download Submit
C:\Users\Admin\AppData\Roaming\Data\8.bin

Filesize
408KB

MD5
5ada580c290b53327fc8db29d5cd66c5

SHA1
a504aff6a9fa93bf4ccb69df17b5238804c659f9

SHA256
5dcf1f4b285a6dd70ec7acd77eeb5752a3d381a8a697eafd394fcde615f3ba63

SHA512
36da1958e7b4fad5367b257d9343c4eab59d50b01c610514d48eae2d0eeabf7efd06dd8fc63551a0a7e11df91aa3ceb063003cdd9c30c6755431ba218524fd49

Download Submit
C:\Users\Admin\AppData\Roaming\Data\9.bin

Filesize
13KB

MD5
f0e3d4ad2f1d09acf314a9e7a92777ff

SHA1
958224c3c98945c38f4e12ad6d1c64c4b91e189f

SHA256
b897644e314b31e0dd5159d061b9e77a512178f29a9f36076ec105e286212bb4

SHA512
28ccc056d2f5bde039cc3502a584cce3baa5cf9700fda8775344935438a6951989b3a24903693ac5e5292ff250cc27f338b783b29191948bed7ff4cc8038c8ac

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
21KB

MD5
5761ae6b5665092c45fc8e9292627f88

SHA1
a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef

SHA256
7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2

SHA512
1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

Download Submit
C:\Users\Admin\AppData\Roaming\data\12.bin

Filesize
5.4MB

MD5
9e0ab3181d32ac9950dbe1026b197207

SHA1
d8b53f3a93d5e2df9507b6256f2e414712347256

SHA256
a3091d14161d268924a4d6195f820c64b1811d6afbd6948dde29e267ecb56cae

SHA512
424f8f0a6e945fcd831ca0d0f73f898dad0214f38cc477cb3be8b161836e349cd5d629444033e134e2fd6b8c85cae088f177aea4e26d7192a4f60a5739584c2e

Download Submit
C:\Users\Admin\AppData\Roaming\data\tree.exe

Filesize
479KB

MD5
e80a37c42ca0d2bc7f004afc4b822d6a

SHA1
f17361409ecb19135e3b4292199fb69bd4b012c8

SHA256
71ec6f96779240d530ddf16fecb1df97661b9e1ba8201135459729c8d4d2bac5

SHA512
b3ff7e71af33dc3368a198de8aaa4cbad8daf7ae90b3d398fe9f2cde490bacca07e6bcce08f6afec5943b634a2ed0ef9b121b89a68992d22bf3f831b6f33efed

Download Submit
C:\note.txt

Filesize
133B

MD5
910efec550edf98bf4f4e7ab50ca8f98

SHA1
4571d44dc60e892fb22ccd0bc2c79c3553560742

SHA256
7349f657a8d247fc778b7dd68e88bc8aba73bf2c399dc17deb2c9114c038430b

SHA512
320de5e34c129dd4a742ff352cfe0be2fac5874b593631529e53d5fe513709ac01f5d1d3dfae659f36a2a33aae51534ec838f5d3748cd6d1230a0f3d29341442

Download Submit
\??\pipe\LOCAL\crashpad_3708_PTGMOKMOFWRNJKKQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2128-50-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2128-54-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2128-52-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2128-55-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2128-48-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2128-58-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/2128-57-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2128-51-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/2128-56-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/2904-889-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/5680-2412-0x00000000009F0000-0x0000000000B43000-memory.dmp

Filesize
1.3MB

Download
memory/9072-2486-0x000001CCAEBB0000-0x000001CCAEBB1000-memory.dmp

Filesize
4KB

Download
memory/9072-2493-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2480-0x000001CCAEA60000-0x000001CCAEA61000-memory.dmp

Filesize
4KB

Download
memory/9072-2482-0x000001CCAEBA0000-0x000001CCAEBA1000-memory.dmp

Filesize
4KB

Download
memory/9072-2484-0x000001CCAEBA0000-0x000001CCAEBA1000-memory.dmp

Filesize
4KB

Download
memory/9072-2485-0x000001CCAEBB0000-0x000001CCAEBB1000-memory.dmp

Filesize
4KB

Download
memory/9072-2445-0x000001CCA6740000-0x000001CCA6750000-memory.dmp

Filesize
64KB

Download
memory/9072-2487-0x000001CCAEBB0000-0x000001CCAEBB1000-memory.dmp

Filesize
4KB

Download
memory/9072-2488-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2489-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2490-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2491-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2492-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2461-0x000001CCA6840000-0x000001CCA6850000-memory.dmp

Filesize
64KB

Download
memory/9072-2494-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2495-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2497-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2496-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2498-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2499-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2500-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2501-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2502-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2503-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2504-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2505-0x000001CCAEBD0000-0x000001CCAEBD1000-memory.dmp

Filesize
4KB

Download
memory/9072-2506-0x000001CCAEBE0000-0x000001CCAEBE1000-memory.dmp

Filesize
4KB

Download