hxxp://google[.]com

Resubmissions

05/04/2024, 01:11

240405-bj1dhagf34 10

05/04/2024, 00:52

240405-a8le7sga95 10

05/04/2024, 00:46

240405-a41dkafb7x 7

Analysis

max time kernel
1035s
max time network
1036s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 00:52

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Executes dropped EXE 8 IoCs

pid	Process
6108	BonziSetup.EXE
5496	BonziSetup.EXE
5908	BonziSetup.EXE
5748	MSAGENT.EXE
2456	tv_enua.exe
5376	AgentSvr.exe
6328	BonziBDY_35.EXE
5892	AgentSvr.exe

Loads dropped DLL 37 IoCs

pid	Process
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5604	BonziBuddy432.exe
5748	MSAGENT.EXE
5456	regsvr32.exe
4568	regsvr32.exe
5520	regsvr32.exe
1612	regsvr32.exe
5732	regsvr32.exe
5472	regsvr32.exe
2112	regsvr32.exe
2456	tv_enua.exe
2536	regsvr32.exe
2536	regsvr32.exe
2484	regsvr32.exe
6328	BonziBDY_35.EXE
6328	BonziBDY_35.EXE
6328	BonziBDY_35.EXE
6328	BonziBDY_35.EXE
6328	BonziBDY_35.EXE
6328	BonziBDY_35.EXE
6328	BonziBDY_35.EXE
5892	AgentSvr.exe
5892	AgentSvr.exe
6328	BonziBDY_35.EXE
6328	BonziBDY_35.EXE
5892	AgentSvr.exe
5892	AgentSvr.exe
5892	AgentSvr.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SET17D7.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET17D7.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\CHORD.WAV	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Intro2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sites.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\emsmtp.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvcrt.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Regicon.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Uninstall.ini	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp	BonziBDY_35.EXE

Drops file in Windows directory 58 IoCs

description	ioc	Process
File created	C:\Windows\msagent\SET1057.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\help\SET1069.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SET1786.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1057.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET1023.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET1055.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1059.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET1056.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SET1058.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SET1796.tmp	tv_enua.exe
File created	C:\Windows\INF\SET1797.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET1024.tmp	MSAGENT.EXE
File created	C:\Windows\help\SET1069.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET1797.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET1021.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET1784.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\SET1785.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\intl\SET106A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET1785.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File created	C:\Windows\msagent\SET1022.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1023.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1055.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1056.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET109A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET1784.tmp	tv_enua.exe
File created	C:\Windows\winnt32.exe	NoEscape.exe
File created	C:\Windows\msagent\SET1021.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1054.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET1054.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET109A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1022.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1024.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET1058.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SET1786.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET1059.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SET106A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File created	C:\Windows\fonts\SET1796.tmp	tv_enua.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31098612"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1E155609-F2E9-11EE-B3C6-D65EEEF40ABB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000068224481a8b3d349b57460395a3447ba00000000020000000000106600000001000020000000559efd66023e82c13aefccce90840035d167877aef05e26e43ee457c83ff017e000000000e8000000002000020000000168f34c39ba63e22d66eec7189bc01b2ef5ef9a5283138436efdec749116517220000000707c671dda47edde905c924cd7c987c9d00897824aef628df764eade08941b4d40000000d8b956e739c3195f15fb6603da46ffc78197b8ea5b16364406b85fce003199d9db7a4f44a82e3f49566dc1c798948e89444789ddad6158be08d8f127c7434073	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{468ECC47-F2E7-11EE-B3C6-D65EEEF40ABB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "453829854"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000068224481a8b3d349b57460395a3447ba000000000200000000001066000000010000200000005766d39bc98d9b169cae9b965d5034065e5242bf1ec971aaf617774241467749000000000e8000000002000020000000d6a9105a99f39b4d2297b28868eeb9865e2ead8b217dff3cf6e8b687af81c382200000003f657419c0fb74c27998fa95f04709a0f21191b495255d4b2ce36aab3b3b9ce2400000005fe8feb4f2fe446f11463bd74257af329843e6ee553d14e700854c8d7fbceef3efbb8ae09977936a36ded079822321572853aa0814aea0d06c52ebe4854c8927	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f719a7f486da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E3AEAEE0-F2E7-11EE-B3C6-D65EEEF40ABB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0b80e1cf486da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fd091cf486da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff1a0000001a000000a00400007f020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31098612"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "156"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\ = "_DDateCombo"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\ProgID\ = "ActiveTabs.SSTabPanel.2"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0"	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\VersionIndependentProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}\ = "ISSReturnLong"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CFC9BA1-FE87-11D2-9DCF-ED29FAFE371D}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\ProgID\ = "RegistryControl.RegiCon"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B1BE803-567F-11D1-B652-0060976C699F}\Forward\ = "{916694A8-8AD6-11D2-B6FD-0060976C699F}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E8671A8B-E5DD-11CD-836C-0000C0C14E92}\1.0\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\SSCALA32.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ProxyStubClsid32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\ProgID\ = "BonziBUDDY.clsAddressBook"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6}\ = "clsStoryReader"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ = "C:\\Windows\\msagent\\AgentDPv.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\shellex\PropertySheetHandlers\CharacterPage\ = "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\MiscStatus\1\ = "131473"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ = "Microsoft ProgressBar Control, version 6.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\TypeLib\ = "{F4900F5D-055F-11D4-8F9B-00104BA312D6}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsDownloadManager\Clsid\ = "{F4900F96-055F-11D4-8F9B-00104BA312D6}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}\InprocServer32\ = "C:\\PROGRA~2\\BONZIB~1\\ACTIVE~1.OCX"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24830770-5D94-11CE-9412-0000C0C14E92}\ = "ISSDateComboX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RegistryControl.RegiCon	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDayCtrl.1\CLSID\ = "{643F1350-1D07-11CE-9E52-0000C0554C0A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA478DA0-3920-11D3-9DD0-8067E4A06603}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CLSID\ = "{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1\CLSID\ = "{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FEA-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A2-C5AE-11D2-8D1B-00104B9E072A}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\Programmable	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}	BonziBuddy432.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 720626.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
5096	msedge.exe
5096	msedge.exe
5028	identity_helper.exe
5028	identity_helper.exe
2488	msedge.exe
2488	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4708	msedge.exe
4708	msedge.exe
5692	msedge.exe
5692	msedge.exe
6020	msedge.exe
6020	msedge.exe
2728	msedge.exe
2728	msedge.exe
5972	msedge.exe
5972	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe
2280	msedge.exe
2280	msedge.exe
2056	msedge.exe
2056	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
4716	OpenWith.exe
4124	OpenWith.exe
5496	BonziSetup.EXE
5908	BonziSetup.EXE
2724	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2032	firefox.exe
Token: SeDebugPrivilege	2032	firefox.exe
Token: 33	5760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5760	AUDIODG.EXE
Token: 33	5892	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	5892	AgentSvr.exe
Token: 33	5892	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	5892	AgentSvr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
3800	iexplore.exe
2032	firefox.exe
2032	firefox.exe
2032	firefox.exe
2032	firefox.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
948	iexplore.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 57 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
2032	firefox.exe
2032	firefox.exe
2032	firefox.exe
5892	AgentSvr.exe
5892	AgentSvr.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
4716	OpenWith.exe
3800	iexplore.exe
3800	iexplore.exe
912	IEXPLORE.EXE
912	IEXPLORE.EXE
912	IEXPLORE.EXE
912	IEXPLORE.EXE
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe
4124	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2184	5096	msedge.exe	85
PID 5096 wrote to memory of 2184	5096	msedge.exe	85
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 2068	5096	msedge.exe	88
PID 5096 wrote to memory of 1056	5096	msedge.exe	89
PID 5096 wrote to memory of 1056	5096	msedge.exe	89
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90
PID 5096 wrote to memory of 2412	5096	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef5df46f8,0x7ffef5df4708,0x7ffef5df4718
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1620 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1532 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7764 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Users\Admin\Downloads\BonziSetup.EXE
  "C:\Users\Admin\Downloads\BonziSetup.EXE"
  2⤵
  - Executes dropped EXE
  PID:6108
- C:\Users\Admin\Downloads\BonziSetup.EXE
  "C:\Users\Admin\Downloads\BonziSetup.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5496
- C:\Users\Admin\Downloads\BonziSetup.EXE
  "C:\Users\Admin\Downloads\BonziSetup.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9380 /prefetch:1
  2⤵
  PID:164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10408 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10680 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8700 /prefetch:1
  2⤵
  PID:6528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1
  2⤵
  PID:6728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11312 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11408 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11352 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10960 /prefetch:1
  2⤵
  PID:6900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10404 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2588691095722250284,12495496900019751481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
  2⤵
  PID:7032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3496

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4716
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-1.5.0.zip\BonziBuddy-1.5.0\README.md
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3800
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3800 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:912

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3592

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4124
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-1.5.0.zip\BonziBuddy-1.5.0\README.md"
  2⤵
  PID:3872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-1.5.0.zip\BonziBuddy-1.5.0\README.md
    3⤵
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.0.2038934020\982631827" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81b432d3-0961-4830-9041-695cea716a19} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 1980 29348edbd58 gpu
      4⤵
      PID:2488
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.1.1449308323\45399857" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f4e1b7-b8e7-4ef8-aa79-0d26b869e6e4} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 2400 2933c472558 socket
      4⤵
      Checks processor information in registry
      PID:920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.2.955240515\660322415" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3036 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b710c71-7fbd-47e5-8654-da5d893f8c4a} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 3268 2934cbf3458 tab
      4⤵
      PID:5240
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.3.1280627518\860064919" -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 3248 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22daaac7-2e51-4f34-8777-28cc5acf5489} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 3632 2933c465e58 tab
      4⤵
      PID:5340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.4.1335674244\771640681" -childID 3 -isForBrowser -prefsHandle 4808 -prefMapHandle 4872 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {385fcdec-1e32-4501-afe2-48dce94b6e78} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 4904 2934c5edb58 tab
      4⤵
      PID:5964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.5.472527595\956029378" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 4892 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22393fab-f2ec-40ba-a09a-b01ed612ba92} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 5036 2934ef8ce58 tab
      4⤵
      PID:5972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.6.890631090\2034537642" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81cbf693-88e2-4b35-9423-a2f3189c094f} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 5332 2934ef8d158 tab
      4⤵
      PID:5984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x498
1⤵
PID:768

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3688

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2868

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2724
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-1.5.0.zip\BonziBuddy-1.5.0\README.md
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  PID:948
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    PID:5292

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:5604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  PID:2764
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:5748
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:5456
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4568
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      Loads dropped DLL
      PID:5520
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      Loads dropped DLL
      PID:1612
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      Loads dropped DLL
      PID:5732
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      Loads dropped DLL
      PID:5472
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2112
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      Executes dropped EXE
      Modifies registry class
      PID:5376
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:3248
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    PID:2456
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      PID:2536
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      PID:2484
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
  2⤵
  PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef5df46f8,0x7ffef5df4708,0x7ffef5df4718
    3⤵
    PID:5800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5760

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
PID:6328

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5892

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:5328

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2180
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:5332
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:17414 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:1856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:17418 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:4816
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:17422 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:5444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:17428 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:6624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef5df46f8,0x7ffef5df4708,0x7ffef5df4718
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3652 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,1380809461372404542,14704914386364017435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
PID:6752

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38e6055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cada984b36f8c521615e7b397093e6ac

SHA1
91df139d94904bf62314732300ac483b8933067d

SHA256
75558dce1cce08b7276bcd0cefe95ceb97bacd024146d95594d19af45de52220

SHA512
a7d7db8e674113991cd0ed1327f82499a6400e4770f778abb2343e0eaf3d0b37e8de090b0299652ffe2fa62731b04bb1053db4b41804756393217a0bab5473b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
35KB

MD5
de2247e900d4855eae21f9e31cebb243

SHA1
0a97754df1230f2783eadeca32d339a3cd63abd4

SHA256
4a3e99ffc912a23a3e04f16143a924d2271c5623331f37de27756b2488e13ae8

SHA512
54c8f09db2f019c6d9ea1206ed66a661e4ed7d2218d9a886265cd2f22782f4a21e4147b8f1edeaf37155c4b36a650666b7de029c8e5aca5ae5af0c14ecde7706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1.1MB

MD5
7aa808364c0a844b42f927c1791a9a68

SHA1
1b3a7f88eda399092f85e77105a1dd9a31a45b81

SHA256
76171d507c6e7322d83c6d922cd83dc973b348bf5727353a98ac4415f383dae9

SHA512
1bf1412d5697055ff81bb9d397acb416c12001f376dd86902a95ae60b9b4b40f0c4ed20f8679beff7e92c45db16965a5ab64975597d6b6955550ac3bede3dbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
24KB

MD5
b7834ae987a248e3181fd3dab35e244f

SHA1
f09aa8b471fc9d3f02b18abc02f6bbff272e5423

SHA256
eecc688ed2db900401f394d85b64befae7ced6319af49678d5b104e1ee34f7d0

SHA512
67a89a3e7214119d14a9038f6e2b4930622d72c4e2f78c62df2c817f56334fe9f599e2d03698b63ae01b10d1709e966dbb7d081d7786e8a7fdeb5b15e2342fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
39KB

MD5
214a69cd0cb9fff18f92076276446c39

SHA1
f91ffadbca6b4280dcb20866ee6c32f2bc67ad18

SHA256
59941acd1f5159cd8197ea40a3fbae88ae196afd1ebe5d1f15c66aafe9329d99

SHA512
6f095008a332020537bb796d0163b56f9d17e1dc3383b821e4167b18a4dc6df277bfb11beeba2f3c7043743a30498c3353d47d693558e60c511f4b8811f570d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
26KB

MD5
b3be84eacd2888e1e0da94f9813541d6

SHA1
3ba772bf700b357dce601dce8eae675d346aaec4

SHA256
0092baf639b16ed972a86f8ff429640e62bbfd4044f71ef5bb6a7af0c22cef89

SHA512
ae4c1ce9db1094960d4ffbccbef7ceaa78ce075ca93b9ac3a46d84ab6b98f15fc9e51f9c2cd98a906f602b1e3e7420ef463e80f09fb4b52fa6585fe33b98feb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
1024KB

MD5
d04298c66fb6d212a37bda8c95ca3f18

SHA1
c11f60ed11f2e85220bea0517f44e6080694a1c9

SHA256
5c8c3803038c0d4ccc3cb67539c8fcd38019ff907bf88b25c349038cd1b7d2fc

SHA512
6809609d7445a32afa0b84e45661886669e4f5604e0cd782734b1c48ed4296b173a24daba6f6b7b336cb4f0ce3cfb7f5f5ac8960a12b8f06768051ea42dbe371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
62KB

MD5
74c240d81e71ae376913677111b6fc7e

SHA1
9002418d668b0b5c3541a86fd6195693384b9fe3

SHA256
e0c7d5f46ac580b10c72b512709965137f941d206ab0995d13a77a0e3f5055ea

SHA512
66abaa43ad96f7466d1affa8bf039c90d2bd6fb64898e506fe0889ddfb3554d89a1c3e9f652724cb791c5c104ca68879e8145064173a09fe2580e3fa4fb9b64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
31KB

MD5
c30d2da9fb20e32f49471c06ab0b4683

SHA1
0d1aa96700760ed1564756a24a0eaba66fa27430

SHA256
28c0929af10cee967c8c4b07c6e0cffd475fd6b02ee0fa430d6394c80b8fbe1e

SHA512
431314c00a7de250551d1015b256bcdb50859d43e86729a8ef72470d619a5ef146e6cd74183dba953e0b30e6393116c48aad1b54323905ccc795e831c1c08720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
27KB

MD5
bffb059f66bf71c890cc5b5ae438989a

SHA1
e13ab1e1accbf64e3e430f02f7c10ae09d413ac4

SHA256
3a87dbcf5afda3daf93b5be8979affc5ed1a14c1050e004cf4c8897f2d96bd64

SHA512
cc7a0e52bc9278d4e69923eb6ead9da450144797c5aec7bb479cd68203221320341e271f2be120d7fabd6b8a9d0ecfe48c870c7eb18fe687d96dbb20ede9488a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\00f194399257ca72_0

Filesize
4KB

MD5
d0e20389cbc42e617b7501c49885d451

SHA1
42d40155df891a8f220520c3ab4d3775961523e0

SHA256
c041e35992572ac9cb2b70876ece5ea650cc9b31e236a487af5d12714cb0e5ca

SHA512
8dbfd52878942b2e03cdbca4d65525d0ed8cbcd6bfd1270b105253faf5fc9419f9a5e6fc562dade238f3f267773113911cd847d8610da12968b73f76cb267919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
1b9e98d5f90493190801a7e48c87e541

SHA1
df39b4d42bf1b64b084d92552b550cbc4628f15d

SHA256
80cac7fb3fc787135fae6ee96b9c44eeb4ac698c5ef57cb72bffd819b78c4912

SHA512
48e8a5582a4782b726c2ac2ba98169999851609b01bea1608e8116af545f9e199f4a0275164587145988fc15f6f3f6a44b0d1107c2cef5c3b997e7773e09b338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\056a4d2934295716_0

Filesize
19KB

MD5
5b42ef98725ebfe48f323ef9af6761bb

SHA1
916b3600482ca72e7b978451e1c7c7f05ff7a141

SHA256
2c20332966197d3291b04eb32f3543a3d3f62b19ef9642bdb8789a35af2f13ee

SHA512
842f9b58208dc447c26c9d62ce27c584a757ec913a8bc2b14857c64f4ac5bb3f4241c6ac5187e25c6fe76db615647506c6b7b9274457ecfc562028bc9015eb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
14KB

MD5
2291525289d244ee3db2455e761ed1ec

SHA1
21f0bdc9640d02ee1e9a9c70c58b68380fc97e93

SHA256
c9c8b262876f72c2277a05ef05273e325a0488d1eb2ecf518075f02b8926e1d9

SHA512
af62bc164ab8bb03fe5c5a2c40743cacffc93f39e627a6a3fa298c500bd98780a34ed17ab7cc571530ea6b61971dde84b42df93bd367d4b5c4fcb5b6536a97d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
2f1dee536eb974cd6863489eda2d1213

SHA1
6f16e8a34c6fa9ff0a36e12d217b29af28c789b4

SHA256
e2ef0c863f47490dc5ff7dac938409a7950971f608a7c3898d49ff25247d35f0

SHA512
15b79f435b760c4627b6a66ca23ff7317a975cafae280bc2f17009392f7aee27cb2dd93f1c8c1a24ca2a3aa23e9a78de99c23601237fb33f0e84a3f5fc08e6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1815fb99bc740856_0

Filesize
27KB

MD5
0ae800f29919c8b02b60be4118fa19b5

SHA1
927d571a7943a4a43fc47888c9017d4dff537098

SHA256
5f89fe736f1fbddefa2afc2e8b9dc5cac2ce99eacfd216530eb396253f4c3373

SHA512
dee5905c765b5c7eee25fb4ad5b3458f78f43e0f98441b5029c7c91b49d84c02c9ee033b8063f904864d38cf373bd7d80eba7868aeef76d449e937d896075019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
1KB

MD5
8e2e85d33ede175eda0f2ce6edd40f83

SHA1
9bde01045e17836b059ffdc86128a7a5a1c1ec14

SHA256
7115375e355c918cbed5eb32a1ee5549f4036ff22969609b852a879b1a3988f6

SHA512
0b76db2552a907a238a023e401837f8f26c0ed11b9413dcf61bcc6b459b5cdef42040bf5babcd0ab59cb3980f8e42ab134ade8b47d33d5341c9908a9b8f8d990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

Filesize
2KB

MD5
4aa63123a52b80180c78a9c64dd00960

SHA1
84bc634b9f335451f2cc66e35ae239b6a9164a48

SHA256
9426cecda76e75bbc7e017ec41a4ccf514bc7921cf287ac94b85dfdc4623df96

SHA512
58e2eddb6c5beb879ab7e934eb9cdc975e718b08b3d6c43d958ef83f36f881ced7b72c9b8a6f66ff92d6853ad0add3fa86662c0cf4c30f36942e9579001a68de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1db6b594f0a1d446_0

Filesize
23KB

MD5
897392af63b8e24e05427bb8990a5793

SHA1
a29afb243806aacd979df591a5e6ed256621a76c

SHA256
13ad052ea0c6ee7913f05f92a2f916ed1d609557b91862783707160474a04452

SHA512
d3c4d1642b2bf43e5f62f01fbd27b3b81c95b6c422b602364f50daecc4c17db98c837f74b42d7f0aed204cce8c39d952698d86c2c0f62d06a13d584b3cc590d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e88be1e67081d4a_0

Filesize
14KB

MD5
7d35dbc14ddcd52baebbdc52036817d0

SHA1
216f7c65ad7705d94f80b09380e1767acca46932

SHA256
4f4f95e89e8274a655ced5ef28c766ff13a65ddcf0c13a2f293ad4dc26203ab5

SHA512
2d3be570902de4bb3f7dd7de9bb91c77b75ba2c747d50f1152fe5b88ab7e6f74597a6d6881d8ae3f34533374cada05fba7dde901b5db66dfcf35e0771b602352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\252c5afb57e673b7_0

Filesize
1KB

MD5
e17cee137df075635ffdd220db917c94

SHA1
ff9429370170111dcb3e8694c1d89cfbbd2daf19

SHA256
432577e45a270fb612185e89d03d179dcd25c31066ba708a84b8f90295b37e72

SHA512
a56782c3082f04771184dffaa25317262760e6fac0b2962db228c08d07a41ab77c8ba3230f17bc267a8d174d6c2669d7ced41cc20ba3cb2308865301b169dbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\253ef259fba23c12_0

Filesize
267B

MD5
72209d480b06b8eaa9cbd9ebb7ee2a3b

SHA1
cfb66dd6bb0556c9a7af02ae0db1ffaa27fb06f4

SHA256
f38d6891a17e685e7180e68bba6a8c15c12f32cc92290160cc3bb49502c81ac3

SHA512
690902fb067c6026a346aab63ae8ce5f3124804ed712882cdc59b16950ced100f5745276db90bc15355db416816e918b83389f107cae6fd73c1716bbef049165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
165c254b02fc103ebc70875684d78bd7

SHA1
a772d479136ebfee005cefc411e73957b1d8575f

SHA256
101f781be64714d4bec15dc0774ce7fb88dec0ac7e096a1be55ff498b7bc42eb

SHA512
98424bf3aa6afd20c8a460a7a0e07e5056574329f50014fdea293b95ae2c67bc445874501f0728a61c97e51739e98c5e0686a786c6d6278ecc339c126a86f936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0

Filesize
26KB

MD5
853d4ad776098da5d4b2afb1adabea60

SHA1
31999fe9a4f927c5aedec94eadbdf5ff5e4425de

SHA256
ccb45edd16dfcd927f9d5a29db323495ed73446a7ba8e79e82518ef0ffaad9fe

SHA512
d12f8119677ff5a7eb4cc73a01325b415b2d8d6c6f0f080b6ae544a11ce4f0f7b6fab7d2108e031d95a0d3aeb4b5b4c3c30477c46cea9b597ff0d44c1202b79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c6715722d4b03f0_0

Filesize
175KB

MD5
342cd98031e611d0a8f7af113a9f1aa1

SHA1
8e283c071fd884cd0157dd8f604c4876782ea682

SHA256
f90e5d211d809b0f991c170f2b54609409b281f8ffd5c40819b20b424352531e

SHA512
ca6ab34142c8f0b37111113c0c751cc3892ab376c11d1133023a58f06d0c59dd2b9e738d55ab8e0b4ae9a121dd0b3242e13a91fbdb03d0f89cde55bbd55a082c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

Filesize
5KB

MD5
28c4a21f3df3166ca30612602b90ff7b

SHA1
f625674e34ecf6df5b32b311bb1ab4b4ce4da5ab

SHA256
e6a3a399090c9a33a7344c66f01af44aaa435a169a75d77f40d662b7bba16a5a

SHA512
616b7767b19daa08cd9d59806b1bea244a2e69641375e01ffd23b819c15a6dd13a51818b4505af8f3417ee316d043aa5588639408a4a5bb336f46c2ffca6b06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d0cb5935687aa88_0

Filesize
262B

MD5
9940449229de281e7e0808d5feb15b2f

SHA1
94f4ccee04ffc923bee486acca57402fe99cab05

SHA256
b7406b30cb3b9a2096289f003db42b3e8bfc78eb75691c9c4572bb8559d6581b

SHA512
a5d92eafe928cfa9b5583816ae38a51ea8dab6b68a21ec0bd89af4b6e15c3135e84a567e4f533f27c78f448baec2e7d105b655baf634bd66a125ba8a3c83f302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35fb661c62eb428f_0

Filesize
7KB

MD5
a534c8f70d69a8af3daf8715d96d25b3

SHA1
bbe3a5c6968556d50c13aaf782b7503fdcf3d9c6

SHA256
94662465f8d6787172ca5b610a8c086908587f10c551cb471f672e1f756f0aeb

SHA512
893f062207789343862837e3a0f20ed7a19321591abcb38cc7339687de537ca9d632fb84d6ba3f035eda6193631e59c738f18538a29d68fbeb440eb41b8c3047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\39c930b6c790b515_0

Filesize
110KB

MD5
5f22918d81d2c8d55868308a605872b4

SHA1
14ffec439aebf2c4d5c53a8921f26408bc88f52b

SHA256
fb2a7890c27cb264166199f285336b8108f0859390ef0de24f7ed3f1daecf025

SHA512
6faa2d160d5e9fec7fb1a362ade51e34526d03e8d53dde9fbcf1b8f8c60e50644efd2ebda15acb7c4ca9c332c07a429bd1f61c79d828f64595b8062f3cb8d6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f0afcc3f9e8b5ef_0

Filesize
26KB

MD5
6754af57c35aa7dcebd987c0e0aafc9f

SHA1
e5852dd0293575301e4a233cc98ab0766e0d860a

SHA256
14b8a14986fd59a87b040d2c45b7ebecbe7df27133c9089aecf04e7e4e23c78b

SHA512
695aed949555fb64eedbe710557f2d2204436897c0edcbbfd656674da31b028d353a4eb93bf4e31b80d8ff57d0c92d871c1d45d6b1a159b7bcb40f4760db581f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
75f3626bfc48f264b05f58f78214dc0d

SHA1
24757a94b8c0ecf7d804af4042ec512eebc7b5f4

SHA256
264387375dff957d786a2dae0763bfe08f536286f9f785b7ebc244128083e28c

SHA512
d737ec9125415e89d8ddf769840c093443365320ea53b33869dcca5970fb03d0c49d8a8103a115ea1da0f979afa5052badbe740db66651580157ee99fb4cf192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
97ad24fadcea95a4a0d44056266b706e

SHA1
26e0bc040ba5540238b843b975c8df7069d4b55e

SHA256
94b8038a56a93ff268b67c1e8d9a86ea644b08be7047cde4e1bfac0cedefcfd1

SHA512
5dfeb904093f32420ba68120aee93ce72884e3954d3174864c8323dea3fe2e2213e9b22ce556ef6ea6fee924f21ff8708101ad382b3dfb316801c0220cac2d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
55144fa262356a81a2d371c0d4964801

SHA1
5c02ca4e27b75b22e73184c80521bf079345fbc0

SHA256
38d74f8c430b9cd5e0d9161a1b4cdc9622ed4cc2c82541d9abbf24e6c86c94e5

SHA512
688364bba9f57e076638a1eece2e2ce3ad3e1f11f18f893172d48aebb404840b36063cc0f6128115b1dd6f730a0bcae9e680b8c4d742eebc22445bb6239aad74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
73e52c1706cdeb141dd6882cd7d12423

SHA1
7ba383689260317d2a1068cc1e782fbe91ba477a

SHA256
4a54b00990afa53723f7de16e52643f98d3828c2531ea64353e516244e19ba28

SHA512
65a94daa5f4d2aced6985637e9d1ee30b19c6f2841341935ecd700618f491f632436469a6eddb9a5acdcf753c4233c1376631d2c76326aa5ebf83e957e90539d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
5KB

MD5
40a631ad25d40f8a40646a33a7a9a36b

SHA1
e0212e5587410cbbbf68c576f542f227995ea920

SHA256
32a321bdcc9b59c26fb9d6c82718cb5bf06cd6a7e772a60b5f4dfb2a90c40b81

SHA512
d79df9edad1a2d69f845047a0181dc2a1e20b999b5c48474a897330db50345330a2012b7f7f8fcab6a47fda7c8ee5df766946ebb052e27d5569a54a05cc8b6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0

Filesize
2KB

MD5
fa6df732ae9f72e7244aaf20ad297df1

SHA1
e358512d69e1a4a32b460c9372ce15e8191f4e3b

SHA256
7eef3b6019c17efcd72faece5c98b13f05f4e797135c3d7c3bb7ceec471ffc05

SHA512
6e2357ce5e4d97f353dd4d2f384576606fd1cbfaf1f1bf4bb313fc33727bfad55f6b3437b1c31d377b87e6e81faf1f4d28640bbe4c4649b3e7cd615157810aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53205359a4035ca2_0

Filesize
3KB

MD5
a9843a2e1c02fcf0a6ac741361f0cde6

SHA1
c1cd312df4a66ca8e31a6581aff660e57d20156c

SHA256
cc1b459dc6a56c3c8f0914325a5959df6ce5a3c382caae5d546affa1a13b4c6a

SHA512
95cc19f0a846fd044ffbc8d0d666fa61ca1557b1cea8ba716c75dad2f6457128f2c0da6bb410d1fb16cc5a7c8303125a3fcafbc8a7c9c30a41fcdd2faca53c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
1ad482cc5a03951cbb2594772a5bda7c

SHA1
64720c99347f1fdad0aa7165cfe4ff341454c29b

SHA256
7adfc389a6ecfda1213b61305cea3be1e86991098b2d8fad3cfd1ac38b1ac57b

SHA512
2d16c57784ab23ac33492f355d452da1b608536d8cf265cfee287fa86d176238d13a9739fe3a1a725d14d213cc401072367786cbf8e730ffa1e74c6c6ffdf8ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
10KB

MD5
aac85dba96307ca9710ec332e01483a7

SHA1
af2a1ff8f27d2782049909438fff6daf3b282915

SHA256
62c6d76e0c1dc2172131e14f08f21e0ec3605430952ade050123413b9644a65d

SHA512
60064fdb693910387e431a9874b20d4d5ed0593e3429efcf87e8f506cbde099103e5470ac5993f1327173c727abacb9557b9b54d9a4e6461b8f1fae536000d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a88745ea324d0b4_0

Filesize
157KB

MD5
8f060bf619e52d1f160119b9dbca9bae

SHA1
a42eff3ad9211b74b6c42e6ea21cd001848c0ce1

SHA256
5080441c2bf4e3273529a0b7d5e473bbd4f06abe2d115f0c2333cd5fde475870

SHA512
8bf75f3a51a24c70473f5f93e38a9fa7e7501e94eeb245b208c0debfb99f71f6e012e8e9f8ac68abea990b6b55b63b6bd55c75ad13ce5612d57989ce2a0fee4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
d014f20a2a8a08f4ab54a1fe2ec6400c

SHA1
17efd264ff9d66d79a2ab960cee593ca47fd4db2

SHA256
8afb66d95cc2e3faf454da453106db4fd9bf4a3673c6a98132b176ff6ed861ca

SHA512
7b22b986a59c04066e0d0052373d266a13eed8c04e40a00b0fa4bc9aedaed307ec31864cf38ed81b294075ab651b621c16f14f90298931877ea3bbf29b7f037a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

Filesize
4KB

MD5
a3345bc734b148c8ac2fa3d3a5db0ee8

SHA1
4c14dd4b660d88591c8d6a4234f58c265dde4440

SHA256
db6aa2d16c8607793d5960cbb39753edcea3b363e06d4e58538a30e221aeb4fb

SHA512
824e321e7517f924ff8b7b066125588ee9aa62c53b1756231bea0f450b757a2ad8a9c90d38b72ae17be8f460a2145249fde6b8278b2d1d0fe2cf7c99b87d3bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65a17db215bfc27c_0

Filesize
5KB

MD5
9f539d95e65ddfcd4b373662320ab2ce

SHA1
7e4a8a34bbfe6fe8dce421e6b081e90f24466655

SHA256
94c067d670fe46270a2ff0e2cff2f1e23bcf27006199c28ec6e4985b8accebf4

SHA512
8d6880e895f91787235074b892113682523c977cd0efcabbc1e92468243e08058ba252b1a37bdceb6807b6fd77241dbf73d2ef18182bf1085a9afa0ca3dd9b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
1e336bceb93576c6e897a183c4ca90ed

SHA1
57c11ca28524184ba00709fdf50d060f70491964

SHA256
7c28fc90287bc55e5d29770086f4f09c9dcabda89d2e894877ad3a9f92b4ea84

SHA512
a1e2aa8f3c8d19265653a687f00cd6420a8d2cacc89962d218d61f03467aa4b50ef54df6adcd0115e18da1fd06b8c4c7caacb154e8dd1b1ddffbaa2cd51b0eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
e4f6bb4b556b03ef660a17c272ba8890

SHA1
05aa5f27d3ab9e2451b437ffe413f226b9d0dc96

SHA256
f18dc6e3603ba9cdf835e9b9f31d00f6a2ab88a9dd93749a98a711d229aa2f47

SHA512
300b8dc762df9a537ef31bcb6dfe5c61fba9b2b44fa03c7489deaa240c0011118fce16a2a2972c18dd988a2866a27805d82aa0b87503e8b22563969a68e5b43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f0bd00daa18a0c1_0

Filesize
338KB

MD5
b61a2cc89e0b031fa6a2692c57fbdf31

SHA1
a3760f0d8d051fe4b94176f2a29c6399ae2b56aa

SHA256
6dc354102a0518dc7f2e93f1b77acd491a6a755ba25a8744465e4dad9610b13b

SHA512
b30bf4fa44e733548745914cf6ff45313dddc4a5d78846ad25f527465abfed41543cfd2c06caf0299ab36ddda423096e003a2415f5038f6741baecc42a47f543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\733a2ebc15407e86_0

Filesize
3KB

MD5
4858080e50e4b8b5127ec9464a665524

SHA1
a860e289bca371d97fc1eb8271ad04b81a405a1b

SHA256
316b944d22b4022a5b96c4c3ab8278166fcc5f78a06b065123a11e2ed187a3a0

SHA512
f0afe5d39a43f456442a9781eed81e691e8c609362e0b03dd7a506938bf9be2d49c05bfe7fb5bebe509388a643ffb15d6d83713964ee9b1de9e5badc9f7bf647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
483138bec0b2a41e6dd899668592ec0e

SHA1
ad4d04566c5f50c58f59e87aa24592fa4910c256

SHA256
57ca8f1d1f801c86b8d67f5a45b687da6174a785aa10c6e7e634480bf4c7a57d

SHA512
e89a563991594cf61fa1381d6213420b3f9d245eaae4b6715109fbba6367b4b816b9f7539b745b47f2c565067a6b11565da4571024695834acb4f7eeb366ef29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
ec1410a3bf3be72a2ca7a611d039d65d

SHA1
301a36a7caf0e786ca7e84f0971dcdffe99d6186

SHA256
91be5ce90033455ebb60c0e1618d8781773a2309e8288a8a72bbbca7e26138c2

SHA512
8313d5d0d39c8f789cbb21d98da0932ee049ee286e8f45ceaa10c05f911b50dc938483cd46a2cd9f5098a79188e37a86bf7935b8947aa7895dda539fd89c090d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c74cfec140ae015_0

Filesize
277B

MD5
d4f2a9e33cc2d595c2d8d34ebe7e3a56

SHA1
9f8d0ccaf96d9b2559b86dafcb745da88064e9a9

SHA256
3adc8e33a12e109833c2e7cf2a38882455484080bbde55d8d9636d3693e60d38

SHA512
d82d56763519e63a64ed074c6df6aa8b3806cbf23254563d7c726bb6eb2042708c7782eb1a932d5325142b1fe4ff8c2ed5067c341246c46851e55b0510731122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

Filesize
6KB

MD5
235f49e641a13075f945d8d15c757eba

SHA1
117a61989121028fbf5ced3fabe003e20389802f

SHA256
e1573370cfcb7d43f9f70c5d3c2d563cfaec24d65c320f5c94e12d098bf0cc35

SHA512
d78792ac31a150cdc7105d853754628c9c94135516b90d50977aafd3c4917c337dd365d8fe31b3f614ff42fe6c0a57a427575d3e041f8f62c80e75267c8d5a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82365cd2a8fffbd3_0

Filesize
3KB

MD5
cecc693194eeb20fcc94eb7d9d908eb2

SHA1
febc1a6ac68552e9723b682fd6da3a58f213f2ec

SHA256
0be22ab3675ac6e78c39ebdb9133fb2299dcbfeb466b5ffdb40d88e399e6576a

SHA512
6c1163b333656469c2ee1deca7d71ead5664cab639e15795c04e186df12762176da551fff2f0ea537cf0d22121813a3d155cb99f53a63b4bee5f8323d9779874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\839f0d8c7f1a4c83_0

Filesize
1KB

MD5
95531f082671fa32e59c64d21196e6a0

SHA1
16793735b48e18d9084653799c1de5d1e6e7c2b2

SHA256
4a168067b8ccfeac7f954835d05d146f2b402f68d50eb3709e19b5445b72120f

SHA512
d0038619a7a1929427ca8599ba30694715eaba56312d4a0e6a38666dce5c092eb5567370479f6ead08ef2eb1987f29a793eeccb695a0866f4c6449c1bbaa34ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87e1ffb07d850b0f_0

Filesize
7KB

MD5
3d1d10e43b455d539d8e91f4e2fea0e9

SHA1
7331de064fcbf2ea638ba5f833f05d76a76d7604

SHA256
0fe6a44ce9602e5761f5f0827aa2deafcb75709ca66164bef50d0715f74426c6

SHA512
9ba11460977bdca4b2295acf9515df314d34e9ad7c4a25d60e2cd0b1735016220e8dbb51f1cd1d1bb6be404fd93705a689910a5f338a411b0922d6aa9dc537f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b105b944b0bb8fa_0

Filesize
4.6MB

MD5
df616f864a4494b1f70f229bbb3f874a

SHA1
db1f92acad31dbdcbde9bcc1fa6c02f08356fd81

SHA256
7e88b00c309a1d8dab7009bfce3f91f73612d4519b9490c59628a31d0e0a5481

SHA512
4a7c22b7bc1ff21fc97235c6ea0870305676896e914a6df18ba94acde9a8857ea114e31365d60cc4ea043e2e1f4dc73682e5a4146c5f80e1e99aeb22f7fba205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
08a91a12460366485547ff7646881604

SHA1
c1723de216b952066d8d36f26d2a1c73146f1547

SHA256
d0145a3061c5452013c64b627d54b31505ba10f3f6ffc9a568df5b073cb5a47c

SHA512
883784d3ccb4a7ca72f1476621edfa13e139576528e25666526dac0bfd9a96e0616b7153e3ca7a9cb92fdf8ac728c8342ab65a52257bd1134aafef056a3d90bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
9365e12ab3f251166369e12fae660207

SHA1
720d912c4e5705e37fa896adfa63cb16361eedbf

SHA256
a96452cc83287c2c3110b835ee5a1727a6d4af3cc8d101c82d42717276d502ef

SHA512
5e91cded588ca809450002de8562bacc3307d266e11ba81e00e713b6b51221ddf6153a8bbf6986ad5d9fa273a1a903a0fefbc44efe30b5acb534f98baeff600e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
1a72c4912b87adf18a95ea9267e60423

SHA1
8d6ba219082964704c49e8564b19a333a2a608b5

SHA256
28f4aed473df01738ad712dfaa0bc0867d4b1971163b3a484bb371a0d7cf4352

SHA512
50bd523c57260452376d06075f9ec3b9516fb50eccc9f850f1f115c08d352095d5020223ef28c1b95b8eefaeaa60b4865f849207df16b49231e9bf1cc7ad65b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\961aabec5154ef1c_0

Filesize
307KB

MD5
1f8c278706ee8fbc13945fe46a46c641

SHA1
dd5f523cad83190d2fd8e36ea6954ba2fa522cdd

SHA256
39331468e8a4b718df97a1dc5789fb132f2ddb497f6c9af022e573007eb858c6

SHA512
dc44274c2e48ae61d6ddaccd3ce28872a1fb963f93def663dda7eab1b44ef3154bfa691ccd973fcf1d0b3edd33d0dc3468a922f24bab9c5f6a6453787dec7cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

Filesize
4KB

MD5
6a6035e10a02d7769abceb63a70af962

SHA1
951b73c32d18d87c2bc41bf5478542abd26d02d5

SHA256
620ed41a333d8f70a695953d65faea127a075bd94d43abbd3a4cf1305fa28b11

SHA512
ddba39d9f9eb51c6b3bd45c20b28091bb2f5f8fd16413d8b5c1e859d11df0ddca14ebd834e42cb652575529e5805c953894404a23131b9bd21328c076dc88ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

Filesize
262B

MD5
891e0a1c9fb5c6a3aadc24b95640e77f

SHA1
41789ad02ee3a6697fd1bee560c358e7d43e0b03

SHA256
e79195eaa0ef79541f22b5e530157f1e4e08f7498ee8d94ed9c513df02d5cde2

SHA512
c1830155b96c2bfef614d49e82cce41ba8f396a41fbb79eecdbbca27cf53d3854bf9864f393f8dc4166fc7aa61bb60fccfa42c0244a2348504dae5ac42a290de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
a6bd269e71dcd5854e5630941b83d0ae

SHA1
d7c6fd83570928f78e62853e12317f25b2358ebc

SHA256
56f817c8ba00aa8a60eee3c92732839d939a03d3712e100628e59aa0c7e91b26

SHA512
bf4c07cbeb847890d6363ee4b77e04310ae6ff168c849b21435a1e329b5f95585f7d4bfc3a4c0bfd422c32249b06c6c6dc1daefea3527f9a3f6b5df7090b447f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
7fe5aa36863d038208904d138252164a

SHA1
50960afe7c343769a5a63ba6214039f879b689ff

SHA256
c722f3e2c35f9d8ad39d30859c52209f7421ab7397d106b0aba9428e6c0e3d8b

SHA512
7c1f6b2447a1971049ed4aecdd8f8a54bd855d2f1dd5aad67541bc456aebd511261b02e374d59bedc0bdc6e6b0bc24aec68c1a101cc932dce191d31a2492a234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
894bbed5420e03087c3f6198db2037ef

SHA1
0891219a19f846a0d7176a2bf3b244262fd2879d

SHA256
e43dfee9031126689e039ba0c4677ea662def3c2d21e39c5984f6992f070304e

SHA512
b741e921555fbf8a703c2273ccd60ca9a7c984a4fef60792f246104677f8a5d0a20e7bb2065a0d7e59491ff53770f913b22fee6dea075da537796bc7770369b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
9a52bdaf80c897060a809f1fdf44dca8

SHA1
7d05287588baea4b4bf91c414eff73da3ddd2076

SHA256
a7b8db3bcd5b77c1bced29fdd529dfa0ab64043cad111654aeb8e99a9f35b950

SHA512
17af1eb2431351891bf2a0375c379c065495bb2e5d9e788e90747c376be38ba26c1b786c1ed411f95d3178d5e1157d205f45fe18dc628b30965b3581d0d094ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
36d52b4b4fc3e1618f58fe33ae2d201f

SHA1
9c84e5fec2f2318465a4b5cc0d448ad6b62431fd

SHA256
e9a1191fe82e3972eb11692501db11cc42b5bbdad1132e834a43c89fd0faaee6

SHA512
06ca20fa1839f488bd8753235ea19fcf9a941da694430c3688dda9e425b801974329aef1d7b13243531bdd536abd945211c485bba650d23ede289da96a24bf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb2dca5ae247f4a2_0

Filesize
4KB

MD5
8570a42b8c8429c44a227e9983e97ac3

SHA1
f747854e25ec4b8e470f3f114c116edc23121a63

SHA256
80f25017fc3a51e0017ef5acb41188a038041fd499062600e93060f0f5d15029

SHA512
d9bff2cd5c1bdd4315c2c79e27049bffddc8e1b1eb6664ade5d21b19e80faf7ce2e682df4a4002ec3a36b62519c44cf366aa8641cc693e0fbbd3196da84731e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c10ea77dff8a635d_0

Filesize
3KB

MD5
41bc0568562865da4280509879859875

SHA1
2e0651b47a39ca8efc8cc65b4bc6ab9fdafec3e2

SHA256
c9f3cab7c947bc6c2d4b7d3aed10a2937517f4e2404ab4a3853af887e622e9d1

SHA512
4330a000a2beb5a667e66c6d317a28d31bb3ed5a494687f141be7281040facb25aab72d6e636d24e1a27f7ab6c9f97aab90ecdfee94f451d0b1a54c3db99367e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

Filesize
7KB

MD5
31159ddd34ea2d104bce3c83aae17fde

SHA1
7bbfcf341b8fff4d1f6bae956c6a1d2a1bfdba6c

SHA256
fc31c9315646c529ae9bf7c6d918630b394e530f60d6fe03685029212135ad71

SHA512
2f3cca3ab5fa6d0ada589fa831b93b5d53e620147da2d434167eb2ae27ef6d7bc2ad37e2ab0de989799b937bc84e2430ff0c155f3079de680027862630d604c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc2f0fedd3e9608a_0

Filesize
1KB

MD5
5c02ca9e2523287e30cb4773b553efcf

SHA1
ed52b95f87019223b29247874cdd9a880096c20e

SHA256
1a6a9cd53218db5e756ae78fc6fb473dc79ace0199444757d1d85b371facec7e

SHA512
05f171c741ff242d8b54c3d47550b0c8ddfbe0eaac06dc7d0087d4320283189a9e844258b8cfb82ee1160420ad479c6992001773a52e59d9c00bfb61b38c91f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

Filesize
26KB

MD5
dfc9ad2a055c68c050c0ed212ad6d233

SHA1
85f1bb60b2006ce2385cd29f62b8ea3f10e46e77

SHA256
5bf9d37e5698c7cb6e4faa3af4346c94fb28e07050d8fc1ec9096fefef837885

SHA512
6ce9f669faabd8a55d027b483726583a34be5dea5607e45afdf741a6d70b8728e941904366d4c4a1f8ea4a8f25b98ed0cbb5d1a47ba0b67b6aecbfabb86cb7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
03f18d72089fca3b7aad1dd56cb7ea82

SHA1
2b2a9732f893ff50de6d96f3bff9ea985e268ec6

SHA256
b6e50c2395c6ebb54776507ceb0082a2ff4dc52fb5a2b6cc7704a4f276b04cc9

SHA512
ce177ba8722859dc030e2eb7f2e6b3623f3d70b5736bf4de66d9954400d1fa77e2196cf9bb04891743772bf6bc10a5be2d431d0eb32c039d8cc4171296adf911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d0c89291e05a9e90_0

Filesize
289KB

MD5
1206be04ffe7983ac9b9431e98866070

SHA1
035b598cf9e15e3b4247c0280dffe85166669c5a

SHA256
9129ec83126606c147a923887ba79c1c81c254555698dcadd1cde39cdca6ec47

SHA512
ca6ab89fe5c3ef2413a8a75a32ba77815655cd4cddfd1d768441f8e3db1b4d65b1954a3419b10d2c8a86e59013ba1545f83010080b0c5c485e3bd382cbd1d06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
7ceb85dbb6c1ca66b7c2d5a7744402d5

SHA1
c61315256b14cb3f56dc3c0f01fcd664a7a6247b

SHA256
d456c76c4a7c3ca21ed59d0aadec5eb1ffe38c6272fbbd02b46d35efb5455343

SHA512
5b60b1268caa499d14cb5fc9ec01c08df50993ae9636a84de3bd11e58a1e15ef1501024492fb7c4decc27d86446a600c2f2277d78b1ed48a3040e6fb548386fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d700e0dae9d4f8c9_0

Filesize
3KB

MD5
1eb702eb58fb59c779ca52a7af4559f2

SHA1
a1b22b19d0b7d730715e4307666eaa5eb9c2ab59

SHA256
abafccccac2614fe0182c871b94e31312b6786f3c259297873d2a71e9946c996

SHA512
16dcc2ef8cbaa1946b0c1900ee84c12f702eed1373ae4a9458c4912e5f47a6cd6e811ca9d01e903deb1184ec799c99b1188f5743bf6b3bc31e75820593cfb458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
031ae2824a5187e13e7697da1bd396f2

SHA1
62d1cb66f50ff7581eb94cbedda73b67ba904fc0

SHA256
c49a10f1d6715dfe0ed40817610de1926cf49eb2e0336bd1d6b524987e893876

SHA512
50fb7c970a30d2e1d681284a1b333e505c63c9c92f9e72161ff278e8dca9c9b901d3a7049027cbd5e9aac0e0e43b8369c7853a9f23483a6557c892171d02cd86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d86829ee97a8a592_0

Filesize
6KB

MD5
0da7d6de281ffe2de71673b48fb9e4cd

SHA1
e8a9efb191634edaad0f236e3449760b0812e0d9

SHA256
c7806e20bfe2eef25e4c5f753c9c555e7884635512972bf14ed86b111ba808b0

SHA512
e38d172df24866feafcfb2f40d73b3b1163859631d47a691037ae67c0e05ab014cb4c1fb61ef71960c98a8e2f8888eee5151ecf74fd5b7fbda28b285c419e391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da1be081e56403ce_0

Filesize
2KB

MD5
1b2938b3f9ad5a5fb8298f4b2ac9b786

SHA1
c144475e6d7cad58f1ed09d3854875311ac9b5b9

SHA256
48ce5d33f7cbafceac8f998869d677f0b1e21dfa81cf3844a05b5f755ff54b54

SHA512
8330908143f61b6f58b876050ee75ac606f247fb573f7b75826939bb796ab67d3e3b2dbe6525fafb7981596caeb351bea1b7b046147ccbb93c5db63849d93f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da3b03d89da655e0_0

Filesize
433KB

MD5
cd5954679eaf15d557af1ed8abf936d1

SHA1
d96613de41d5b050f018f5be18c7ece710b1e8b3

SHA256
ac652bfbdbb7ab0c5b4587f356951e9021bcd6ead3afa1686e5c0173da24ef5a

SHA512
6b95707e011d839c91e59864e27fc5a4fe44d7a4898f4a60d131c5c8b424e6864758370d7f7c5dd84ea2ab994b8d692fc5e1af8aabc9237309649f72ca100c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
bdcb04c7be13c6896b478a41262518b9

SHA1
a9c89dd47ee130a27c6625e1c0610644027f0888

SHA256
b049da6c1c22428d44e82a0777049b975ce9e7476507a0bf49c110b9138fbfc9

SHA512
268afc141ef6347a4eb22bd3c37a7c910aa66efecce4faf6a08e60aa6cdc6e52498e027d68f58e45b2bb00f6744d0f293b38033cf85e3fb956172dc352db64cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db70d675c8a8462f_0

Filesize
6KB

MD5
7f7c62546e5fc5024700bab862d40129

SHA1
dc69a398e212b54552d4c64cd783c85a8fae8da3

SHA256
3a385c33034bcdd3b75b2c47f8f09486beb1a436e2cbfdc6ca57e9cc6e015c56

SHA512
171c8ded9a2ba7c1d6411c9b42ac6a0b26895f63786cc67388b32e94f2595b5488a3f949816e51a534d812d69207b0ec0ddda6555437f41281c39e394108935a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e07eb4db221c8fe3_0

Filesize
54KB

MD5
a78a11887b9bd8f90d76bbca1b62b0b9

SHA1
f4a041215b7f3d3cfc7b9ec4de0358594ce56b01

SHA256
510e8ce08d1c5ed6963387ac7df337f34bda1628192b9800c96d5bcf12487501

SHA512
2173603da10f0d6545b8d575824b80c60a792fb8a2cc43130ee8404fc275c2fb152fdbd85b546a3430e3a00da1be1f6b853d3fe5e20788e41a2206ea75a77cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

Filesize
262B

MD5
de9b3951085deb343c6aeb349dbf2cba

SHA1
19678157b25016882cbd1066bfc398c3a9a66c77

SHA256
8a81f4a874c30620f3ccbcc3be9142fdaab5d38e4f200d4b4df2233e02a6e578

SHA512
df5e2e00e752bc4010a28b83f3e468fb1281c61ae95e236f4f171ab83ebc3129bbfa148cdf19c6bdbcb6e04235299309db28e211e811009c6243e9bc79725ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
3b995b8d2feb4af0610bb93adea2d8fa

SHA1
ab94e124e7031095f47998138a3796bd1691b318

SHA256
22c1f89740f13fea7849fb9bfc7932911ace71bb0c0f7a94319769faa3d1499c

SHA512
6e2806cbe436f84109a1b581ccdc0fb577b9104c3104ca2990417e872b6697c1a1056be6a1e6ee248dff1a3b7b65413c65a5d6721f08eb2d66c9aecade53c22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
563209c8c21508f9120ef40f52fc5e7f

SHA1
29da07e8438283e616233ae03df6f7dc6ed1d6b6

SHA256
539fd378246a63bfd6568d0800aefa9f83cb856e190ea0294cfa9f1cde856ac7

SHA512
cfa0bcaf99908c51134cdf6ec3c9a20648dfd411ae2b2fedf3b69a6a661ca8a4bdd1385a2344f930471688811bfc26e6461174414a6de763176e6f4917119f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
f19947fa750b446757cab6a2569ed5ec

SHA1
589eb54bb087daf436bc5b80cc70cb72f1d1f14e

SHA256
4f7840800ebd9e6d4ff1b3356a30ba85d926e491834e58920dce241f16588b9c

SHA512
be3958eb8bf779da16a65de4892ff207220aa717a5d288cf8a56c1fdb19b36667a705e8c88a4f920632b8ae0dc9d55d8b7ea8dd8b3a9fe421ef2eb025a628628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
fb38c0aae32eced53a045dd7fe5944da

SHA1
af23a5669a235d71c08d773d68af913c3bd3a589

SHA256
874ffdbb608bfd25b47267bc374b03ad00edf37003004e93b31b0d200b5cb69e

SHA512
03eb0db724049ef76ce457540dca585472969710731ed6d5ec3e872c39199a8f765d32710253b8faf00ea97543c9674623d49e3c9ef03a27b6c3b2c6a32f81dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
907856f1e8d7f24f9ba1f649f7435e12

SHA1
7194990c13c8d391bc5f1c6965e68c5b50fc3f9f

SHA256
35b082ef3a1a933f806db09fc70c8be73f193cfda36b5b669899a4b724f8a4fe

SHA512
f8f0f0b76aec39310c81f611507880cb522be04255579724fa43dc4f65b08d55d1e2255e486e2cbc26a0723b75c5555e0e9d1b59b37746486f74b4d820ec327a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e46289dfaf8c9308f86a8efa5e19b632

SHA1
cfce72a30f72ecd14c9394d5dc0cf08d5d87b20f

SHA256
72c377f22cb98581c5c8ba81c18376f38545c2e8487a2f8732221f58db29a771

SHA512
71a34164b723d0ebbab4ee650862c1fba333ec0c00439ee8fa1c3aa7524353e400d13932f513606dae6f2e568bf29d0cc91544c840693aaf46c8b5f09523aa58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bcc7f4a6404147beea7ea0010f13ede9

SHA1
6d207a352d877173139cc1d9c9329200be6ec6a4

SHA256
a2a2440328b172e94aac4e546330f58d7c0a5c7ea583ea402c7566cf019b33a5

SHA512
1ad627362b75590f6c13c5e086034bac40968cd72da338a6025ba9fb3faf6b702ee452ea22956b767f24272d6a5b2a10530755435ea050af24e395bc84cd62fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03dcb4580209209531379c6066c0e676

SHA1
7ca566048beffd8842d7094b34be63b5f14a3853

SHA256
c0ad1412bcc9050183ecbec03f346fbc8be5adbc3573061cd5676c6f06412bb1

SHA512
72d6e95a1ab299601e96df1783c7ceaec6d87f0b6d66af3e308d1b31d87404173fa18f92647785eb6ba4281a838afbba47688f8ee815b21226deb8ecd25a3c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
bd38f35738697955b2d0cb9f31783af4

SHA1
1aea56388c703c64de488de77d60b0f7f2a735f1

SHA256
85b66f33ea7112fced790375e02d1f0ea80d343657a6557a35763ef17f038c0a

SHA512
95ac80e7957325161c201b55c8ce81143901c4419d436fce28fc5c20b389d5a775d1b5d10c0ae88dbbbbc6a3fa28fc7c1c069f5c9f9eea50ea37109024e27f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
24106200b05caa9e5ebff3d60ceb31f8

SHA1
7274c10a6cd8a771a0413051558c9430ef02d106

SHA256
0356828366593b5532ce03ccc38aca6f058aa1588578b292901001d4bd1c3b84

SHA512
6668f97be9f15299c3d902fb8ea31a8891e4e2002f6e88efadd9cc17adb4c7b233a3845d5dcd786ec8c10f1ea4a9e551feb5a35fb02e21067dfe103ddbd42199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
f964c4588a79e1343752c3f908045f1e

SHA1
8219cd5519240d3993b5c120061f62efbf4af9e3

SHA256
680a813a00c460bab6296d0dbb306f4854c6550a0e84e22742df7b23fcaccf27

SHA512
fb9abdd9a0e8aab1d3856877e0faa9d092e73f43582d3316ed51a907b388f032135ff1f65038d79762cd40d342549f6940f070aaf19fa2d83ee20bb072d0cbd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e279aa7feed08961226b3065a40bbf7a

SHA1
30302e4b87cabb8acc7621f5c51a8a92d4f3870d

SHA256
062fb680749388fa16e82f9aea178769711e6974bcb0d8ee8dc151645dc874b3

SHA512
6f8c9946b4fb0e8ec9cd71e9526a2ba69d249744b56c5121bf43d618a98473811472b9def815a621722dcb77d6503c15a0c0a07950fffecde984e6bd43b45464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e3ff7f5c6d828555bf9da98a943d2716

SHA1
99521bb84081ec62ac0a0b21da9120b265329b81

SHA256
ead42dbcd00867f272811447d2fc0cb3d3063d26b7cf736854623b9c739f02ef

SHA512
fe411a7f66a46c72b115bb2a8ae98c2f49f5795f10ce77eee0d09e98d44af7fb1685a8bc93d3f6c71120fb6b67c364cf35f3e2d3917508890790475b62dc30e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2b7e6729dd5f95a4e24e5e4c32b51bfb

SHA1
8aeaa266e482eb39132426d2bf9f87bd31eb328d

SHA256
1a2710dc9f54efcb3afe5074c8585f7c038efa7e02b965cdf8b9a9fdf3686b60

SHA512
a34324927749e5dbac3252dd9c85cccf43d1e2990aef0a35aba7c23b8c26701dd2ff720965d09679bc3f11b05cbe0c3829f34668a417a9a29ba29b2bce2fb125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
d84944febb9d95033d4ee9b1465e401b

SHA1
1dc6fe749ed64c35a39e2960faa54a4816a9151e

SHA256
818cf4fedd7c6a47f5c25784be9bc3123e1a30035abed3884ba9100c65a9cc5c

SHA512
f3a143d7527348d041ceeebf70b8e0d395961ad9a78cfb03f55e54daa50447e99da5d3e063b85dc3d01ca64e7be6bfeb461e926593d98203ac24f7438c45acc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
92b0e614cbf87f36c46c771440f9ee9d

SHA1
28e7a97e21f6c17909755d765e685e998f0aad29

SHA256
00112dd8fea831bd8b31c7a9a65580d687c0411279c250a67988906b53813ca2

SHA512
4fc5db15162ddf6693d60d7136cc6a7df9747076a55c0909dec245405ff4e451f038199efebc029e4ec5bc5127c6a12ba2853c5d9fcb47eea268abdb44f5649e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
057a628aecc67c04ec692bf7adb1a7cf

SHA1
56aabc556e1f8a07365b1c390f1dee40ba46a807

SHA256
251a5c35304951b108d3f5bd42f09dd615e74a937364851835c4e67e5550fba1

SHA512
3ef20489d6f90c1a36a6e64178cb9ec8048778f6a331837a9063535743799821d35d363d1ff12869648b7f6aa786e212c48b0f0e51ac135c9a6e1b8571142e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
ad85f12d11a1807aca722d15f4d20ec5

SHA1
cdd9b19c875f1a2cbe8c03b4cf35873e85125fc6

SHA256
da6889cfbf69189f9806673407962c458e73eabedfe5135561db20219400c90a

SHA512
44cf43d369d541ea21858a2165a7597c17b8c6275596e20b002542868283a30053e94a89da88c772b65e281d32a830a20b400d737e3bcd94e9f74e0a2a942a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
ebb924d9cbcbde7288298069ee5716e2

SHA1
54b891dcfbb5f28367ad5f07566e7b07d8afa2d0

SHA256
3e6ac2a57ba09a7d22cca0095e99208cd6f6180ab24dd8111c0783dee5a2289a

SHA512
b2e09337a08fadef9c5bad87fe3476e4e8cb1ea276de3b7589c190f876bd3f329c5748c038d3cc047128c155a6fab10a975de03aaa0927d6046fa00bbb826ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b7a5dc9f6701d073de25a8405652165

SHA1
76be631ee990b8991804e9c0544a3d376aa1e53e

SHA256
776dd4edfa4c9679358638b5b8c843cc92a69790981efc326dff6ecfbe4297a3

SHA512
3119082eef8dbbce5e1da5ef9323e3d1f2c7758a60c58a52fd0b10b563057b069ff323ef45ab186480a123a969a77f7814d663b1b58f83176e5a9c34bd35141b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3d7706b297ad41a94343fb4ee653eb85

SHA1
69bc7f75536c157c4c110d128ad826eeeb2510a8

SHA256
f7a8c943c3b67a5c622d5949f6b32b81b2477c1552e8789419b0ea322d733857

SHA512
588d4be3b997e20836b30b4a162ff6d177105447620f4e3d4b4762ea96da4811707c6a87748d111b41eeac24c132bf0787d3a96f2722784b685aa688d92d2118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
95355294b431a2cd94aa0a9cec6a8a4b

SHA1
93582ae17128f892c0f23ab978766be5d8209bd2

SHA256
1ffbcfc59d976023cb79e5ff7f36229eb756c12967a6617e4e71cc4871e12e79

SHA512
423cc4927270285ea17e10ea056b6672936599262c5e157a0604af363c2938c45ce65a94f465a8c37b9d41cc2f7ded15ffd039c19a159309538e21cab9f7ed2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
badca77553e8a4c2e8a797dd9ccc668c

SHA1
93a6beb272fe31ec49657385c8372d31903fe18d

SHA256
eab1b049dcdacf8b3474d5e0e133b2eff1017e3af2ec70e6d3cb5534fbc80e1d

SHA512
d0fe0fac9a55901b6460c7e81570f3edcfd0f40c5206dea8dac0af676225d61e64826407db48de5c6fae405a94b4691097ce23c44920ac91961901e8e0da0b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
53980faa655c64a71fc6e465dadae59e

SHA1
dca734186dbbbda1e0515132b7e5001aa83d9d7a

SHA256
6d35569a73bbd47341f841532496900e4b7a92892ab15c0b843244ec8eba3404

SHA512
9af026dfb4bbf2c4f070d541245cf693b216152b08371c955720235e6f006ab35ff8756c07b7784db4ccbd88f0391b4b06550346fcd34a4d80e0d0d891e19cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
95fe9008127dfc9c67716ae276f9497e

SHA1
5182479406030af0ff6d614ded986fab5970c89a

SHA256
7978addcd700236e5774e0b8b8115c7ca0c5506ff7e7d8a08d907d7cf57f5473

SHA512
f18d296ccff81f3a32f142300af99ca99d16a1bdf85bd58d44847e68f351d54b5b94eee614d68f9caff5725c5770cc56b258b3f45fab29c52b4c13aa672b1082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
252a7e0d57357bd71ef86814bcf50ac3

SHA1
eb74663a27573c0fe913be27097913864dc50b15

SHA256
84fa6b560442adb4073b6d7dcfeed0fc0b8aa25f1c4c363eeed6e745fe8ac0aa

SHA512
7b886e3fdf92be4deea55742fd3c88d014962cdadd8c71451c86d7b71b2ecbaa17033e78e0a1e79c82aac539e07b10e54f001179b3f11f81947335d5d698fbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
46906f1abd87fe6ed5cb62fc687f6932

SHA1
8978aa2522fdf04dc33b27ecee66425e8938d8fd

SHA256
287e8888e83aef0908c94ddf9f51b918213b44d2d7bc6b6c202868159204199f

SHA512
b91172ce5c43cb92ebfacdc26569620a7051817d1370adf593302b92c174eb25b991d954c3147d85f980a36aaca632ae96fbd050aff08604addcf9d82531e932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
6bcd851e4f7f056b72a6a16fb701f2c9

SHA1
aa7a05f8802481a53e4b6915d392ec46a7738977

SHA256
f3fafb1c8ea75c854abce7ffee0297283bba5c7f4cefd8e2aa627658e60db5a4

SHA512
884f033cb2f9a4734e9eee9bddb281cc29c4b3fc3e14b23eb1b44153bafbc85c917bfb7d199b9e00c27f5246db7e67ecd64ea4d7b35c711f1b5bcbcfe0e9d48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
0dfc3ab4bc96ba77ed22f4b5aa25bd32

SHA1
5a1a3c862f8d6629c8a9af974b07d7974e4e637d

SHA256
23a838db8aeeb4683bd489b9239517355633617b18333f7b776f4c54acd33503

SHA512
00554037374549781f6c676867bd774a42cbfc44f823d106dccadddc072fa73a7a297d42ea70c71a91d9c901ee772c5c7bdebe7d09ba0fbef8c3bfe7e21516e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6c74823998ffeaafc0547f922ac20750

SHA1
1050d493a3a7d2b7da03d334aaa6e5d11bdc5116

SHA256
2e91cd20b65cb7646ee3cfb4a90350765bfe36b2b54ff4b2c2a05fe0329f4046

SHA512
3dda29a761bea50a587a7b0dcaf4cdf6a4ca89e8caa35d3f77efc33455e75039d1eee7cb4b656631fbfd5277dc4a4c91a89200c558f427fe6583b2dcf018e656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
69b962cad4f1d17dd27738abc96a1ae3

SHA1
22fefd42772020301cbc4afc0e9cfd32f1ee1e48

SHA256
0b2f86bba35357df824d7e1ce196fc61951e1ca4f9ebf116dfeece08af05b22b

SHA512
ddde2dfe36f5a0b2b60bd18797fc92f062929173bd0c3e32bdf1e0113b67ec2923f12a965d94d46a0522dcfc8c59605957da71d105e5255bd77350d2dc5bc89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ad74c9ea43582cd5f300e5111422591d

SHA1
ae121fc5110d6675f996f9b4d9e21ea3290ae438

SHA256
dd313fe994a984b6f706e9a9b2c40c1cee265b57ebc07c62ec027bd854942d65

SHA512
f93a404a6bb9ace6813f33dc937544b861adfff95746e4a182aff36cc8aaced3c3da5ebc1a585e71159f27906d6edadf06c565d45174d32a554b323c3b1cdab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
88e3dcbb6e7eba4e68298b62c2815d60

SHA1
32f1b3d34257d4466091b974df702291a8547794

SHA256
92aed8787b84744b19f146db61cfe9833c6070bdf631fd47e9562e4a0754275f

SHA512
eb245e0183f06acc9e434f33b3fa39e5058c91f11dc62005b4ccc0493922bb62f8b5af1149a17a71846a3e972bdfcdd19953d23f8944c49ee38a2045cc678119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cfc1b8829ff9eb4792ac91e379a37a42

SHA1
a2445d22bd7e740a00ada9e503701298e7fecd05

SHA256
c57bc5c67c45e8dae2aed792042bc47ce41ab575861b495244813f3ac33b0da8

SHA512
81f7bf6414bbeef9b047fea24c85a33577c63c2493a5fff88964391253af4d61a9a6bde6d105eaed75dc4b3714fe467ea9310d1b1e327c9664f096993919619b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a877c36fefb0f4e87077ef3bcf8cb15a

SHA1
aa4d6be1ebd345ba86c59cfb793478c8f467e0ac

SHA256
da5fe9552e47920d5e6a64ff14e9c536f0d4ff0aeed813d6cc7e6aef4a8ce1d2

SHA512
2069a1e7df42df90095986806747315d9f1e50bd12dc725d7561aaac632259982ac190dfe49f2e92c16aa8faf87d83401562641231f9cdf97801c056617d2256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c43adc999168b812fb8972c2a9464d8c

SHA1
94ffd7c3d435fc49676d1d10d6cf97086ee768a9

SHA256
091eea5046d6dba692e9a5cc27f1f9ce6c8018b260cdea21a5382fc93b5966aa

SHA512
28d2882636a1bb6238719009bd5facf2984a4a6247ff5c7fb65405f5af688fc5089055d70669118fc18636bbf8a0bb9031e6a669733f5eed8ee15a7821781b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b91fb46be26168c77b55545a45fa4afc

SHA1
9f4509f347bd0f0eee5bc57a5a93c2bb839e6194

SHA256
b5df7c58463ad37e013a62bd9e9c06b5458ca03c04d8305e346042a9293a2903

SHA512
edfc8059d741b7890038eb19306731f69e7fa06c80652d4c2b3ec6ac5f754dd6b4a3a099fa12c4100e5dc0567da1154f81a755293b09d49bef030879ed7204db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bf0c2e8a98dc530f6c93f5c6e66c8cf6

SHA1
bfb620b440703fc63ac1b76b827b3cdf98cb9d64

SHA256
4dc78a19ced793c987984d2121e939a2a0221c44c36ed4e7caf7e4d5a6c1ef4c

SHA512
deef19e78437e9e95dfcb2abc5f87ca059d6548d0ebd5ae167212c535621c1f1fe2e44836596866ccfdfc81f308e10b632de23534833b78dc9dcd98e3865c4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
62b5164ddf54a43df8328fb306badecd

SHA1
468971e1c832c36f81c63256f9ad8a8d7dc93b41

SHA256
dd6ff752874ce9f3ec1855ffff583161b588dd8933e054ee1431a2bda6e07a70

SHA512
0a20f7ce6e165814a2258ebac4fb6b4fe977cacbf305100c1b46d594bf4e9805dbb85f660630e4fceeaeb9bed189abb8f05805171e5cee14c6f56029aee57c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b2a9bef7f9450cd49a1931634ef8ec01

SHA1
57a6ecd4a032e58dd3fc6d51cdd8bd7ee0cb30ec

SHA256
664ffdff5993cb76686b406f5dde2ebb6df9d520928b2ae09a4535095c34fa4f

SHA512
81a540a4cd2b1ba9b3669b6b5c3bf85c2647c4854f44cc40ef8311cb0eda49bd68c7d2c83517656256206fa2f468f0f63e4577fab9c10064935b52c7566eda05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8da2a9069472a8ac36288aa249c6dbf4

SHA1
59b9336cd8bf5dab879fe80bfa451a5608aef65b

SHA256
d03b2f680d22a5b307303f61ebdfc51b416876043430daa867f4efc35eee707f

SHA512
f7f1eb11d22d29869b33a89b9ea98ca2ccc2034f130a17d30edbe069253f9b8d5afcae671e54783466e6e798c115a3d52cfcb9445271abfbbf3c49d097301cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4957ae20edf20727e72a2f68562440cb

SHA1
4564520ca0d4dc5d3bc56f038a4e651eb329d41b

SHA256
cf77b062d3cecde8f70008e5055771ed587d240fd5e429736110dff1ac0a5b77

SHA512
454349467ee798e4c1fcbc1de278ccd140d6e9a9036a89cf8d6d7d94f713d21b354420418ef711b0a37946d335a2ab951220115ed3e114a254b9e2651d4b110d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d54bb47091200961e66ed92ad848b6db

SHA1
6d7553f7fcddc8a88eabf80fe8fe8e78e6bfe379

SHA256
105b60e2dedd761bfa8a31d785e6fb2f5dc391060ef915b7d0378c1c536d85a0

SHA512
25c676a30a0d7eab46d2f03badb989f25196a022475af29ce68d914ea8e85d445583a3c948469543451b135e40ed47032a983ebf5da6f7924894fb645b57ba66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
0de5140168e386739f38bc6a9eb3a6f8

SHA1
3ab90fe4f6d02d0114ff4e7411d418ab22ff8282

SHA256
4b55aced6e754b2efa69be6b63527e5743d72c8f1887695e027857b6aa675186

SHA512
75898181441dcc19eb4053395c5ddde9f89225c9098d5afeb8a4b5de4f65ec2b93dbb08d347d832bd5a5758e3c8a0d5b7206a9add5302bab98388a80731a0f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
24e4c606ceb935a77e8bda979c38993f

SHA1
442e2d3e01b7ed683a9b6b81cb70c7681b38789a

SHA256
9c8465bba5774f1849bd11fc4eedfdb6e581fc4aac69bfaee0a4791fc75abcf9

SHA512
b9c2817a74144c369af2877373e56d3849f687b2c42d3aca3242ed75aa77e8c0571bfb4d4524401f7e0d641cfa11dd6e2cbe8b940772844dd77da3e0fb9b57e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
ca63ec13e955107db55185cc8166bcf2

SHA1
50c9cc5785425cbde8987b353df9fc785d59fc06

SHA256
d18da85f6d7cfca7c1b3b4753a15b586b6195c95c763bedebe890d988b2288f6

SHA512
1eb88604b69f607b0a4502b71cb6b525ad8f61de6d94ae21231a1bd87b4f664c5977f552efda7283a71fd95eaa090733289e2a93d56fe8711cc813e5e051468b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
054ae1e9d76a2777a52316e69f70b95f

SHA1
69f130a736d31300cc6244c62d91b66026ad655f

SHA256
f75eb3f6f55b9ab3e9d91facb2749d3551a3d1065214ed0c07be082f7dfc4524

SHA512
d6648b8296b04761efe4bf3c6ecb4090d804a1e8d64085107d05c49e7545eb9d80f6ca3993ba6feb738b6d0eae7fb9a8ca8d54bd705ba02de9bb88550b6ccd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
65141936339e1be36d0c42319841fcae

SHA1
d653389ae16ecb02797c1d923c2868aab30638b8

SHA256
31eea810a98dae6d81c2961c836126b7910c6530dbb3901a52e097eb729adc0d

SHA512
adf9fb553b73d9ee942581a52989bfff782f7742a32478ff0b113b6434347171f07c59fa7e28046ab5bc9cc471045a8698333a7ea98dde9dede20913e6cffb40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
b6989b224a63f381443ee26736191bbb

SHA1
45bbf169118eadb292c7e10e83da369a928a7ca5

SHA256
d71629823019b7325432e5b7bf1d2ac85887ddf68f151c575ffd9679f6967483

SHA512
f6252039a4834df7ac38a7021494f90401aaf9122d866a51e5bfb9b39c919f498868fc8f5d207c7ac0d56b88ec550763803ff4f04c83cac57195b329da9cca85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c6164184724f40872160f2e743be4cc4d5a7e1b\7a461a59-a2a6-4c26-9b98-7fc44ff3c2d2\index-dir\the-real-index

Filesize
96B

MD5
5a3e382d4f3734c78cf1007ec2b6bb70

SHA1
babcb731a0a6422e268464381cd1bbd86b7560f6

SHA256
7ceb5631fce7aff734d7874c5145e6485a6e2faa5aebf14438fecc6b7c4aefb2

SHA512
028e010e714ea5b550b2f9bf0e7a9384ef504c3eb6532a1263de8cc6703b27973c1e38fe429d7f3838493ee6708cf6f5c405cdfa26721f2988d2d8ee621cc12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c6164184724f40872160f2e743be4cc4d5a7e1b\7a461a59-a2a6-4c26-9b98-7fc44ff3c2d2\index-dir\the-real-index

Filesize
168B

MD5
28d1fd1cd38503632474ab0789769a60

SHA1
57363b6fe2f21f7cc0856af25935fe1cb65025a8

SHA256
adedfd3132189e44db22a11e2eccb6d69bd6976441c8bd76df80a32d085cdc57

SHA512
d1b75682a9de01c260c0838d9c982383d4d929f1432028a3d60fa3e793188869ddee03ce0c1b7d1cb1289804b15ee43ce8a09b5499356acfb819f70e8291e6d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c6164184724f40872160f2e743be4cc4d5a7e1b\7a461a59-a2a6-4c26-9b98-7fc44ff3c2d2\index-dir\the-real-index~RFe614bfc.TMP

Filesize
48B

MD5
414c5657e08b2642e16fcf4bbff470c5

SHA1
fb1308c4ecc70ffb6a73504deb1fcfcf8a65eef3

SHA256
420933983210fc3568d08958c0fc89a7790306e583d4d7bac3a40fab67aa069d

SHA512
c7175e58d9cbfc20b82167c24e46172bf9752d2faf9dd5726ccf6b1f9f9e788bdd6bc1232224dcecbe4ad27abf554154c860844b4719df2b468e87d73a0af1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c6164184724f40872160f2e743be4cc4d5a7e1b\index.txt

Filesize
80B

MD5
fa8cf4f757d480fcbd85553362584ae6

SHA1
0c07732aa0e7e85aa8431ab5da71bad8be24b30a

SHA256
438d9eb1745c51473d9a610f25546d1cb5c56da4feeddffecdaac09dbe3db953

SHA512
9a1aab8f8a5ba91719aa8c8987bf5deb83e33de6a87a823c3f7dea0e75d9a2a6f3642740f5d4921af5c7c85020cb7bd7a65a1f01297037320784f95ae80a4674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c6164184724f40872160f2e743be4cc4d5a7e1b\index.txt

Filesize
74B

MD5
9a32f09b1e7000a04e43689d271fa15b

SHA1
011e2555034940c04f8c363f61bbe6250c16d022

SHA256
e114eab1dc99f9eb58bf63797a4da768fb241fc6481eaa926f1ff69da550916d

SHA512
bdb541e89cee7c62b3831541c6c38232d21ae396d5a3a09103ba40326401fa3286888f8e6d2b9f671b0369b96788969df374033cd43213641fe5f53135612812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4c6164184724f40872160f2e743be4cc4d5a7e1b\index.txt

Filesize
74B

MD5
e3608639a03907fde4d8481d029c2294

SHA1
f503cd5d71b1f22754dd47276cebd0bf0d482df6

SHA256
251d85618fa25cbe11c8002eaa2d089c7789a76abb08829d034e658dce9292d1

SHA512
bd22904afb28365efae004bbf7f4588cc69fbf217f285649bbb66835e2dad2a5e3f9b10812c5b47598674b0e549d3e1b7c9883d5577394d90acaf0ff869dd166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d76f4394bbe3fc6175a290dfd3533ad6

SHA1
bc11ea17a54de1887d6c09fa1261d3cc538ff280

SHA256
b47863d45ef23045916b135749b171718c95a3228cd35cdc7942219f4e69917e

SHA512
c68083c9ebc53486f49a1a8c3267e97bdc9081055503d7fc296c191c8ecf69a4282d705e365ce000985357c9b7523b36df2fdd83b75a89644357f13e420be3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
2c1849f1087f55a594fa66ae53f95a48

SHA1
cfec4e6ae3cd6bf29ce9e07b582aee413161b3a9

SHA256
bfb873ab1dd81ed28f9da9edf8fb1cd4cbf67bbffe45a156abfdf76268772a20

SHA512
fc6c5acea3772894bb31ce0652fa6b90a3cab96a1bd931721b2446da52dd4cbe2138cebb6dbf3cbf9cdbf89398deed4619c99c287822c0ba3e74e062e4f3260b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d860baede00dc6e8a268e41e354256c2

SHA1
943d7cd147b0383bed2355ae583cb80a8147ffb1

SHA256
25b3129f4c9e013da30bde7a86b1879b75976286cc191a931b5cd1bc14e6b9df

SHA512
7d905790c8df7daaa6cb69e8f35c875c7f2decebd0dded86dc42a45b81fc51ecc1065966f52e55d5b54608000502d0910ba370d748abff493fa610a6639c0773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
4b2856fe8db62c98ed00e2e1a8392726

SHA1
2eda86c1fd97b83d550c6d1c4c7bcc6bca5e8572

SHA256
0d7525332640fa2f2437633611faffac31ee2ae5350d3531b2d826f1a81f8538

SHA512
f7a4c3ed9f627dd8fd25149ed437bbd599fdeb7c5679aea8ea65aaf450ee558855eec42f59a07da3c03fe83a747d448d68b1b0780ecffa003e78702eccc8d017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
55057646ab0d300ac8e5ce55e6f24ccb

SHA1
116e5564cf5dbbb23265f1982d2fd733fcff3708

SHA256
14c45d58404cf174421dec67e77ec0e538ef17afae39ff76939271191aa22b47

SHA512
0c630ff77f2f9e603c9df80e30049dc72a77c598b884493fc587864d478ec31c8c75ee4d930823637515c257eb6298a11d34ef06c2919dcdf1d63804f30703d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c3d4f55fd1f162276c4ab2ed84ceddf5

SHA1
53c808792ab74d4a7a2e1c4971497de0519407f0

SHA256
6f8d1a76e2f7a6f3b331208ccccf314b3a0e736b2fa155d3ad891276ba9d4d4e

SHA512
74af1160b700f8c90d3570f733b36d4fcad065dae7eb7ded0ae0c9f7f723bee17d0c09c9ea0b4f6d339013ae35f1ef5570ad183578bb8767cf6a7c85bdd4e803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0194b7f235e403b253831ae4f3851c14

SHA1
de2991df0f1f4d3ccff5d0f5f2ab5ed1c3ee51a4

SHA256
66e9bf60a07ea338ae91fe47aa77bbb3b4e2a871dad61428afc7590743881a6b

SHA512
45dd1a03051a3130afd2b7fc0d3fbc17b0e97b65fd017d5dc64de7fb792f376dfa15ebca10f3ba646df574cb767706705868d5481469711c0484e24a6f483c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
212b57b433c5b22d84c9aab0e6af4ecc

SHA1
a60fa65ab0cfe2fbd3a77652833950b3526fdd3a

SHA256
e7a1d7702551a47f16db6bbfa0a235fbe64249e070f75b419cb4b8068ccf12e4

SHA512
800e0b3c04838bfb21860c0ed2f1bc73b183784b09e45da2127558c5d565563761b4683557a2eb056faa5e76835db96fb20e8c230df8f280d3501ffa606cb424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4479d3e0fbe05458f754a940e2ca7cfd

SHA1
d6a0eb51e1586a2e8044a2094510b74d2379f164

SHA256
a33c67796e4ab76491094a13aa9833ff2532feb6892e319774ef5845f7348835

SHA512
91b28044a4472855ee18db3cb0bbb8bd96d8eb27a23f2dca2501da0d3135dec314c69fde03a781b8dbf7e1bc4554b440619b23102102db9ac5390a6b4c27eef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
258c234252b06245ea54df38d43ef266

SHA1
6add7d50753efc2c1a84fa16c24d6ee838431339

SHA256
8f8a1d6898d25e93792599e17452c6ae74552afe39339749475caa1140bc3350

SHA512
7f0ba7d1738e34ba84b6232effd3cb3fa5dbb253ec2c586572c506f7e9764c9de03cf8ba9931b2d2a60faec973eebea2f94a7abb4d1d18b708c73e885ecc273c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2df273ab5a92afed9a1eaa0bda2618c8

SHA1
cb119d00b79b267ed281de9eb5b313da255c43f6

SHA256
1aa7778fc01950d664c4eb6d68b9738bc301cfd757da6196a427bf5b26c33b8c

SHA512
1b39ba2b349ac42b8a456886bd7507356c7b0958742cae1503c148698425dfbd7e4a8358573bf3de6e3c927c9ddb3f8ec8c1890cec7e9511f00354d2aec55c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f91cc0aa26bc0504ac0caf406f13d843

SHA1
2d5be34bc7b27d171e1050d31ebdd74a9ddaa07f

SHA256
ae54a2a34cffec07fedcf50ea544d9eaf378c4d9f97ee6a147b1503b07f44eaf

SHA512
ec2f32437969880d61b42ebb4ae613fcdb6f1730ed1f452acf1b9805d2a28b01de2a6c9457cad521c03eb0d9be690f2ffd36444ebbebdb7b2f3ed204a844da9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4de0f5972ed54852508a8aad6e6812fd

SHA1
43d5a6b57b02f38609bb4c1ddf48bdfffc8fc170

SHA256
5d048a4e1b987c11b7e986dbfa0ad2516ffca5e492c3da72af6e578508fbf6ac

SHA512
e90e6d801ff8f190e827bd84dfa651bf32919f07f885bc9bf54f6c1e3d6c8ac015247473ab44e0f504771adaa28db21dee0ac69862a6726346376f75d3939efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
568098993c54f8b8ea5302f65a001892

SHA1
e2dab0ea26645b87c959296f3fd0395dda8a7a01

SHA256
b3a751e75540e3b6fa94b9ec770294278c3ec3200af3c49159c9a1fa9233c30c

SHA512
ba04365e574e4b4be43bff55d61a8d4e29ad97137f3800a8a400a2f08da591ad9128c66cd659488a70539f9448c848b356a9aadc4073bf22ac33e5e7e1a49be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
29e00cfaf88ae9222d6b3bcfb78c17b9

SHA1
f5092973123499592164213939095fc046a89d4f

SHA256
f8c4e57c5e5d88db3e82f27e2fe6693034ee619bcc47c011217d38cbbcad9b00

SHA512
3a826b998707a49e96019118ffa19cc3bbda9b009101f48fd91345dd37ba0c8f047bd91362fe8759144b7e93dac9382f7b18a545f534686776b19077ee3d0e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
298fe74b4aeecc0be78e199563ca5b0b

SHA1
aa28c67b57fbe811bdead5c42cec8335b80f0151

SHA256
e19ef508d6e3f0d5560df353d6577060f4e843f589ced4f54f285d8788a2672c

SHA512
f701d023a02e22dab7fae4700405c4e97152919f2fb8aacdb22a4eff08a5b00166b453f5aefc73442eb5fe925e5ff01a1ee226ffbad0ec80955fe5971aa4cf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ff8fe3ae0aaffca4f37ca9ca07b7e942

SHA1
b51c58f2dae7d6cdefadd32e385cf7beada97123

SHA256
63d61b1836410fc197c91839bce4babac00a2b5c0c6ee20e2715fd5bb7780cde

SHA512
b270b920d25d0bc915efc1ff56f71accb7370c9197db8c8d834844754a7009cc1c3f3e64d67cafb5388b2bf13f6c772b089005de41ccc68653e2a27edc1f3742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b7d0b694a070dbbf03cc9d8cfa68c0e6

SHA1
0ac1b7940b3e12a560c617ba2344f3d8e8c75673

SHA256
6d0a39cd53db8175bb555df7e3fae11b270a02baf46c1b0b4ba5cd1bb133b3be

SHA512
59bdc53d5e8bb8eea3224a91b2505f4958ece46fbe1ab2f638d6191e675d7d983737626db9895ba8cdaae3fdde6d0ac7d400994a7051c98f6e47ad7bec565e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bfab97b1856c192f7055c54b680e4a4

SHA1
9b2f4e6d4d4d2d8cd60fb4a8520e5891b80ef84d

SHA256
f6b8485099f0ea06c67ea6485956413ca2e9f377c1ea1c592d142992c6b856c7

SHA512
110569dfd079801f00ce7b8b137b33d2b296b58c1900d560778e516c998a123b9cb13d4508bd0a467589c1c34ba0b2d07ac164289430b3664ca9cc582bd4673a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a1d.TMP

Filesize
204B

MD5
c17a5d3e88cc147267974509a55da4e0

SHA1
5ba7654afa68b07f0b6a3009d18d3ee6dc01da87

SHA256
96507972f6487e6fa3c4e84a1f9862295737c246f53f17ffc4377bd6693cc7b9

SHA512
f9288f89beabca03f8cfba230e7c92a3d703ad786dc6e6dcbe2db104e5198cacbb957cdbe3a98fa1cfa20ad4b15997c4e38af189aed5e57af51be1a7e132a713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8441a4ba584e278d3e0a0c68c0e488f0

SHA1
9866810ac5a94ede3da1c2f758a0a561081e8a6c

SHA256
bcbdea847be924283759b9984a6772899f52b3068707355e7aa65b0b27dcefe0

SHA512
cad2f824b633cd8c763078eeed72283995b1f582a7ba7b902f878548bda46b6e51a102d228224e0f15e594e815023fb9fccae2eef912a3f79c6ad7c9795b09e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5323736e16e2f48e4e13125004f26295

SHA1
08a57945eb3646c83c3731754ed6ed56d44f138e

SHA256
21c063fb8e71625320cc8f7ee9eb0e53bbb2a14c32da4ddf0dc0eebdc384a7e8

SHA512
96772d974220ea4ce9c85e5b17575535eef6a358ec3ef8aeaf24ccb4681778baaee9135eeade36c7ecc6fd7aff641ef09837bd6c9eba98f1e611d8b2bcffe5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
71644e0ddfd280166c089b2d320e197c

SHA1
61681e3cd5627d8f0e9603c7d1de51655b4ac99a

SHA256
882e4090a95cf49080e64e2e0a51f742790d05c50305692dc33456689f521c38

SHA512
f830aef32d1a28c5a2f745214238a4a5431e70c8e7ec9559cb3262b78d564066251740bdf54f0594df649920201b16fe88ce9d745cefef2dffdc3d6e8f1af3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dc37aa1602f17779b6eac1c5e006ec92

SHA1
da914ec14ac670f8d79467099a90eab603429605

SHA256
29a0df5cec7ba3b8262561ac7853c7bbd148c1408a114a24dd740d2d119ff114

SHA512
390baf0b640060d26e86c611b564f2a46662cb553df4abaecfa6f4603649506218eb346d9ffa8e5aba2ca59ad3ad9f15d389fa3444fe274ecff80c5d4eb08816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d9be9063ef99831261ce0a0c24864fa0

SHA1
c1981b4bb885acdfc7f612bfbff303d018affcba

SHA256
5336aaf83365f4d8c375821ed4b693ec04d81667a7f5c56a3e36b59764a91807

SHA512
f1b736ecd9674cf037e15a061cb0b8069c87265316facd2b46457554954f2368400dd25c73cece21ba396b8c4bf71e9dd45494c0e8e1191dd4ffdcc84e7aa2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4372679f942e6bf61301151fab7f5e7f

SHA1
a8f57471aa10644db091ff560ad48587524969ed

SHA256
238b2335844aa9b64d9ae79189aacb27b7a158d79bf3dfcbbc1b0ba0bc62d6a0

SHA512
271d1c1f2ecd7be7e549ec0fae975938825ff83a7b5bfb424c105fe113c11156f233c44b992c0a15335fc991e255daa510cc93f6dece2df6b82486e3a6876236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
71f83c9331930e0f3e2e37bcdea00542

SHA1
386d794ec6eeb8c8176f1dc2a70f69feba1f174a

SHA256
a085815738efe4a2ce483d332a84bacb8c56a35b4e2a05a71e7e2f9e0d364491

SHA512
30331cecdfcffa83fb1f59140738edcd11276669f62094359116362d9de6d214e6b1d43f4101b49aaf1c32eb07e8de3e02fe7b807ee9a175eb17abadfce5c811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{64819BD2-D4C1-11EE-B3BE-62A9A9A84F8B}.dat

Filesize
5KB

MD5
2cb0d3fba2c3cab3f7d43d930f3bfdad

SHA1
e0bce8a3c518916146c5e4d74ae5545d1740f8b6

SHA256
5b9c07f31e6d1b021d67e6d637441162a173e50e009e3e46807d1d029072d246

SHA512
a8949837bdd4a5f0a27e6f80a58fffa9e36d2ecf75ddecf621341d97c7c2d9e63e2ddbda140e2a3f646d3a71e5e427cf3b7d4292e260f5d37f3fed0e0c7db151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{602ACBDF-F2E7-11EE-B3C6-D65EEEF40ABB}.dat

Filesize
5KB

MD5
381a6e6a2cae1be30d409c75e8f25ce8

SHA1
934c7cba83c32361d7436e6310c103aa26368253

SHA256
eafce82b531a02e8eb27b559c4f2867c4469e2b944f9dd7f43f8e99e65111b26

SHA512
dd4a94d3069219f771662ae3c2204b5e4d8f65e5ce67cf7f120e9e16da4a75feeeb31e08d7bb5b09f0453af6d3cd7e6ccf3dd76707cbd160f1bab4ca4790439e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFA8532AC0F9EE279B.TMP

Filesize
16KB

MD5
9bb69e8629d380febe29b4034d245cc4

SHA1
851d6af4aa433861634ddcccb2d72ba015c5154e

SHA256
711455068e5030ed534fceb5feb07e125affad14d7f588d9b96a79e6d7e2444e

SHA512
53434c586b731bfae5e3b21778b66c2da0186753d7c2ccaeb7bfa04990fe535bf31fdd9f4bf9f97aeecd8cc8b17c57cd8d49533e1da4fca36aa3c49ee4f3ef60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
5KB

MD5
bd8d1701a68ae911f09f1c4e465173c3

SHA1
c940d8b8a319e9dd10b44a27a28e8115283f7118

SHA256
cbf32e3589c0917b062a4681d9f2ada26236d0e4a60fdacfc0dcfcbbde4cac15

SHA512
a490e3485b4ec4ab69a17d43be255d9fea8b9c24af324d4e89a513c95e1eb390f1b48fbeb4e74fe0eabc8437519ba21fb95ad0afcd32e1f67a03189d948e66a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8024d00ab1cc84e57637d5afb2002f24

SHA1
98ce7f473dac09c83555a4d80503751cf648a253

SHA256
316cba825b423a61d7f2b0061eb217f995d42167f9c8f07cdc280fc3dad1b9ca

SHA512
420743d21f9bfa0810dce6669680fd07034e9faabf103f31aa9956ec846b2792a609303019800a657be3810c5022a6f1b3eb99274283dc516b20d2b76c5338b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
e4e554ad15dc774d0afe08b3c84d4423

SHA1
bce549a8e7c3f5359e2282c8add3a69287793c9a

SHA256
f1648894c5a1636ad0b27f139f8b9337be8a6e9216ed2a30febd053e90c919d5

SHA512
6afe3bd47eefe065a4e1fc4894ed0423d6972b57b29362ecffd27437e40e52856b00834100010dbc6ec4f178913fc52677fd67be08dd6f09de9ce6ff123d9e53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\pending_pings\bda42cae-0d53-4235-856c-aec5c12b5d72

Filesize
734B

MD5
208a45b59868709e939026fd98fee703

SHA1
293304a1017d5c89192ae062aba1f640513da050

SHA256
78de4f3e381a3a9a2059fdaa2548e079c503525f6170b5f552411ff0b719ca11

SHA512
d74177de2c0bd0da041ba88c1fa8a23ff9228f84f1e79f2a0b73938a069f32fbf9f5930c8c4e314a91638004d034bc3ef2a898f17763a57845dd67fdd80ec2ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js

Filesize
6KB

MD5
5ea36175b5841db7cc36b2e0ae321f64

SHA1
33908e4aada166c4feff25985b382b75a28cee11

SHA256
d6c671605edad58f5243146ea5760124ca1fd1d23ad0c2d893cce131f1c386a7

SHA512
098739f6706da56def37ca275664dff3b0f58da7f66c0f1b794d38466ae4bff1685e8d79ab4508b1b24374c767d963fd2fdbab1e4fcc4523434f47020880f67f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs.js

Filesize
6KB

MD5
05b3f574499c7e6a7c529fa92646e2ba

SHA1
2819fbfb6ea8d124783517c29f88124093d0bb7b

SHA256
93f2e3eedfa95e5229248209c88ee894d4a9f7581c8dacb5f80be308d1591b06

SHA512
155e35f15f712345b7056d38b4522c44fe2ee049bbbf37b199217ad55aad01e3a642146f7f57669d61fc74f402d9bcc4ac6907c4d5d4c71f9752cee4fb4f1b85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
94b480b4cb35f0526ff254c99bfdb07e

SHA1
a80ea2f6ff203cb106f64ce333bf84d3599ff6fe

SHA256
9ffcf2b53ef7c2d6f6b4e8f4827f04a80d59bb1e07a969e00e0f88e635f4072b

SHA512
0b91f53a1d7bbabfc1c9d5d7b464d1be709c6f3bf87dda47711dae2484d97859b99cc8b05c7342143d6cfdecca08a798958db36c22b9bf3d0613f5d01f4399ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore.jsonlz4

Filesize
956B

MD5
3fe804b1702283b68e2da2ee2d3b2ee6

SHA1
54db265ff23b9727211a34ad2823a15894637b12

SHA256
d313f12c1db2f7def6a570b9f043114bab29af73e3afdb6ee7eb353ae7e3d62d

SHA512
ae5d596adf1f289a882b9698a4b7f376de02c9bbd43e8db1bbf8f8eef4f28ec522799b11d21e5c28aa3e0f7612f986fc700561f1a643f065e4e557692f2838ec

Download Submit
C:\Users\Admin\Downloads\Bonzi.zip

Filesize
49.8MB

MD5
65259c11e1ff8d040f9ec58524a47f02

SHA1
2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

SHA256
755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

SHA512
37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

Download Submit
C:\Users\Admin\Downloads\BonziBuddy-1.5.0.zip

Filesize
997B

MD5
b2a6338ccd902e6bfdef228fb0f7a270

SHA1
d0fb880dcca92309143dc16f52f6d7d2fa354176

SHA256
e2f28b842a249fe17909983c887ee70715114bcaa422615c3e37163dbc4307e2

SHA512
f3e50c22b898827a373a4a4f60f1b7a842baba1b20dec539f43f92fb2ca8b2344c868732697ee2bcb90332f5dbea2bc2b9b0f58d32477da2aebe402169f6c628

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 458717.crdownload

Filesize
13.5MB

MD5
660708319a500f1865fa9d2fadfa712d

SHA1
b2ae3aef17095ab26410e0f1792a379a4a2966f8

SHA256
542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c

SHA512
18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 720626.crdownload

Filesize
91.1MB

MD5
f275f72b431dc3d3f066a4892d62de09

SHA1
6b246a62699697d0a11bb6e3a11fc85e9f1731b6

SHA256
f7167f506ddd2d76329f7a8d77f235491bb75ca5825fa5176e8a5cf612b0e053

SHA512
078b06ea93e6eb307894b2df577442240d900426832a2333c80f4b0d45fd97d28a471d67ef8126f8cd07cdc4829a13646cb105954d5a283aeebdbe5458b5ba5b

Download Submit
C:\Users\Public\Desktop\᩽୴ሪᘩ௩ᛪ⫇てᣭᔁ☉⡴◇᧕⍐ܟ

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
380KB

MD5
9412eab52c23b200bfe27eacb1862349

SHA1
8b0798e7a4db80b3773c8c42f7cffbcec8326130

SHA256
829a125e5f83650081e6a0135231f82b62ec0fee40b68653ba9f71f66d2e4316

SHA512
64d2786187b64629cddc930e8100381d80b787a29fe50be2f189e0601f9ee6a27eb8c7ddb9bffe705cd6e34d67d65168d8464c48052aa7bf514719f0dbaa7769

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
7631b765f193c01c392cdcfed056f82b

SHA1
912b078ace304a7a4f0b94434f330669f80b7221

SHA256
53ce916649818842bf7a82f27837bb3ad5648ba1e7858669534df30b1ca92a71

SHA512
31da7baf73c4521bdd53336ea1015c223f316c10582e0aa3f5968f01e1896f154edfafbc2938b2fa043bbd0de27bb8f374fd8d963f2372df77c5fd98d3939ff8

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
395KB

MD5
c35b66fb7aad24e26a89da695c14946e

SHA1
0de5c0eb0592378fcea90384556881b954254c1c

SHA256
fc4822c03e3ce76c3f5b0a5daa12affce28cefb0ef33161d1d26b4ce4ec8998b

SHA512
abff78a8c52ca4278b16f998d07d266a8c1a603d32cf83f3e06683c55e89d060e927babaee94ee127f20ee980b1c1c275537f0beee94c07f0569ab7c9f3e0f83

Download Submit
C:\vcredist2010_x86.log.html

Filesize
80KB

MD5
d5b60929d748e93c0dd676a00aec5698

SHA1
9aef20394e798f685674c811c235873b49daf84d

SHA256
badabe7b4af2e2429a94f2a9608aff88c72992e3ee54787991fa205bb91bbb82

SHA512
a0d058c5338b761e4d96afad599ba064d65d06c9fb596796931254ba101a56a8967ff709edade163882e65916828da4b6af7e8a5fcc598845cc1f82dc3638445

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
168KB

MD5
861c17524cdc6940fe9d7552938dff39

SHA1
e12d6a271e385e3eeb18a8cc7fea0934547eee05

SHA256
320bf8b97f1e816055dfbaae959f8fd0221343c19402cb8b365697ce31b62f77

SHA512
08965c719951498896d8f4b3724f3b25eb23489b7624bff252b20abdd98da1b08efb4404d485a9b52ad820548ce84bf1cbf979a495f1817339ae523020bdeb0b

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
a27f5bad578205f7145b7ac3663b5c32

SHA1
e16afe1b40d31e98a549573fe2e0c4a74d91ff6c

SHA256
62f4df2dcb1c7ee2373c23f97689a9cfba1263501d2f7094281f4cd5cce5689f

SHA512
fa7e5c5a5f1b7df2dbdb663bc79bbb57414a86a22e8d44a444d803c226b0c6874049ba90228109bb2a95e252028c4c67a18c4b9fa584fcb35a50d0cf005b0e31

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
e08edfbea54d9505cbc42726c50d1a47

SHA1
03448963f701a3caf9cee5386d3a24a166586f82

SHA256
9a92879369170caabcb878eeacf063db9792d9a67f361c29088b4c4dc35775c2

SHA512
e7e00730274669e09f40e66c58fe74d1eb5c808b829e27f10153d7e94ebd9ef8966613791f3288ad2d780a590e8a2eb45c82bd3f2bbf65429c99bf39c93e3741

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
60c8750fc057d296ef7ccd6b6a06b4f7

SHA1
bc81f2dbd088582fa5e9b8b6b7cf09c1d735d1c6

SHA256
8241549f5caa14629e530b8bf9369df9f363f869d0c749f44881729381cd1ccb

SHA512
658aa38c6c53c3b6f2201251f52d8acef0123aa2a7c681767c139a1eed7bdc0f43fe03cb67bde2fc39a5fb56fd65943821554d62846a03423c1a520caa6d11a0

Download Submit
memory/5604-2604-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5604-2984-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/6752-4424-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/6752-4425-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/6752-4608-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads