9ae0449c3a39d09fd963fce70aae5bc6f5ff2f08bfa902d306b40f33bdaa3cef

Analysis

max time kernel
942s
max time network
958s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 12:09

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-25T12:26:11Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_3-dirty.qcow2\"}"

Report Analysis Logs

General

Target

Bez tytułu.png
Size

210B
MD5

96406703da080780229fa319f2448994
SHA1

787b6fe4be3e95e0592f9deddaccdb2a5eb4ce41
SHA256

9ae0449c3a39d09fd963fce70aae5bc6f5ff2f08bfa902d306b40f33bdaa3cef
SHA512

c136373ed8c0683dc69e6b56c6bf7a2166b86621ac74de0bdca59bfaa0f1c65d7e3b451be3c981f37dcd130ce053d14137fe059d0a22b2834580ab6493b1e325

Score

8^/10

bootkit discovery persistence ransomware

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

MSAGENT.EXEtv_enua.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Sets file execution options in registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

MEMZ.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe	MEMZ.exe

Executes dropped EXE 15 IoCs

Processes:

butterflyondesktop.exebutterflyondesktop.tmpButterflyOnDesktop.exeMSAGENT.EXEtv_enua.exeAgentSvr.exeBonziBDY_35.EXEAgentSvr.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exerkill-unsigned.exerkill-unsigned64.exe

pid	process
1356	butterflyondesktop.exe
3296	butterflyondesktop.tmp
5152	ButterflyOnDesktop.exe
6796	MSAGENT.EXE
1680	tv_enua.exe
5168	AgentSvr.exe
1800	BonziBDY_35.EXE
7796	AgentSvr.exe
1772	MEMZ.exe
7504	MEMZ.exe
1876	MEMZ.exe
3928	MEMZ.exe
6892	MEMZ.exe
3816	rkill-unsigned.exe
8848	rkill-unsigned64.exe

Loads dropped DLL 37 IoCs

Processes:

BonziBuddy432.exeMSAGENT.EXEregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exetv_enua.exeregsvr32.exeregsvr32.exeBonziBDY_35.EXEAgentSvr.exe

pid	process
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
5044	BonziBuddy432.exe
6796	MSAGENT.EXE
452	regsvr32.exe
3564	regsvr32.exe
5508	regsvr32.exe
7368	regsvr32.exe
7592	regsvr32.exe
7260	regsvr32.exe
6060	regsvr32.exe
1680	tv_enua.exe
6460	regsvr32.exe
6460	regsvr32.exe
4984	regsvr32.exe
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
7796	AgentSvr.exe
7796	AgentSvr.exe
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
7796	AgentSvr.exe
7796	AgentSvr.exe
7796	AgentSvr.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

butterflyondesktop.tmpButterflyOnDesktop.exetv_enua.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop	butterflyondesktop.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe"	ButterflyOnDesktop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 3 IoCs

Processes:

tv_enua.exe

description	ioc	process
File created	C:\Windows\SysWOW64\SET800B.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\SET800B.tmp	tv_enua.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

MEMZ.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png"	MEMZ.exe

Drops file in Program Files directory 64 IoCs

Processes:

BonziBuddy432.exebutterflyondesktop.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\favicon.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\registry.reg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\emsmtp.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif	BonziBuddy432.exe
File created	C:\Program Files (x86)\Butterfly on Desktop\is-K33IP.tmp	butterflyondesktop.tmp
File created	C:\Program Files (x86)\Butterfly on Desktop\is-9UITD.tmp	butterflyondesktop.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvcrt.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\Butterfly on Desktop\unins000.dat	butterflyondesktop.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg	BonziBuddy432.exe
File created	C:\Program Files (x86)\Butterfly on Desktop\is-UBKKF.tmp	butterflyondesktop.tmp
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\chose.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Uninstall.ini	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Regicon.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Intro2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSINET.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll	BonziBuddy432.exe

Drops file in Windows directory 56 IoCs

Processes:

MSAGENT.EXEtv_enua.exeBonziBuddy432.exe

description	ioc	process
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SET7AA3.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET7A69.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET7A6C.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET7AA1.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File created	C:\Windows\help\SET7AA2.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET7FF7.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET7A6A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET7A6B.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET7A6D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET7FF7.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET800A.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SET7A6D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SET7A6E.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SET7FF9.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET7A80.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET7FF8.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET7A6A.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET7A6E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File created	C:\Windows\INF\SET7A80.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET7FF8.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET7A70.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET7AA4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SET7FF9.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET7A69.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET7A6B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File created	C:\Windows\msagent\SET7A6C.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SET7AA3.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET7AA4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET7A6F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\help\SET7AA2.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SET7FFA.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET7A70.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET7AA1.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File created	C:\Windows\msagent\SET7A6F.tmp	MSAGENT.EXE
File created	C:\Windows\fonts\SET7FFA.tmp	tv_enua.exe
File created	C:\Windows\INF\SET800A.tmp	tv_enua.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

6440 5280 WerFault.exe GooseDesktop.exe

pid	pid_target	process	target process
6440	5280	WerFault.exe	GooseDesktop.exe

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.22000.1\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420812558"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\SearchBandMigrationVersion = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31102818"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Recovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "1118291146"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\SearchScopesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19411BFB-02FE-11EF-AEDC-6AC92AFC3195} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585206193229539"	chrome.exe

Modifies registry class 64 IoCs

Processes:

BonziBuddy432.exeregsvr32.exeregsvr32.exeAgentSvr.exeBonziBDY_35.EXEregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74179610-5A56-11CE-940F-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\DefaultIcon	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\InprocServer32\ = "C:\\Windows\\msagent\\AgentMPx.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\ToolboxBitmap32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\TypeLib\Version = "1.1"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinSource.1\ = "SkinSource Class"	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F67-055F-11D4-8F9B-00104BA312D6}\LocalServer32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\ToolboxBitmap32\ = "C:\\PROGRA~2\\BONZIB~1\\SSCALA32.OCX, 210"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31D-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\TypeLib\ = "{6B1BE80A-567F-11D1-B652-0060976C699F}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ = "C:\\Windows\\msagent\\AgentDPv.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame.3\CLSID\ = "{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\LocalServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\BonziBDY_35.EXE"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ImageListCtrl.2"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\ = "IToolbarEvents"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\ = "IButton"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriod\Clsid\ = "{E26DD3CD-B06C-47BA-9766-5F264B858E09}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\ = "RegiCon"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinForm	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}\Control	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\Control	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\Programmable	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E20FD10-1BEB-11CE-80FB-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B1BE807-567F-11D1-B652-0060976C699F}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0A45DB48-BD0D-11D2-8D14-00104B9E072A}\2.0	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton.1	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F5A7562-BDC3-41F8-8122-4A54D2C3C50C}	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7F-3917-11CE-80FB-0000C0C14E92}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs.2\CLSID\ = "{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CurVer	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe

NTFS ADS 5 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\rkill-unsigned.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\butterflyondesktop.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Malware_pack_2.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Bonzi.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Desktop Goose v0.31.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
4844	chrome.exe
4844	chrome.exe
5536	msedge.exe
5536	msedge.exe
2320	msedge.exe
2320	msedge.exe
6384	msedge.exe
6384	msedge.exe
7732	identity_helper.exe
7732	identity_helper.exe
2416	msedge.exe
2416	msedge.exe
6400	msedge.exe
6400	msedge.exe
3928	MEMZ.exe
3928	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
1876	MEMZ.exe
7504	MEMZ.exe
7504	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
7504	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

GooseDesktop.exeMEMZ.exe

pid process

7744 GooseDesktop.exe
6892 MEMZ.exe

pid	process
7744	GooseDesktop.exe
6892	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeButterflyOnDesktop.exemsedge.exemsedge.exeAgentSvr.exeMEMZ.exemsedge.exe

pid	process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
5152	ButterflyOnDesktop.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
5152	ButterflyOnDesktop.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
6400	msedge.exe
7796	AgentSvr.exe
7796	AgentSvr.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
6892	MEMZ.exe
6540	msedge.exe
6540	msedge.exe
6540	msedge.exe
6540	msedge.exe
6540	msedge.exe
6540	msedge.exe
6540	msedge.exe
6540	msedge.exe
6540	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

BonziBuddy432.exeMSAGENT.EXEtv_enua.exeAgentSvr.exeBonziBDY_35.EXEiexplore.exeIEXPLORE.EXEVineMEMZ-Original.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeidentity_helper.exerkill-unsigned.exerkill-unsigned64.exe

pid	process
5044	BonziBuddy432.exe
6796	MSAGENT.EXE
1680	tv_enua.exe
5168	AgentSvr.exe
1800	BonziBDY_35.EXE
1800	BonziBDY_35.EXE
2560	iexplore.exe
2560	iexplore.exe
4896	IEXPLORE.EXE
4896	IEXPLORE.EXE
5892	VineMEMZ-Original.exe
1772	MEMZ.exe
7504	MEMZ.exe
6892	MEMZ.exe
1876	MEMZ.exe
3928	MEMZ.exe
1640	identity_helper.exe
3816	rkill-unsigned.exe
8848	rkill-unsigned64.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1544 wrote to memory of 2752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 752	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 4952	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 4952	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe
PID 1544 wrote to memory of 2104	1544	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Bez tytułu.png"
1⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb84d4ab58,0x7ffb84d4ab68,0x7ffb84d4ab78
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:2
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3576 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3832 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4216 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4796 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4744 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1632 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3156 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5140 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5428 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1600 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4296 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6072 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4268 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5924 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5816 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5664 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5648 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6308 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5336 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6564 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6864 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7040 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7196 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7324 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7340 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7336 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7616 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7776 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8212 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8040 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8516 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8684 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8652 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8888 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9180 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9360 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9516 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9692 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9492 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7676 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7748 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9956 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10316 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10484 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10436 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10324 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10832 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10972 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11164 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11112 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10784 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11484 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11720 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11900 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6556 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=10700 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=11304 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9892 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=11212 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10656 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10724 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10228 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7728 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6540 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8116 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=8156 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=6868 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:8072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=6548 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=10268 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6300 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=10756 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=10520 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=11764 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=7976 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=12052 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8924 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:8152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8904 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:8156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=10620 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11520 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10556 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10544 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10868 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10760 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5220 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=5192 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=11496 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=11928 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=10960 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=6904 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=10100 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=8748 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=5496 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11676 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8796 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8700 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1160 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:6528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8808 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4324 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:7540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9672 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:7636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=7612 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=9504 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=8916 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11268 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:7756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=9676 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11332 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:7452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9168 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7332 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10804 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=12092 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=404 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=11460 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --mojo-platform-channel-handle=9508 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9144 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=3404 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=5944 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=6380 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11192 --field-trial-handle=1788,i,642964232769014847,2332374697838113107,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4116

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:7344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4824

C:\Users\Admin\Downloads\butterflyondesktop.exe
"C:\Users\Admin\Downloads\butterflyondesktop.exe"
1⤵
- Executes dropped EXE
PID:1356
- C:\Users\Admin\AppData\Local\Temp\is-USR81.tmp\butterflyondesktop.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-USR81.tmp\butterflyondesktop.tmp" /SL5="$3028C,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  PID:3296
- - C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
    "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of SendNotifyMessage
    PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:2320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
      4⤵
      PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
      4⤵
      PID:5532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
      4⤵
      PID:6068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
      4⤵
      PID:5684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:2396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
      4⤵
      PID:7884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
      4⤵
      PID:7004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
      4⤵
      PID:7076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
      4⤵
      PID:5244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,1574192598358335110,9891420823642939753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
      4⤵
      PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Users\Admin\Desktop\BonziBuddy432.exe
"C:\Users\Admin\Desktop\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  PID:6808
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:6796
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:452
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3564
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      Loads dropped DLL
      PID:5508
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      Loads dropped DLL
      PID:7368
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:7592
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      Loads dropped DLL
      PID:7260
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      Loads dropped DLL
      PID:6060
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5168
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:7732
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      PID:6460
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      PID:4984
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:6400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
    3⤵
    PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,11881646751009578955,12531324822097438259,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:7448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,11881646751009578955,12531324822097438259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,11881646751009578955,12531324822097438259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11881646751009578955,12531324822097438259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11881646751009578955,12531324822097438259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8112

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:7796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:1536

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:992

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2560
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4896

C:\Users\Admin\AppData\Local\Temp\Temp1_Desktop Goose v0.31.zip\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Desktop Goose v0.31.zip\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe"
1⤵
PID:5280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 1156
  2⤵
  - Program crash
  PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5280 -ip 5280
1⤵
PID:7496

C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:7744

C:\Users\Admin\Desktop\VineMEMZ-Original.exe
"C:\Users\Admin\Desktop\VineMEMZ-Original.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5892
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1772
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:7504
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3928
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1876
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /main
    3⤵
    - Sets file execution options in registry
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Sets desktop wallpaper using registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:6892
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:3372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=smileystoolbar+download
      4⤵
      Enumerates system info in registry
      Suspicious use of SendNotifyMessage
      PID:6540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:2812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,7053491305869165975,5611539874694918458,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
        5⤵
        
        PID:5628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,7053491305869165975,5611539874694918458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
        5⤵
        
        PID:2040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,7053491305869165975,5611539874694918458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
        5⤵
        
        PID:1524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7053491305869165975,5611539874694918458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:7800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7053491305869165975,5611539874694918458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
        5⤵
        
        PID:4064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7053491305869165975,5611539874694918458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
        5⤵
        
        PID:5960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=preventon+antivirus+download
      4⤵
      Enumerates system info in registry
      PID:7296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:7456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,13265478828372819149,17754500084730976298,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2
        5⤵
        
        PID:7188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,13265478828372819149,17754500084730976298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
        5⤵
        
        PID:5272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,13265478828372819149,17754500084730976298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
        5⤵
        
        PID:3624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13265478828372819149,17754500084730976298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
        5⤵
        
        PID:7512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13265478828372819149,17754500084730976298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
        5⤵
        
        PID:4484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13265478828372819149,17754500084730976298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
        5⤵
        
        PID:1120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=animated+christmas+tree+for+desktop
      4⤵
      Enumerates system info in registry
      PID:7668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:2768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        
        PID:6880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        5⤵
        
        PID:1652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
        5⤵
        
        PID:6256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
        5⤵
        
        PID:1260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
        5⤵
        
        PID:1452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
        5⤵
        
        PID:5264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
        5⤵
        
        PID:5796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
        5⤵
        
        PID:8128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 /prefetch:8
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
        5⤵
        
        PID:6436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
        5⤵
        
        PID:6656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
        5⤵
        
        PID:3156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
        5⤵
        
        PID:7624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
        5⤵
        
        PID:3176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
        5⤵
        
        PID:7968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
        5⤵
        
        PID:5060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
        5⤵
        
        PID:4784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
        5⤵
        
        PID:6700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
        5⤵
        
        PID:5292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
        5⤵
        
        PID:7952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
        5⤵
        
        PID:7892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
        5⤵
        
        PID:5536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
        5⤵
        
        PID:3520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1744 /prefetch:8
        5⤵
        
        PID:1320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2636 /prefetch:8
        5⤵
        
        PID:7044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
        5⤵
        
        PID:4664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
        5⤵
        
        PID:3376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
        5⤵
        
        PID:3168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
        5⤵
        
        PID:7332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
        5⤵
        
        PID:7368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
        5⤵
        
        PID:6392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
        5⤵
        
        PID:1616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
        5⤵
        
        PID:7048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9105853885022300337,10729551291266780692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
        5⤵
        
        PID:7652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=cool+toolbars
      4⤵
      PID:5936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:1664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong
      4⤵
      PID:7564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:5508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=snow+halation+midi
      4⤵
      PID:3336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0xfc,0x130,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:8164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=bonzi+buddy+download+free
      4⤵
      PID:4664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:6920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=smash+mouth+all+star+midi
      4⤵
      PID:3520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xb8,0x12c,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:3724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=how+to+get+cursormania+in+2016
      4⤵
      Enumerates system info in registry
      PID:9024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:9036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11800752414506479769,12251608962660161898,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
        5⤵
        
        PID:8240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11800752414506479769,12251608962660161898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
        5⤵
        
        PID:8248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11800752414506479769,12251608962660161898,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
        5⤵
        
        PID:8288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11800752414506479769,12251608962660161898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:8456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11800752414506479769,12251608962660161898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
        5⤵
        
        PID:8464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11800752414506479769,12251608962660161898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
        5⤵
        
        PID:8764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer
      4⤵
      Enumerates system info in registry
      PID:6560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb713d3cb8,0x7ffb713d3cc8,0x7ffb713d3cd8
        5⤵
        
        PID:8156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6221850287054831267,16286778568294867564,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2060 /prefetch:2
        5⤵
        
        PID:6212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6221850287054831267,16286778568294867564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
        5⤵
        
        PID:7100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6221850287054831267,16286778568294867564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
        5⤵
        
        PID:5440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6221850287054831267,16286778568294867564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:1960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6221850287054831267,16286778568294867564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
        5⤵
        
        PID:6536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6221850287054831267,16286778568294867564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
        5⤵
        
        PID:8932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,6221850287054831267,16286778568294867564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 /prefetch:8
        5⤵
        
        PID:8476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

C:\Users\Admin\Desktop\rkill-unsigned.exe
"C:\Users\Admin\Desktop\rkill-unsigned.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3816
- C:\Users\Admin\Desktop\rkill-unsigned64.exe
  C:\Users\Admin\Desktop\rkill-unsigned.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:8848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
99B

MD5
4de674e08ea9abd1273dde18b1197621

SHA1
7592a51cf654f0438f8947b5a2362c7053689fd8

SHA256
56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63

SHA512
976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
068ace391e3c5399b26cb9edfa9af12f

SHA1
568482d214acf16e2f5522662b7b813679dcd4c7

SHA256
2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485

SHA512
0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

Filesize
3.0MB

MD5
81aab57e0ef37ddff02d0106ced6b91e

SHA1
6e3895b350ef1545902bd23e7162dfce4c64e029

SHA256
a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

SHA512
a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
325KB

MD5
f55800e11d5bc9c560325e16cc42686b

SHA1
94047895157f67d47eb7663459822a2fb63bbb52

SHA256
6026293250290eb649e0bf3b1fa1d5d8fca1386b80457bbda13095c10cf50e19

SHA512
f983b6100c94d643ed59f7f040622007aa6f044e1e4ae6cda171a99c16be4931fc09c859ffe8ed7f1a21eb1325cca3393573a658c58ff723cd82f2e5a0bfd0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
138KB

MD5
4b938035bb41d422eb7cb50d5cefdc1f

SHA1
775d4ec9dacf39d88b11797b477f05f2f83db818

SHA256
000da8d781ead6421966e11dc6a7ed2d0f9f483d302e0fe155742fe87231a0d9

SHA512
45155ab9748af95b69e73d15849ff2b5459d290672b57ae84e2c1c7b48e8fedbc7fe1374e31722643a53dc4a7c23472a3121cb19ceab1ca5a5e61fd154a7c7c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
67KB

MD5
6e52a644708109836adae5b691622755

SHA1
fa6729b150828dba23c6cadd92c6b524529ccb9e

SHA256
9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e

SHA512
6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
54KB

MD5
655ab60bc5e25144e1a652769f3f0531

SHA1
f47742144b981b3d202d0a99dd971b6cd95a03c4

SHA256
a539bb34524b071e50373e5cb15d6e4e9d48233c2c14d8110b758c047bb91721

SHA512
c29f7c501cc97c2d924d5dc5b8db65ebb9595ae37f4efb62a6a57110365abd027c366ad23b9a41e8aa046a6a92fd915ebd89ffc543223062b094d24c307e4503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
28KB

MD5
c01f83f235ddf3bbf232c068a35e5f08

SHA1
063cc60901640f7d95f901342c5c01bae899a328

SHA256
d7d23f40a511f85ab95089860ab19fd5ca31f0ce2291433470551750c0e66712

SHA512
cfae1517eeaad188d4eb6a882fb8775738e5770af141137214de2e1196c852c22968276dbfa17214a915dabc6b3685bb5d30475972026305da58e6baf6dc50da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
50KB

MD5
37cb942de99528065651dd24c2046bd9

SHA1
5da72a008909edf395485e5ef904bb50c11e2ebe

SHA256
d4e814249b0c78135d8ee8c1b5a77ae72be68a06f6f28656ca179b11e31c4575

SHA512
41e1e7f57c04649e43d627b8ab3b45b80497a8a369a136cbae6b0b77b2eccf58dbc2e82d7ad212b98248c839e5222e9077ac6a7734851e84f12c77697d72ff1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082

Filesize
20KB

MD5
4bfdb3e265a3745aecb98decf1bf1a20

SHA1
f9139d5471ee061cb9b2aab7836f471412f30cc0

SHA256
f8489b02807bc7689a7e6b8d99e8157b728a61063b5508d3ebc01cbc9f328f11

SHA512
a33b444a8900edf6964f1af88d09ba758cf4c078ff1354449326628ce536edeee9f690f81c759b22fa0f05890e690fea3f26afad29d4b4722f3916747713b139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085

Filesize
29KB

MD5
1b25f91becb5b5d09b0455ee6b1f894c

SHA1
8c10d102f96bb8870eeabbb235bbcf50f796cc92

SHA256
9321594d97f663627a158e9c30f6bb36567b2dadf4efb6e8c53a8e6853d420e9

SHA512
bbd4fbdce9962cf95b5dd63df408370b93f3dd6ad5088065d657cf9fa34805e35337b92b7eaff505bbb8843cd0ccb481a3af7298f0187f840872023f252f6c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

Filesize
139KB

MD5
af97c82611f009edee5cf339838b5d42

SHA1
09494435f4434ca54d59586268b6d89a5872ecbd

SHA256
1ee83c4c5e0afddfd9df9f1e1815ef9b27028758d3bb4dc53a35cc7443bb32d2

SHA512
9be9ad37281caed1c2417e288c68eb9b6f7008e097d50e9b5253e76c13a4779a1ff0fc066c51e863cd3e5940ad8aa25d540851432a7dcd166497e64d9f71c701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000088

Filesize
94KB

MD5
eff0532c0151cdb7411e0b28760d61af

SHA1
0831a3a7e737183d20589f4ce1526254dbbd404f

SHA256
35616ad678bd5a757cb9c00fc498f9730002d366a4f66ee83133666839cf2f16

SHA512
061e255f55d0a999e7b6a490dc585dbfea5b869a7f91b6eb9538566aabf1d2392600a14c1061a25acec4bb81faf50562b806d4e28f439d197ec5ad3d9315cbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089

Filesize
140KB

MD5
a4301d3968c0e748dcc20610321a2cbe

SHA1
a1e896f14ef06f3cd59dea0e0f00b9bb70138b69

SHA256
4b8b341d819f2f4110e93b8b1bf4ccb4c1257d7ee07f453b759dd745ddccb399

SHA512
5778d2626f0a0ad80a2e182afd9db8aa7293b9ab96e2aadc103f7894dea083a4db93543620eb62a6c453c40d8840d190867f622954389e2661252d45a3e4cbcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

Filesize
181KB

MD5
4005c2f054d364681bf07a2ade2fa018

SHA1
f9bc2368adee93f67fabca5a50b6f685fc7f027d

SHA256
7efa2ac7c9aef3af5f4b4667a703b5dce2ae88a83c4cd5bd3ff2e98a31ff396e

SHA512
89a3c85d4649d8650194de64845dd69c4626745d8298fdbf75a72217bcb4528d5dd773629f124a93d2c85b68b3840422688ec31238c3bedd9ed5cb871d54a165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3

Filesize
19KB

MD5
d17d64e55067f5f164aa5dcab0e4eb6d

SHA1
e887b24c99ebf05cef7de818db18f17a82ccc612

SHA256
e010e5a62f6cfc598cbcbe4e0ba9b9f3aded1ae590bcc209cbb15027249cdea0

SHA512
72a77a0f04b05a29d40f9ce9ecc4aee1e74391d2ae632dfe4f192eeae7cb937a16a8dc38c2c0b060daaaf6916f7a32d2de6060aa485d2435583c40527d9496bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a4

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ba

Filesize
235KB

MD5
57c1d0faa01b24df2553b9b2695b1780

SHA1
0b99b6600e0a6324ea7b3dc9d7940c3618f67035

SHA256
ebf77970f69711f93632374574ec5188f3f3a10645062500097c436a02a2498b

SHA512
41348aa2d39cb79f8d92173767dfff6a3e8a098d152a6fd60ee6b0926850f690bf524d4f043d1eede0e2dbde3b2636aa941f0caca5e6cc201f544c8e83aadbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c5

Filesize
16KB

MD5
940ce2568d63641a27b66eacd1f21940

SHA1
926eec66516b3f1a2691de1683bdd95054af5f65

SHA256
3703fd820de610b765ddb59768800914c683a20b9eb4214c5cd6fce3af55e0b1

SHA512
4838d02227b86fb784ea817386aa5a001999c5a5d28a4b1a0bffd7e1445e874f35c7d4f990ef1eab936fdcb56a5445d65fedafd34abd472cd58be2de4d42d1f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dc

Filesize
46KB

MD5
fc61620b49e35cb359b1f0cf208f6a87

SHA1
54d6ad78961f356ae02cf52144e2baed96f97485

SHA256
65cf192b867dddedcb10ee782d29d0989c00395fc6ff6a0923e23756ab8e0eba

SHA512
17ae00dcb2a9293e33007c623ebb462ba4961e345255733b03b1dcd4bbecf34db280e77b57813e5b5c42467ec0a7c7af1b40fb038650fe526be380f4624dea17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000de

Filesize
17KB

MD5
3dce8de287ca66531eb006ede5b8486d

SHA1
e157d86f85aa30a6045d64f9ec1f5f2fc9a1d55e

SHA256
e0998891742e76c963c3162494bf96821d8cc3f3d7b19d2cdf8f6bede77d2ead

SHA512
9e126d3e7e2144b48abef2ff74503bf56b20310512a67c4a528cfa9aa3b0671742521a7f15e1baf8ca7d4c1559b46d6852015e48808099f51970f1357fcb5bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000df

Filesize
94KB

MD5
f3bfdecd86e09af2ee69a56249949556

SHA1
86405e5f3e43d57ab98f95cd3cd6de18f5b18d37

SHA256
e5dae6757a84e195401e6791184ea90e828b367ec25268f86e5232ff601dcfd8

SHA512
a6efeea9ff6d65995f41c18f821ea2e642c8d2c1bfcde40807a2e0f05e7da9391b87a316d96e6de8420c7410593d4f08c24e9511d277b24302286f8973fd8598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e1

Filesize
790KB

MD5
63052f9d32d168ab83c9024441f5fd1b

SHA1
d9907e0248f2d26f63dd4989ee31ef9f8fcd3d9a

SHA256
ab7cb8bd7f130fcfef08bbe8b8fae1e1144ee15f65f28f412385f4339ee9732c

SHA512
6b9ba4c31e5a9fe6a65ab2f612c38158082739878e1d8e43c4113c25c6e5f5d3556606dd11fcb36e46f64cdb6a69213b0c531859217cb9efd837ce251252a284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e2

Filesize
32KB

MD5
75fddb22b91a194777959bde65b78df1

SHA1
6ea7c4cc7b7ff6450e2c021c7582f5144824e65d

SHA256
156452ba5d501a5ad1a75f32810563b22a75e4eb2a4356298061b21298edd9be

SHA512
4d7c2e914982df41ce43542f29a2f2635c209e0bb4fcca7067ef5c47b6441af45403b6126dd310fd3ba5fce2804941060186c9be6ecb6c077113e53db20ff8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f7

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\15e7b6c9fe8d8c22_0

Filesize
228B

MD5
f5d36c59a52fdf185394a45dccb1913e

SHA1
1c6fd0ab2551e2d754670ad42022b3114025da64

SHA256
2b72ae06b037ac0d0953afafdbbb1fdeabd581a0915de999b733336d2a0c225b

SHA512
768dc07be98fd3ab75c4f657b1d41f8c180e088ade8d7e4322156bac0b351dea2540f715640f34faf36ad0486aafaa2fcbe8bab31fc52c0540055394e6890530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a2010d1c5bfb556_0

Filesize
226B

MD5
4b55904d69db0b6273306cc3ad9b2430

SHA1
ba2f8475518dc756e7d41d0250e2e139c800126a

SHA256
8f9343baa1626e6f39f1d5fb43612e1693a147334a3ef35bd3dcf04c452772cc

SHA512
964e36d7587f67c705606df3c595190d1b8de0a917fa13aa34a495bb964dd6bfce95bfd01fff7cb5893d65fbf7d67adfb188e71fd81fc926e9ee04ec5b4ee11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\25a31b99a94c4654_0

Filesize
218B

MD5
a3cb9316fcf8ccc2d010e044d6552ab5

SHA1
341f90b1919c8a8574a904561b8555f27c2038de

SHA256
eefbe5c223eb6bf584d2518ecbd564623db0e42f7254d8ac196adf077565ccbe

SHA512
7aba61f6a4c05f9e903b36834d0d9a3eeaa894ce1eb9c867793d0f70941d3d4c685befe24623bc3c5e85e56b281416ab30ce2b92b3178bff0e540f0387578122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\28a1f446fcf129d8_0

Filesize
227B

MD5
11777e40521ad7807127809f0e49565b

SHA1
2f47420b0e0d6d274f48e610a98cf9ef859e341c

SHA256
4004babca0de2e36049b14c1315e386134e77f3a3e056bb0b3f2a36ff0b3730d

SHA512
914bb0a6e966ac249d271f681020b231b6fa92162e543d1f94563767d67d3b757652a6090d7fc32c467a6539c44f07da4a1f8149a40d2a6394bc6fe5735ee20d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f738f93a3ed6c662_0

Filesize
223B

MD5
48ed087e028e0ac6fab247b2815f438f

SHA1
733bb894df0c474328edf4263e616602de4e83d7

SHA256
6e020abf9eaf789ba0b2bb9ac135c2dbaa684c26063e1ac808784c27a9f25890

SHA512
a0515d780469e010ad6d73806c6194182079b37090ac4a414f2c85ad7a11e10f2744b8863d9a8c3164f7c30e4a888703de01f2c72cdcef2b4128f2d4b7eb2a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
d9f93b3e0701764e8253a33cea0cd533

SHA1
68beb368863ddd52be79c6084d9b67687d2be7fa

SHA256
2c2a406a8c31103e05a065a84a884438621924704ce23b66a3a5198180694a8f

SHA512
0ac13bb3b7ad55142feffbeb55f3819ebbb03f9aca692c063bba396bab2e34958d82030fa24f7b7de1ca2bc29beacf14320fd3115f0dc99aa7a752448dbbaec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
719e2d63d130d17f94a1f9ef7fc64b3f

SHA1
7e4db37de2a7cfbe1b991112ebb72b8637272004

SHA256
ca6684f95fcc6e4b33fce94ef34848b4e565c4a170037ff9a480cb1773ef4f64

SHA512
2bed7e2c18a688d64f2fa31d03fc0ded91fd9da7dcad6cb287da86258ebd666594fdc729e2a21feec1aff0c39e7631e98fa0873ac7828e89b06fbb3941119c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0f222148ebd076d9cc7a886941b6ee5d

SHA1
bd2cd7521b37dfb7a7f4d4e2f23f5c86ed0e0f6e

SHA256
85330c9d5cc767e9d4532429955fc080aaa3acb95ff3cc4649e3f0d671714249

SHA512
6a81552abb9bca678ba236962dfe655a8a4e107d024176bdc591e9d6b14ae0b4b9a95b0c64edf7386c9f63ee6b938c8e1bdf4b832e69a8edb98e18dc6db0372c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
538a5381eb0bf9f1e73cca95e2e845c4

SHA1
66d7919aef7a2243f90b5d23a806462169f9217c

SHA256
a33c7dcf832654e02419ae618454a05a28f98448c3deac71bfc3e280833017d9

SHA512
e0072dac0ef95df7070515a7a55474e50521726c7fc4fe32d8fa6dd6ffb38dc1b3055aedb9538deb23610c5003a4f155b3b9f915554ec317fcc4ffc907c7277c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
f181e543f54d70dda9e72c226c8e0f6b

SHA1
57457e8e0f04aec639a24170c08bed001f5663c3

SHA256
e17e9215a3a8a8cd7decaf308871734f428d50790dea73e02bf3eb3a0cfd6906

SHA512
1de933f943ff5a38551477c835b24e4399fd7df8055592f40de869026be189e9d5de1eb193607e682641bd583ba2bf26f2fecf7907f9cf557b2a9e2c7ce508ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
7643798aa53c9d202843d702889bb0ee

SHA1
ed6a0e63fef91bab8991b99ae652c263b2d1e11e

SHA256
a11fc33b312de80930b547c35bf001f7f119d25ef3953bf8fe2308941cd4a288

SHA512
bb457409a18c1717ab8a4b0feccc527af028f7f7a77f04ac89551614bbb226f6b90c891c05dab6c81778dd8001d2618ffa1c87ce29479a409918420e0db47d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
b4e859d73659a9a07df12ac3622983a7

SHA1
e9798a8d29b7d4e5656488cd1ea4c0d2da6b2afe

SHA256
0f78951ef633f65d861671ef1babb93494eaf894e540123ff11ada2361f11c84

SHA512
264850a3cc0453959b006e829817f9682ff4cddcef6b45b285298fbf4857c33991f8e04fe976f72cda538355b8a8871e4dc5a4c22710ca7848c4a305925cf7ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
d9c75baa6dc37779a16ffe61edf7fbb4

SHA1
fbc290657cc30e705326f29b0562463cc2df09bf

SHA256
9be47f3c02b2211c5fcb7e40a4f7913de0fac74ce4d0cf05eaa4f31a8a5cfa20

SHA512
5a8c16aedd665c3e162423362994e6be284b0a763475075c4896102915711c8fec9421e1fbca972ab2b1ae424dc78c0e5ecd0dc4d2f927a8bc87b2611847a653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a825e026cb630149def1dbdc1c582445

SHA1
c916a84e8d15191ff1932c801ce48c42a6b37cd2

SHA256
a48c3111b46229865f4af3d3b37efafeafe73563475066c82794d6a26de61383

SHA512
d22a82ca687c1f28f3e162ad37fd256965b1ecb6ab52b814dcabd78413152cc279101ed45124f8e69dfd3f383ce93fc9c57d8c15413ef3a580177efaeff6560a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
ad338f7ebfdd91257f8876051fa43d2c

SHA1
fb7e2e33705cdf78343dd0f175a8c77609b1ef72

SHA256
d6d1a6913b16535e112a338dfc3f1379413399092335a93fbf85ffb7a9178f44

SHA512
1b1ec8af388a31b24d1e7e4a588fba5f765d2a405ca11edd5c1bd1880f2df7fb940998d0c7ad1134a71cba63805deb64400139dd279240f6309824d5a02a2aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
3c0b6948d3c1552bb65ad29f803acc3e

SHA1
ed8730a7427ebce5bae36d43b55375c23e976157

SHA256
b007850c639833d0cfb9e536566da73308a3a4a516d5935bc31d77acad433ad2

SHA512
4a78528efaba4b83edc651e6f9586c74d9662124b5b7d18b01b97976ae3c3310cab61e7c58512adec026680ea9434b3f794b4b6215ddcc27be19c152d92a9fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
087fd75e32d1a5395f8ed3b3b2800a6f

SHA1
6350f63b6dca53b66c166b2751aa52d1fbe1f2fa

SHA256
17c57abc4cd29754631a1abb1e40cb5ba7fb5f12188835166bafba1b39692141

SHA512
681cb075876dd1e9446d5b9ef9b424e8afd54f9e90c528b9cf9efb0d9659df24c906f6292bfeefec0e57664b284ba449f1fad45fbd75f5b518a285dad21ae361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
28a5ada6d4ee67aa75f12ee3ba6d194a

SHA1
92d4e319c87895afe7f767e0cd12604bb1b07535

SHA256
401a4099ec8a82ec11b2817b42a61625c1e97a2b5f0454b3af881bb579c757b1

SHA512
0f759de750528331bf3add2b6d3e46fbc56e1617824ad4b84630f59f7273307de5a4f92ad00ce47b5a00d4c95241410e4ef45f7e041110dbae1bdcb9c6d347cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
9d9aa87443da2f4c9b095d691437f56f

SHA1
45328eb029762fef0aa1549678d6063f79ce6128

SHA256
4030edada0947e4af3f3bb0073d4148f1d1f9b97866837db44c333586adee401

SHA512
948b199f3e5d8e96394c48957b161ed56b3f301aec63f600335e435705a7db98d1c785e30c3b8af260d4f3dc6d6659e3bd0e3850961632ce67f02c546f91d3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
b36b9ac06e175655930e44722b498eaa

SHA1
19fa093a239f16ceaacd649364889abb6fd44619

SHA256
f191ebaf48764f5ce97ae4a84e4cb9c6b985d90260692e625a0d9e1bb52e2ab1

SHA512
8fa7e6f9a4708d7ad51418a42f3d9d073f4dbe7731fc4ce0f5cf5d9e0f303002f18e36edc0fd55e0c942ddb84f4699720c45b21731acff4c69884a506596d909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
50499ae6b7c2aab2ba7919352f711d71

SHA1
bf13c8126104cd1a77d49dcb045267a7f266840e

SHA256
25117eecdcc7b75dcdabce788dc6cd8b5eb593f2aaa29568d3e1cdd2f9bedad5

SHA512
84856315ac6e71d552ba683e94dc6e8fd26a2a30ce4dbd8c476a6d6905fdc284b4686fdbc23ccd9edcf3b3c6340ab42f3dda63d1a91784c6617a1560e2e80fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
60f53bc98c7dae3176a636317aff3164

SHA1
4dfc24085335eddc8e0e39428bb1d14b395fa75d

SHA256
2fc26ba484bc4d88743e9b14d8152f5fd2fe636eaffa8b8b6d13eee4e8ed5567

SHA512
e2f45f3fb9071209ccbbd5916c805daa9551af4b9e84a773f95a33d54a8216dfb5c63571f4509aabfced8c9ab62d19b8c7bacee08bdcbb120f7a4b8c367ebef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
7f9b77b1d10956910e2fece2cff0c791

SHA1
61a1d9c96b17e611ebbcea3ca5ff86fe509b8b64

SHA256
2af3f7878710fb0f2ca56d31f5ad6bedbd624f0dbcba32a0b8e8198f86f1a4d2

SHA512
8d3291e05f75f762ae94027c94fc775ab86e1f6376989b8aac65125a83264bacf947c3488e074ddb52adb954fe06d734586d466e337be62afca130950ba250d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
77fa642559f4da2c7ecad151515c8dd2

SHA1
ba3a00362fc69671460efa05355728b7bdb2d873

SHA256
8da3aa8ccc8ed3eb3d20400a35254202eca3712cc956c99af668a32e94a7d162

SHA512
652641878829f4b124c45a58b651fb6faf780dc91a737408c81c51f338d972953dc1d26c1c2ab3a21094f4880be3fb1d61d2c4fa57ab5f2cba947090ee1f9f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6623bffa96eded1dc748a1169540493f

SHA1
2a71a248b1276f85a20b8ec802ac90015b7b70b5

SHA256
b9534426f881e11b87e82a961b22422046951b3dd1db86fab7ec152987fe12e9

SHA512
7172b631e6a4ca964b5d145370425fe91153cbe87c7c05ddde03861f25fdc766575fdf99002b5b5ffe9dae9576d44e157650e5f450cb6b8711ea82a6fe6a41c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
5365b276ebd753c1c846329d7e8649e5

SHA1
4f565fe4e86a6b6994851dea1a178c2db3a32ee8

SHA256
947faabd4216479e690731f8f6b8b13b24af1272dab389a16f2050c923b66ff1

SHA512
8d713bb8bf49420556196a80a4af8b64e79c6864e55e9c51d8866256c0c447c8d64d54d7327dcae94f975a0251480adae39f51057120e701d9e8e3712c459eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6ad8be3d64c91f49d9a16c8ccca0d360

SHA1
e9b38909f8b1ab4311b175242efab30b6b19818b

SHA256
8418ec0443ef2bc276889b2bb9306d438fb10560cc3721f5e93e21d90bb921d4

SHA512
405bfe32dfa64b0b4c57fa64f3d1f7e6592b0fc105e902b99006663110a93e0741246fede0baf2f36e4feb8fb8e0c8b74c1cf8430770bf08206912c54acbf73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
47fe8b391d219685b314d3c6834516e4

SHA1
2b8824f96a3e0084e3a12002a10c3c877e0d03f9

SHA256
1e3fff342107b196999889532092d37c818d6e7c1de321d1d024d6327bab7fed

SHA512
8dc3ce0112e5c8d243b32977df2227f7a50925f4215c377447a9db08934b7ef9168f9f205c596546b73a22459a573e8cf2fc499c287457aa8d9ae8c2f8bb254c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
d6aa8375ab8846f760f99cbb634f6b64

SHA1
409f7a58bfb8e3a7392918cc8190667404cc5845

SHA256
0e4883fd9ea248a0e4b2df45970cffac1fbd22ab3e6e82652fa9d9a32cffdc36

SHA512
3b552c9200784846abaac875c19706673f0cf64dfa96cd1a64d10fab44906ac1e5f4f1192812ab62bb0eb7910daa859dcad38f0cd140a85ea2a53084eb6e8413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
20c6d50f0d7ce7e24d901757c0a0c70e

SHA1
2497c7661ed7f6dfcf430796d5d55bf3fe2f533a

SHA256
fcf25bfa134ffa50af3c99f52bc0753fd7f4bea6cb796821477f5302d9035195

SHA512
793ec159fbcdcfb752aa3c315b0a46b836e567a9a33560a3434996b55255a46a27685e0279b1193f4b37ba5a1f8ba6f5c282956f2b03f6d4d64277c047718ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7cb28072a4875907af6a69f6af8df6e1

SHA1
5b590d3b35e83124d16cee2b6ced23729b379b5d

SHA256
9f8e285426132b664255746cb036abf037177fb58e27687d3bad7036e9c45c78

SHA512
30b17ec3545379a0156cebc4f7a1fb2c22d8a38c3f4c1317b2fa89138d5541a34942a1d7c300be0338b97b8a6e6ad9809ab3e655ac1f825e352ca87eaa62ea3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c0cdd50fc2095c65e05fcd86d273df18

SHA1
76311f1eeab6517719070344eb2a50973c815c83

SHA256
09e3ca61821252e3e9adb5ab12afc54baaa23df7ffbc9a12ce1587a8ec6b7bf8

SHA512
c22e5362b066e98efe0be796a955605b838686ba354efedb3f109b4438a8fa4c285f80f30dc11889bfff19986f2dd51ea320a959c2b5338294daf0db109588aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
99c1cdf6e3800e480b37ecced47c7699

SHA1
7f1e62b84b57cf17a2b5b2327a3211e2d9092837

SHA256
b2c3c4eec609ac9e9b9449acda15137e24f94d6aa8c2877a292ca16632c07026

SHA512
521be69159e3843eb923a925136ea5cdc875540c7b422ce2ea25c63483b085744c9afa35d1ca0de4f99cef78a7e0d050efa812ab7ca4729361b55cd9214869f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
06ded657cfca473baeb7033daf2b0b90

SHA1
31c30655095f247c4c99ce290a716bc23669424a

SHA256
63e2b14564566d489679cad30f5b500fab63b0ecd6d7439cf18f5652c614eb5e

SHA512
cd1dd343b9dc1e1351719dc166b0a9c8b09a050e46b8d0343bd70f52add5b079412a9c3c3731a4a9093e97aa816929931fff4cbcdf82087813b0d2fd8be5b56a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
da0a569d84b065558ba53a61342a68f1

SHA1
0945087ffd1b632b0e31b671acbd8e4dbf1287e8

SHA256
7d51844c483a38812fc8fe7da5f3b68c128eafde2b2e0394c8a0ee07372f2607

SHA512
3792401010bc2dd1ee541011524fd99c13a4d1b82ed0bee43df7a130d8b315c4261f683ca6e6be95eeb011bef718d06844a1b9cb53fbedbf0fc5b33531b131f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
376e38c766000527482f428522fa3b5b

SHA1
6c053dd773fb23bddcc0def2e816e753679d7fd1

SHA256
280641e9b33e2dcd9b847b514e8125dc18adc19c0fd15fedfaa287728a5da024

SHA512
a9abeac7bc1fa7b86ce5757af9ee42e7f4cb24b46fa0f59b75b1af7bb1e9f213c5f07185c6978cdd079130bd43ea550a587a9875ae07e743adb9831dce5ca035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
19c6b2cd0812138686113473afdf01d0

SHA1
caae650c120144dcb8f669e597726e959a0d7165

SHA256
26590b0621ace04a35338f79e666bea27917a022e2d067b8c811ef4d9419d07b

SHA512
a314d362593ee3d0033f9273e747b9d18c9861898aa85cd050e741b39efa0cc268912748cd320ec3d0ef199aaaf56c9cd7e14182acbb0fea3142331099930bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
00dc4803bc95598764770865cd79d061

SHA1
2278d647f054eaf25a2879ab84889e7dabec58c9

SHA256
06649f56b421ef75aae7b8710d507000138d3f89edbd382cff58bacfcfc31604

SHA512
eea207d2cadba0ef4320fc9cb6011999469014e7eea08a5d185e8ad4c70ed67bf705098fec35947a72e01c2dda59b325eaec4fb5c3ce153e71354a0e14011d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
47c0edb8a6234ba118404068251abeac

SHA1
d69a4e64dd4ba5faeed68656e5094079794ad413

SHA256
48d17805751acea3cb9ecc62781c01c888232e68297913cccb49080620f2ea63

SHA512
41942ecbe6e86b0b3e42fc92e8ffb999932ecf1ed43a8849232d97b8b93466ca48ce9bcb3c8b27768ee9e457fac2ec0df8636ed5378513c7fa5ae14e7ab92616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2159c02b697d6dff167bd3874bcac37b

SHA1
e0bbf90f8195ad1f10ee5be8b01b9f63a864fc19

SHA256
6d51722c8437810ac01d2e824ab523dec5529a3a232cab67f233b36eb485ab6f

SHA512
0c7b4f2889b50807fa1aa5c6e51043985710b79e3a5cbf924ae1f3596cfb353513578e64404990bb38f4a737ffb3b4e6219e40c98fd0ce40207ff4ccd6ac438b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a5ed9000ffdce43d17af35551601b017

SHA1
9277ffc1e2a575dd6f0d9496416c70d2872983e7

SHA256
d09aa2926e606ab296c0fcb8378ebc41838c69ebb91cb9697d5f999db5d71890

SHA512
b01256a7939decf6b4a0cb0ff5f7e629dee9339cdab768472c8f0478b40fd2a453553767ea404b4948c93aadc1e1fbdf0d29e4ad544a6f1ea1b63094c0e8a9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
82af17adbadc25c76ceb7be776e230de

SHA1
5451ad651d5258fa713e6d9d8bcaa9eef137984b

SHA256
ef361025b1c8cce5133c7d2a42165c41623e1fac3166e075359165aa2138756c

SHA512
c0c6e94529ce42b07c4fdc0aeb5db25d4df3a201397d9d10e9c0e81c27b7f12a0a412ed5e054ee6278359181fc788d8b5ce0576e4b6e05dffe407c11f047f7c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
34eff1b82317a11a5554204f139200f9

SHA1
2847f43edece44fdf2791bdd0052e8c607aa0cbf

SHA256
ef14252571dce49a6608b825690a96832141c05234f56d937710a7a21a0f7f93

SHA512
6cb21608ad6df79c0a96f4343622abd58af71e2a25d5d1c5cc839bcad5a64ca663a4a6fb0c0daab160262e585b1191e85ed002ecc5431181f853bdc975430bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
46ca9efe356e1649c4d90e4057380ed0

SHA1
684b553a2bc414e382678767e2fd3481cabde019

SHA256
53ca070d6f730377d7f2eaa80f27b17e27eeb7d2d48aa25f940962de122ef289

SHA512
bdba92249e255e4c2a62becf8a0eabd9efc3bf5ca7fa0b516ac01d59bca330fd0192b698017b64d203b9b31008ddb775652ff903f980ffbbf758592c75472a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3d052b2d44a5f14bb91cb3a05f9d6f2f

SHA1
ce239888a394fe8dd4d21833c748d6dd13fbef6c

SHA256
002901e1705e357352c071db546cb33a484aeac252f85d7be38d4d0c511bd2dd

SHA512
bc0f35f0f1ad4f6d6b5e083ca790ba08cf4e61e88f7b12ec035b8417438719a1a9a47cdb82489154fe582ddc5a16c5d87213741a0f671fdcc5cf77cfbbb18b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef33899cb1219dc36688f32d8cfcb86e

SHA1
ad6e260f0ea57f1dc46f6aaead2b49891f741e6f

SHA256
62497b71c6f9795671ee13af632c7105373a32c64f02dea64ddb61e9e510a214

SHA512
0d123b3a8efdbea7430ffff647dfceba191faf10f156a8adcc05e1ebaa4d81c7a887215617d74003bd75176dca1c7d45d5e105c840f7cb732b76de4cc00580b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
8b88f81599118afd090aecfd33f7e132

SHA1
8de6b5865084998e14f463df13df1317f3b87dc5

SHA256
8911c25ff5b81a88dd8acdd1e4655bef0d88480e17630b56065f5c822a8284da

SHA512
0770ccaa31e05e68ad9023442fbdd27823bf82eff8ba452b66f0cf8e3de7faa11f4b04525ddc413942023600c16d95ad913ed3e3dc1c260068280da647771d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
a22bb9c0b6f1df152cb62783b1265b72

SHA1
7a15f2717ac295bbffe460604ee57c0b2132daad

SHA256
9f8d7b7049993456dab349a6f05b926a24179dd3dff970ab42826f1cba0e4118

SHA512
97aa6894d359519a4836fa905a3724653bb7d0bb21aea5d042e93efedc3e84c04c8b2b6de614912fb554f7f558451ef0f4ff36aac46583d6c97eeb6cad91710b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
3d105ef0fec3a6b8b9583e8856375ca5

SHA1
dff5ea9e2a1f87c7855c45316d1105b1ff09f9b3

SHA256
010d717c886e8a65db2a26ff4f2b98ea727026b5eeb8dfa53aded82fdb53170e

SHA512
30ce4d44c0e9c062481af5db5f0e51784b30956e68ff7a57a823ad85781fc19b66d230e5e6af7dcfb9680a79c612451ed59a6935ad042b8c954eee65303fe96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58bcf2.TMP

Filesize
120B

MD5
9d67add60231d1418b5d94fba4d9fec1

SHA1
b333a537c17b25ce513d4d8d86dcb552c59651dd

SHA256
be365957cf66cc470239e6843bb0cc0b46f8f8fabed745246fff65808f7f85f3

SHA512
56d222b2c46148004579812dad9a3a02265bc3103d263bfba6139956e56eb74b287a4ea14217797287f35dc60148a5fed24c2e0084cd3323c79c890e27436756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a96659a1-24e4-4a25-9b15-8865e3bd251b.tmp

Filesize
8KB

MD5
64301ce44c15e452af10fe8d1a800fbc

SHA1
1f37458978ac88e0a6ba5053604497a60106db3d

SHA256
1f455e307736dbd5d19367b523923d9f52b0aa5b9ad7884b01e9aaa3426f8ff6

SHA512
7e6434d4aa57c9da6a6f94eb0de2dacd443b53f7fb908461f5cd7cf6c26752f5277c1fb592852cad1368b8d171b5158af729c5cf2dbe7f37d4b8579702f2c683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
5699f156bbf2615da75b8e73198f3bc2

SHA1
9dbfb1736de469e7e28dddbb097f17641b0c161a

SHA256
24bbdd4d3587f0200fee7a3d92ab7db05806c07d29ededb1e47256dbc0e47c72

SHA512
175983a1c733296e8966ae60eae849cb2beef3bebb35ecbe7fd8b71c7fcb5be6d01e21f74cb3480f811377726b35e5b26cb77cd53848bb536778f3444d75f8b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
45c086d3084e4f1ba17e26f4a4a9ed2e

SHA1
bfdadd997ee6104f6b1ce013e9cb030f6271de22

SHA256
9eb9a7a57d7678dd9af2aaacfe2b90a966790fb370c5c2a9f62f0914d6f8d12b

SHA512
ff21f658a5745fb9a5220e0652253945fe63df6bae177abd094b08b6ea0ecdac71b1fdfc3d74965c1d3f8bdc3d27a5bd9bfb07b2503af018be5d6c324be2eba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
26ceb439d73560fc0e71624cc9c6a891

SHA1
2bce6b088bf862801651f8d00fe58e816fa73379

SHA256
bd75ce0a7dd2a6e5aca5eaf40e196b1d4f7d96b031867ee6b7a0acb4888b9061

SHA512
7f514ebc39307fd3c5200928becb190e6b25cf9dc1a608ba5eb311d5a12fa5cf2d33952b61ce24ebf3e344aa31f499764f31dfe08a34c06e610027b6d8fad5b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
bdba61b31bf2862aad024ae0cb4aebad

SHA1
0c1103c6864c4405c2d117c39a79f59c30e5ca26

SHA256
9bc0b55262f6666e2c01fbdc73e7bf8c71ee1d2d53dfc06670f7823c16ee24b5

SHA512
935bbb53738a0921492a6454a7c219db3c7cb867935fa594c89864eab46995a51b4448d516207f6074bf736937256240877d9c85c9862f374cae062d3c389d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
aabb1a3eca76ef27f3b15d04b8df62d5

SHA1
958aedc8a156d87e8fd9a1fd9b2f8e128e053e68

SHA256
4f9523fa568364221768f56682c52457705727e6f4ec61732c18ea9c7d47bff2

SHA512
f8242f8feeb3f6e5e682bcbcaedb355967f6c1fbd401e1c7c5fbe4d402c6c8a3576ae85155587afe8b67cb0bd1eb6e514ed129525c872e3d28bf7404b4c62d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
177c8e39a2e9c66e5bad3ede2717703e

SHA1
4e34ae28b06452b34a2567b31fbe381a75bb65a2

SHA256
e2ae8ce238cd5c68f07a0d92d05e9083019708a69b1312301b1ac8d6a85d8ad8

SHA512
70b1c3e224b341a508d63b02cc6ce69473a43f502c4e6a19833d5a5613e4bcf5948442e9bd32ea1f24ca53497abd730933d4e0172b2f770c5f853b5e8579fcc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
d2c05ce629ec2ac809938d92209cbaf9

SHA1
bc0a5f23f4ec55fded352e30ac34ae0a9d63fb03

SHA256
dc6a5eb57b8024b900f0fe6583effff01b5a88a36f546251c4f505ba92939e20

SHA512
73b95e509e3dae1af6fc2c8097b3cd891bb57ed412c2bd377749bbdbb0fa852b73f3c9791a5896b31861bb70adb975989bbfbb94b0eee21f7bc0093ac8c6c990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
ff5c22a9529141d403ebb6d90e46cbc9

SHA1
7ad2a5467aca6890591c63adfd2367fdee3179e1

SHA256
1e57c8cb79ac0709354f93453e478f42d38aab539c48ef0af6450eda388f97e7

SHA512
4c8283facd04a610bfb8214c0c3bf2838b91ba9ae9996b0b2f3befddfd82179d777848a9624d3dad91801b99b6a309903c4163703e629a9c20b215ee313312fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
041ef26b21ec221b4a85e769a178e685

SHA1
c49a9c87b1dbc8279b09c1ab9358358089c69beb

SHA256
bfb99e21e7df9730916650f4328fc4485683426aae2ab4afca1b77e66ff0ad60

SHA512
2570dc9b7eb107078433742c31500611b6180d2513abaa453b5ac722cd95fb460c546134819e0d3b3bed601f292e9566b35aae9316632b026de847d5889ac84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
5eb5892a4450de597089dc467c0fa19d

SHA1
494abd06fe2b7e179ef995944a6ab52157be1ba3

SHA256
85f99d1fa386e7353c5eb442be9f80b6291e0e08d4952ff7be4e1b4301062b55

SHA512
6784f40bacb9948ee3bbfb58d97f3a86c20af931092b72ee157d35fa6c3e4656a053e88d8ad61359195a15b340ce076e5327cd86f8ccbca741fe6eebe5b34844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
f11c8c4c00a0fb9d308ea6f696b61dde

SHA1
48f0bcbba95439b5b62c449806e6a9d194e0fb38

SHA256
ba84857af10b717444336fa4591de36aa37af4e1e732fd00e803a74028314814

SHA512
a3bc1930b6f08fee683d2c7d54b1702c4c5797234aa7a09f52d04454fc97f1e7e2ecb37595367b909acdbd31427a10cd7616b4541005c6a22d718eb88617f599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
cc73f2f5019347029e69b7d9a1d6630e

SHA1
f4bce9cbeac1548223e22179b82a1b9704af3cf3

SHA256
191918495789422259a731da94a189dda3112e593ae83a15324960734df08c43

SHA512
09abfc6d3dc0380e00c0f0055e2464fa128e44bcaae5d964aee4ad3de4f0ed135e4401d88ad1f17d5b882d45bda8ac8ecb6f951d3976e2f1855c61e79927a42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
c143546f1db82a8b664af88b8978e3ed

SHA1
0ca49797256d7268cb0be5db2b68f7e26284fe19

SHA256
8d7b72354eceb2d9ae1f1802503779005bc92324cb483809d13b225eb9d575f0

SHA512
5cf9dfcc6ba81660940c425937387e36197c721e3e9f83a7ca0b3530e9da53cd149828d259a3659913f4462e42a05e6514452946e5e1aa6063ae5acca32dec7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
64058f785381f855db69e2aa0a5c1463

SHA1
d2a4e2be65da627d72d226990be233d5a9f0cc0f

SHA256
62557a7e9835c5c55cddd7867e32b5c537f5853f39e05464721c74f3efc2f7fa

SHA512
c7a4221a0d197649bef5ee0e212a21d088017f48e8cfa9365c8834e5aa767fe93902ffb29f5a8630b40f710b7319c2661b096221314bd8ea56c2a0ecccf8f77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
f454f413b49f6476d582af4efd59e171

SHA1
cffcc4d51848aebed6aa3d280882018d18589baf

SHA256
000f8c194b44183b24153dc716ddad973e15c2474804f05e08a33a6a9c2b6b48

SHA512
3f2eb98c42e7e8597460a9ad30d266afce70765048b937d7563974c988cff8138a315a940eeb5701361fed20834197f6676c8093c987c6bf7baaec14271786a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
aa86b9e975bbb1d4616c408eed2a11bd

SHA1
6f6e0eeed674120fb81c9c4fe0de257a639cf931

SHA256
005f8713740f689fea155f033159717abbcb77e0941a80e6576f25f46f79806d

SHA512
e90c1fd13bd5158bb38ad9f32f7fcaeb60b97ba9521667a197e176c62e3fccd1cdc63b7a97e9c8a655dd2b14a97d9187b487af5f88e6187a2aba3cb7b0b04587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
8de72120bc4d1613804facc77f6380c9

SHA1
c840424fb48051040d43f84962dfc9d27422b5b0

SHA256
52c6e8ad99e5999984e7d647e5b42987ca3360ccf936546c283f12a3c04392d8

SHA512
0f02bf23183aa70bd87fb4dae37c11b45dee3e498014699bfb1b4421be61332b3b2040d9d449fbc98690c69feacc9a97eed20eb0dba630dda1c6801e948f2412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582035.TMP

Filesize
82KB

MD5
85eef230d274764a9d61b7070d9b91ab

SHA1
64a792c3ab1b05198dbac326e3a358e92c99006a

SHA256
12d95fbd9ae12375c1d59621380bd329d3ddfadcffaf50dea554b404e6271d9d

SHA512
ff70b2e695f939059598806d8f3c35669eb529db0392953e7ac4b34d1988f1e2c54e3b71dd510b76483797e176056e64114163651a3d472e7c4bb140c53c1eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1a1d8c187e44d3c736ec9481099067ce

SHA1
0fe77a2d8515597900984845c0dc75280f810dc2

SHA256
fc2c2f6d67757b77bf581a45864605f10be2b0dbd126ad99832c299e823685d8

SHA512
490d2711df8c06f5c15ee7814d3227050d7f277f1f3cfb7f2f094547ee5678d37a687ac0e39dbbb0198be548ee30ba192bb70bd1e2fbe97820d6a96721707eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6626c8af3363a58b2d940772a2497383

SHA1
85f1ba87b7a4219030c1c409818c9c9ed69db652

SHA256
2ddb77ae8ccc975631467f2ec8108684c53b8882395266ed634d9d0981926b87

SHA512
39576d1b9d927444810a779507a04ddf9981a1e4b28b849f25d9544c669bf978d9a0a1d271514474fac8702e44ed42b2f5f7c61be3d55f9136877738ef8755eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d029a8c00f781dc58d017450e4670ba7

SHA1
3b4f2c13b75ab1c10a8b2a12b27e650278fe7499

SHA256
689ba0bada23d5236a5ea979f68c145ee656cbeb0a22f5d89d3fb99f77e295f2

SHA512
acaace144f7eb3608d9686572a1fdd46742b1b65512538e4a33067da2170c3f85b8e08ffb1bea00fd4e28c7b532e9748363a613c3ed0c44b521e396833a9a235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d09c59c30b503a6c8d768392aa208c7

SHA1
b3c72118608aede7be7706a6a4c8daa538f7d556

SHA256
6e3cb470f86f598f54c1785768fecbde63912691506a9edd5604dd3b41607c20

SHA512
1bf19f11ef847b55a74b9c8a1e63f2b5a360523b12406f859e7d93c041a7abb31a5c2ebf2e7e5f275cf9bd755db3ac9144795d9719aaee1af11fa6f59d3dc8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fce72a71ff16de0eabd5a0ef0d01b8eb

SHA1
943f4270853c71b74fd26fe7ed06a6b09a8fc0de

SHA256
f1754e9f0bb8e85e2602e0447f8c4ff556235c1d72eb1f197499a3b54e004b49

SHA512
10dcd728de598106121c92ef3a0ffabe519a0026ff9b18d2edab749a79aa8b8bf156a0796ecd0f81abfef5a7241d10010a36503fc32cba35a9ba285e94e991ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea7e433bf936131d268c4bda439ea59b

SHA1
3e5dc9e1fe0b2f75fdb7fa09c315da7fca4fda90

SHA256
1ba0a029435a7c15f4c640eddacec49d44a9444043d6f10adae7b5f7fce86b5a

SHA512
b77a060aeb88d4b6f3af3e25661ac185b858e473c2e2c3af5a5a61119545ea29744ff857718d0b2c4a8b62f4940ac0bdfad498e821a5540a3012dacd8ec976b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
64KB

MD5
9ab10d71ba9d5687f36807e669b870d1

SHA1
e156f2cfdda7b5dcca0db32860759e954626e6f1

SHA256
7cdc09376d5fad31e928ac542ed83ed3ddfc5507180e94417b0cf4116b1c15e4

SHA512
c70c189dd7e515c2317a276319668073b8f73151bf7a1e0b6623ce888f590cebc7b7a69fd0b39cf7fb5206166202b6cf9b1baeec9c59ed9b3f926c7d7e13935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
30KB

MD5
7eee43c8d6e07e0996f092cca7e698d1

SHA1
adc4611238451015d3e4e4858f3bed963c757ce0

SHA256
ce6d833dd123efe206c15fffb13de8a782b7e9de203b51beaa9eacba6fc8dd33

SHA512
bdb6d75fda516980193fdbb469ca0ec3dda81fc561a3dc9b7a31cf011dfb84269da4b7570f03c736d7df61a5eb45eeeb397d2c8e1c09754ebb8dd0ca212fe524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
2857adf1a9605ffe485d8fc987dd9fed

SHA1
94e412468c687d6c43dbb9427cca3eabc23944c3

SHA256
bc7f037334953f85a56ab92753e4bc429815445ff54e727e9cb69ed097d5161f

SHA512
012e1b52dfdf8dc00633569ff161662133d37cca4df26cbbc273b0eb6cfe52c1054fc8d5036dca26d754fe21e014f5e978f334f4abb5b36e831182489272fe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
34KB

MD5
f28206a9cc668854b9550613948b7c2b

SHA1
e0542cb2409634351be9a0f33929fd4ff7440342

SHA256
f0df2451f625c3049ead4e389c55aa20a5d83f9823d96d04675fd4ade450ef12

SHA512
fb75b44feda05badea6b41ed1e135b485d358f0f25987c9383fafbc5ed0412b775e7a141ef3a958d9aca0a4cb819f83d7a7e7ece7a955cc815a57d3e7b865634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
27KB

MD5
3387b8b581ba955a620d2ae53848cc0b

SHA1
e3bbe605f596cf7e2fa7833b900354a75be79626

SHA256
361517fcf6f3a6dc50901859dd2dd2402c085617ed47acb008fad774b4e9fa73

SHA512
e9c8b431c46dc4e1d4f004c188463247f0b1394b4b746dc37c81f8690cd67a889638ec483cd04132cb0edcd011d22500c7e4ca960dc0daa3c1ae1aacac5c44c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
26KB

MD5
816fe35a262ded42f91aec9e0c6bfd17

SHA1
e3e1e125853aeea873ff9cc3a97493a8ab1960bd

SHA256
1f4f7a014bbc71ab2fca3cd903086d21d44aed4df7cc03169c288b358f94378e

SHA512
284d1c639ee4ce2feae0254e295b1feb65c099ff19f6935310ad3dba22c010acd315d71f0cf2c34d2473fc6685509e78ab15b5dd5ca86a9712ff9f76f0b069d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
19ee036ca520f5f7d8132e71be22af24

SHA1
f0e8fa3897b30e6e4d9abea83f371b87fa00ad3d

SHA256
66f623f49f58102defa94994d4df6054faabd8b4cb3a7a662d5cc12f87c45949

SHA512
4d5346f93f9b31b4a343d1812a1df6624ef167199cd11b7142e1eafd46b658e298a0f5337a9b4e1eb365dd2962c5b2e1df01859e595d8e5538131594289b4bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
d919bb7abbbfcb020cb3277434f227aa

SHA1
0533c1204087165e69d6ebafd9958edc02f1e944

SHA256
d3c414170eab3e6f9b4bff28ec4df7d23769cc330d16454c46e4735619606ab7

SHA512
a3d76fbc0330f79ac4e216ed00b400e1c85b0028ce2f3607251b10cc11183c61755d283b945c6fcd748e056ad2158a87fe7e03ba0b2da84143c52f9f50e51cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bfb141240c82197f9f9cb83ccb673b90

SHA1
597bb02c741da26c74668862bc134fd6d4eeafce

SHA256
35eb41331c4d24ed61c8da29c52d4e00c12baf9a3241a631afa3f07cd2ecf131

SHA512
e482f9ddcbe66485d39d00f409774a296720d9cfb7ec1e4ad9d359d5181ef0943d66c5f1725d4310d5fc7004361ae8386c898819e8c73064ad20ac39bf932570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
7fcc59201840ce250671225da27d967e

SHA1
058e48d1f014e1a936b734f19934ccb2463baef6

SHA256
c21ad8bf80d36c1a12fca041f5465bab95e0e72915857bc9badea93db1d869b3

SHA512
d7816478b33eff3788b6d33d1a253817faaddaa630b5d25650f36da437bb6b88278c59520aa103c03b6d5e09439455e74f6e7f484e8b7610648fd2ae4a9a1cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
714d0bbc25d8a4ed9876cf8d23cc1ad6

SHA1
50531f7ead0554383a06c35654b3dee209769a93

SHA256
2f815677fd73968a17d414c8e163338dd66cc8ea0e359c6ccbba36bb7bf8266c

SHA512
bf7f8a08c06c98a07413cefc174c86c56fadb826fc89e04e43a4939513f04671c7c32a616fae065bf5e46d0c153b5d2db22737450417d8c2c75d37e21ff0fee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4669a0e201ff3373a4cf77a352e0e33c

SHA1
c614ec65e83b34e93b3f5fa5f2f19059c46593ca

SHA256
ba49a4dcc7ccf5cb54e3f65ef63edd9f6b62a14a5b9d2d010e18f6509282db49

SHA512
4b69a4cef68d42ce83e8e7a6a95c967c6b7a5a0ab763edd1488b04bc94b3f6fd552146c47e7a67422495f3b16ff7d80918cc68c5d60faa7bd19699c5c2d0ea28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5b8d13edd047e739eaedf612e5302ffd

SHA1
6c4f0a7a969cb23674b3e190ed799e22ec66e6b7

SHA256
eb80c1022aa748041bc2c79870c1ab27d36d13ee24a2cfc37be3fbd1f1c0ac9c

SHA512
7f94efbd6c20ccc11c6bb7d16a7b6b835cde3ecd60350b76ca5f4ef7b52204d72a030c2ca066b79b987259334ebc838cdbd6e7fd344bdb2b09d701feb44b2807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fec5b92d45e8df4f59b64a8dc5c0b368

SHA1
758bf1c0088fc708181f71b38ec07b6082f7dd92

SHA256
36a877f0bd3e482078124b48af4bf426911b60a9501668f0f16eaba96440012f

SHA512
8c5d79e9a91de8ecf13c377e1029e80c9129c59648f46bd702dd9b6247a43585804b5c5b8b4c443db1f57a469db3d654450327ca5ffe938ebcf06b1e513e01fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
09d06dbf29f58b31313a7aec35ee03b7

SHA1
65cc94358258747b53b9701e9c8badf7a29bdff9

SHA256
8a74337d09c4ac1eb6f3b08fa8f7b619f37c215bf551948da8b5dc002542e575

SHA512
bc12653464fd1869e4c21438625da80b0e58f535c75d37eb9dac614a36a0920b3522dfa8dfd196a0729116d601959d236369e5468d8e995d8c976f240c0c00d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6f14a5b240099250f2235f2ae9ecfbb6

SHA1
8605d49f74863275c6b3839d16f9c32147d790f7

SHA256
a7cf923d9cebc770e3c0e871dbf7764f52af4c75dfd3728b5d69e747def3dea0

SHA512
6a2ffca01c03b3b82d28fd22457630ba994fe2d9c9b11791a5b5f2c551ecfa2c97e65a9c3daddf80330c057b6aeac1f86b9d6ff1fe6bf97103cd290e86f89444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b0c584bd309602ba0079d8cd7ed16e8c

SHA1
7b3a187f858ee2fbe0e862d5694d2b9899939398

SHA256
c5e0be6f70d6ee21565f78c735e27255dca7a4255ee265423e273d6a4afea1cd

SHA512
3c0e352827cf595c8c0b5a914d8a8d8f8076108f97c6d054920269ec17f8b73199b3c12a1394d8c7c5dfbd54a3e93e3d7c52f8d06d6332dfec68cd9e8e4f0a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ba3bfd3d2c6c8d83e9ce128904718fcc

SHA1
af286048d4b6492363eca5f4a19316296cc47ddd

SHA256
3a29ba6dd238a71668d79d18162c6f9b06c2b546b299eedda49a7a03058112ee

SHA512
3916cc0b826dff1ff1acd754337b8554196bdbc5d135d584aa0ed547801b1cfd4fa55847228969b2e31257ac343b0c9a9f2bb2044e0814725b14efcbcbcb6a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b10ef48d066988d2851c22d93415772c

SHA1
0acc66de51a050242b6a3504d78c00ba1a4466bd

SHA256
bd02fe24adb00018a834bc0f705a317b5587ddc9dadc279c81887cb7d5ea0e5d

SHA512
7c1ed23343d6511f0cc6e8b81c77554e13bf88d4db33bc9ac5763f0a4a5be421d9f8860291860dcee1400a0a19b8e10b632e8987e34fcc670099bb54ecd5728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
59fae285a3acdbbff4353e2c06a09b02

SHA1
e2a96f59ead431b62872745efd5b0c93cebbac76

SHA256
d4764ef8dc07bb7d479d764f0fc77e8c06ae1fdd06dd84babad9ac3b3ff4868f

SHA512
03271ad8e3c2ac6356606932e519adb5e0a835b59a77a62b139574ef2c91a4b71fe5e4001573e3a29bf32b0a52d31bf289da0ba5fb2d021f4c81a95a1ccef9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
585a4cb1b8986b6a1cfd4ec784b3e7b8

SHA1
94f509d1f87a778718f9a60cc4757eac751b6f34

SHA256
fad465167295f56699ac6d3144bae114da4396ab0e762824cdfccb29cec40e4a

SHA512
9b8e6892e1fcdd1a8e50b934a94c727881745bfe891abcdd7c0a9ff7b041f49b1ddde947f89a9163a4c9406facfaeb431e5a47739c31695e93c37589e3c89e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
07401c7bfd71f0929fe85a5de4e246bf

SHA1
8a4607c2b0440adce323329847e708a22624fc89

SHA256
b34c579439a0da330bd06ae6580dcfbda4ec98baea863b60b886fc7f23168547

SHA512
a29017bac7cd43ad4c8f2e1ce62f40321932c6c49c38c66ef61643e18d8c75e32d73abca8fba39fbd20223cb84666e239b9f734a9de21020d30ddd67d7df9b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a7103cac1552fa18b30e3428c060b1e9

SHA1
a3f8bb90b74aee1edaedad13a1a621d89a544452

SHA256
b6524c068ac64792f6b5542449c4014710fef7c75e9ecca9df55b752958dd261

SHA512
f566cd048d7379666e1c916925fd2d227e6ea427ce44da6fe272c2ede762c4b940755e090d41d0412c6f9ebe50cb17609dacf9cf542d4e649090f2e65f029fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5046fe994b9427efadab82d3cee7f535

SHA1
cac1618d7672e3100769291b14213ac74198467f

SHA256
8fb400f998e9f5d301e28d5330b8ae97031f8cf4585eaf2741e602acba50ce9c

SHA512
12b7dc9dbd1c5e743466276f213d1791d26409bba0a1f8e01c8f1a59cee5c28557c14747d0498d96259f63f17b818c625f7234286efc76a091c01f0cadbe4d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5c05486ac7bebb78e88cb96365246e1e

SHA1
d4cf7a5f4c01ef78348aa1bf99161f2a400387ef

SHA256
495624d9bb76d70fe788cb6d8a71ecda2c9a85d11da1efc842baa6cdbcc2f043

SHA512
690991ef3d87f8514c905fc2c442e65bac52738298046ee8121e925732170ab2230e61544a400eed52f5233598919e13a909c0579cb0c0e21cb932ffb1a5be68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ed6a230f56e26f4a2f58f2094ca14b9

SHA1
383c316369655dd056562daae201e42713a73856

SHA256
897f9ba07d2c5f7934b053034a3a5ede7e34c930e0634c4b03f3a08ed050b70d

SHA512
ab09950c8ed0fd927fa60acd7a27d990e054bb1c73bc22d05c2ab4cdd8891526b2f6cbd5f2694695359c1ee8f59b85af78a8ee02bf121d50af58fece5f81ee00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
77121cfc5a40658d06b895ec01335b17

SHA1
ed16152f424cc4b5aa4a5870147220bd6e2e0ca1

SHA256
a5c6433a484b125ee0c66a2268c9a65b64babe9550ebe305e57520fdce1f9c75

SHA512
c3fd2f239a9fdd18fd5b8ec111ddc5572a234a032f83c3d72fb352dc921d8012acf10dd50986bd6531cd8f6bf203e4471b053b763807727b8261df05bc849f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c934f7f1f419492f5615908f1ea540ba

SHA1
23c743f50a6298ec16f9a0d9477f9b0d32fdf221

SHA256
b532ee9fbc7cde3d2acd182a86ae9d284a73c3fca98de56aaaab7ee044681d1e

SHA512
11f18b0fff4aae40ec43d7998fe6f328d613adf14629888845ee5f724570c6a7ae56039dd120ddb89fa0a7315b8fcd36568e8c2090af71527f5a70f384bbcd3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
709310ebf7fdaf908c24fedf9523d4ec

SHA1
588f4b2ad55278557b4596eadb3fc879657e553d

SHA256
5a7dcfa44fab0ce5a83d393ed3f70669f4a89b797634180ea58eb7a9acb280c5

SHA512
1d9f91519faa1c5d0ed2fb8ba79a0ca834385ec73bf25a948bd53e105470d01ad77e84053967835724fdb06b9c607ed3ee9cd38b52e10894c8556da6a171574b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c888bd084f4cbfde60a722d89cb9ec0d

SHA1
1b03c191815feea87270fbbfddbdb149bfa10174

SHA256
3d5c6321c6265c2ca58bf7cafe1eb13e1d03aa791f7fb7bfeee333068718f567

SHA512
a983c894a9806f2e43acae8b59339afc9d79d60929e2c8517d242b6c4ee9e00468914eb5ce91732579af7d3906dfa42be63c90c0908174742171bdee9c10a7a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b9e3e4c3ffa55020478dd0c8b9525df7

SHA1
43630e98bec2693479c9722c4ff8ce6a1c911e15

SHA256
e0edbf62eed48f346c668a6b09b05170b08b8cd6c675d0809150035e9871a77b

SHA512
a044846a4ed2ff4542b4ad5b2bde7eb0b54e1fc0fe7257b2d8075a4c6ac264eb17224729e14147295c92c7b2527279f02be994da0d05a9b19be2c397de8f66d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a1c4d3cced42189f6ec97511ea9e6152

SHA1
c823a36a522ae9a505159769ada006e9f8ffdfb7

SHA256
cba957ccd180b7156d6840abacf90852cc0ac25b043678c643457f89376d8ee2

SHA512
4e0b31d8f90cd5d652910265e7856110d78dd606dbcbf0bc69d322d53e929a5b9be72efec0013e4d4cfe41927e3538f9bbf0d1c81881d0de02422f04af51185f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c152586aaf8e9dab522d23fa224e33a3

SHA1
9e4817151d5119c5b176cdd2308233e414608e75

SHA256
550b5620bee2224fceef91d19a13ec45d7edfacb5fc1b7992f8406107ce5aef2

SHA512
09a19c4a4438960d873b9bad42c9bfa35ef4fdc6a720be7d0ebf9c0a513e986458a0f2ef40639e76f8937302165612182bfe294be6b42f53126fc3e605b2c087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6b2cfe50128650fd16ec351000e1c58c

SHA1
6db5c96d6f1d94ca222b3637ce6c3d45a9b60042

SHA256
fdf18a5817b8c2a3cd080963dc53fa340456689eafaa3782756f3a52ea0f694d

SHA512
48d189f7f9c0b8f10dc17bac9641a68e51903f4da5667b002c538d288cd6a87be1c6c21d688c58a1c4c96093e20a214b7ca7857664202ccc62b9c68c0267727b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e0b9e9198b0b97d4677fc37938ac3fad

SHA1
cf2d4007356b4b2fcbf6152394d5d5e26c2250ca

SHA256
4866419478bcbe85700af8cf60c39c8e941191d359e49f143bf09ec2d69e4815

SHA512
aa451079fbd7f358b08f649ca9ff579854b1c76a2894b8dbce989e013b303729fe166eed9317a7c3f657e885144a9b58882724edc7356c0f466c70f95e3e49b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358521546355219

Filesize
84KB

MD5
a8b952c1ba0a50cb57d3342efb99d156

SHA1
186332c2c088c203839e27921e950022d200a7ec

SHA256
27ca31e101d75168f12ef67f0ffdffdad03a50606fcd3bffb3ec633d2d5fdddf

SHA512
f82d112e2e19cc803d3a2ba797e498e78686a66376ffc9f27293a9e95931798ec06560c6dd762d17d0ed9cde5dc9fdfd4027042ccb5ac0a41fde1fbae8e1f925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7205ea285ee51f14adc71be85705a1b5

SHA1
3525934190f1ecbf8216088a960cf3506d870600

SHA256
ca50ce268c086febc949da9f7614c0062afb1bf7f4762ef310fe8f486732a50e

SHA512
f2396e5e87d8e01830881dcef348fb7ea296fa2a13f8024771d8f9fbe52a7e120a32695cfc4e9efab2c5bf8b97869d8eafe08039a4b8048dc9e2eb42b95c47a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
699d74a22df02949104061891d3f0b06

SHA1
9bd74a59f6c48726d6365e34ab2d6c7fd9833a19

SHA256
d0df86ba12f8a13a20d617fd82d81d1e21bc6b8ad1f5a36d776c8e33886c2894

SHA512
dc642c30f1048b32043b68cff96295d6ad8409bb6d8d0f468c6fc24c1cb0616620e42d086e027c94d12d4d54e7d19f6fdddcf6e6b199d6dd98884dc9067994ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c246b7ae83f040b5dbf0d794d69a6ba8

SHA1
ff133db99bf7e745fab9af749f7d15c036931487

SHA256
033fc59be8de668097804fe6913c0a099e64cd2e002c9ff4527bda60181c54e4

SHA512
4a6253da8037595bdd64eef7063985b1ecf6003d5d8eebe6488c5b3a174f337a0c3557e45348a46f9124059e432832554ac11f0bdc78a07cf42b55f4c98e3c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b47da06785f3eefd1cc9b0bfdb8af09d

SHA1
6916e1c382a11454ab7ec8f9c845fcb489735c33

SHA256
d82759806f6773b003aefa621c91b3b16e4710682d3e6515dfa78f0240946a06

SHA512
059a0a50481ec091c259f16539549b127f6f116e7a723495bb6a0bf9daa415f9f6998c4bf91768865e99209e903ac02e34b63d38cda9c25ae580b92d3972f722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
09a5e02d1d0660675f2f956129221152

SHA1
ed8fdcd19db0a2ef1dbfce1c29a46055ea7dacb4

SHA256
15539354d779c4984fa1946e71215c88e1a615291c18c41cc6c846040dbb8f30

SHA512
4441dedf297c89201485e10b619a944cd54c5358641fbb1471bf83b7b862f86bb787a8871cd6d46041143e0b7a8db9dd1936c92cbddc722e3a74995a1e45d673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c67000faf3dcc63e56edff87fd1b0ece

SHA1
512f128b8e84dccf350cc292cf97917f9f4c7112

SHA256
c1480b05e8321e4a99b3419ff463afe0965de3547d05c6aadf3aa92179b01eda

SHA512
2cdf9eeea9675af6a5f4df656f266d235d3bbecee7e3a465bb596b6631b966f6e23d53dfd65ab35ec7a915a6a874433b333b45fb85128504fc107c89e4ed3369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a9710ca94770ed8a6d54433f821de0c0

SHA1
390aae24e68104f36c62ed6fd0856de1898b85ca

SHA256
c494ccb85278008159347fd43a8e4a4138755dcad92416b9981547c48149a1cb

SHA512
9b74b392005374252b483eb63963914fa100f6f780b431e1aa107632040617f48302ac2ec3a9022b84f8d38d33083d2faa911fe64f3fc3c0965558de3362c98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c18b2d2c1ffe3cad3df9c42ea9bc4cf9

SHA1
0b6a38aa556edbc2b16dbc898dd8a0b1e6a38c87

SHA256
0c3bf0781c72d9b9c4991cc47400944b079c4a86a7a720428941269a6d6fd085

SHA512
134b77ea9c0f67759265c09720cb49b74afe671b957f9bde3fe73c064b8b8a0f34a3d9d6bcb6e0c7b7a4717be326204cab7db1f34f9d3ea9f4a19a484bc8577d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35b7565e579b7aeabd4776b872b5c8d5

SHA1
014dedd7d17e3b5c9e77240c267c7bde37f1780a

SHA256
ff76fe12b2d9ed1d2ba36d60c266a85b7d2003756a2d47dc0afbbf375aa8b599

SHA512
75b9f7e6bb12f14aba7629cf097ec9510733785078a5627b805a9d5a2fc3a392e524dfc078d6f64a82d28fc0bab7a30743c662b4b00ee366660799aa91500407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
62b8ba26565917a3f023364be4860642

SHA1
d00fa3f9d4f0bee3db7c3dfb869695ce5572adf3

SHA256
904b124f281666a72315259b3cd309c3406e81d09b8eee7dec7ac9d168405d78

SHA512
3600ada73d539b1621898bef79f36b3d641dbdc1160d91fad05ebc057e186a3fa42f1de60ff0086309c5736e1ef52da93d1254aae09c4699314fc01ca2b5a7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2e95e30-e7c1-43ce-b628-b47b5664f9f5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f14088b1-a4eb-4b17-9a60-ab024d77682a.tmp

Filesize
7KB

MD5
51e4c49b41aa20a39836943007cb287b

SHA1
6d8d5cc0f070b4274b7893f63e5a6634f983e38c

SHA256
5afb4d6a388655d5d752c1653d6f2729a295ae33d4c40dd9455fba2b9f343271

SHA512
8ef48a5e023f99b5752362b08e7d44cea0f12e6436f43168aecfd070b08d0d9faa9fddd4a691d0486a5dc362a7c44c3f408658422c4ab9af2a92c44f7af7afbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d89a19277798f17a4dd080265f64d3f6

SHA1
6a52acab5cb4683af804b12f61c045e24e7e9a56

SHA256
a8c318d91c0c2cba236f6dd7462fc21a5c2cb8e6840fabe1b1cf6daba02649a5

SHA512
9c226107f9e227fe3f11781cdff844ec7b86abc5437b2c9913ce2a9e368442574c79b1ecdf84419be703c396051d393e85a52e27727336bd29481040cd0e12ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2c5e9280dca4d9bf56f66c09ee5802c7

SHA1
2c3d442e3bf72192ddec5065e98cff7d65713680

SHA256
a596e4352124d8457a7c93fafb95782fdd0778bfd4e4630d8c174a3034a5c1ac

SHA512
2ae7d760b29a1c60ce2eb51457fbb92971750b909f390e178afc3b077ea7b1ece68ddbdea101f6057b8665d530a7217ca3c2531fe9c9c67c9c8b5414d141b577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a68880a7e16a3be21782d2022ddf488

SHA1
e77f0b437a31c7d6ee9bd6881bf07bfd1d4c7473

SHA256
55624e274ef9340718d634ce4151c5a0164b54b84e0d60c4f01ebbe9d7e0a799

SHA512
3a57da26d003b597b2e2f6fa96a54c701937169f91fbd5481a6527fd8e0ca4e22b0985af78fc8ad8f9c6071f87332f1ef86268030b3c1005d1a55c41d8367e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d76097a39a385c77880e808e21077d3a

SHA1
1ec37655ffc30214c40a530e3891184dca9db887

SHA256
4b7e1b9376a225538d563c1c63642794f0996ffd91b53a24763fd71e4794fc83

SHA512
d8239c06115e9a267906ddd5779fb66620047b8eda94749bd32421604c41c0f54e78f3e0a34852e0a167eb7b2d44722fd1826f44e99cbb01bff23fd31e7d7d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3960936561ef6f6bf4bbf70fc866046e

SHA1
6690aec3c633202afa0703f4550421a3cffdc25a

SHA256
77b16e8b426723e5bbbef691b968e5aeff6118dc411b763118a0fa3c5c89a042

SHA512
2179205f6326004db4d190ba776a4f08de8c20a71e0456ca2a4049f1e44b0a939f3d8387ce2a32791f637b5b85556236e1cd1e6d48de6deba6f6844606410a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29774bbbe1b858731dc19ae2a714df4a

SHA1
73449b5e0cea5f8bce2a14eb28d75b718d6cf4f0

SHA256
726372598a41da8e38b168a94f869e2514112d0df08d85e47498533d92270509

SHA512
395669858bfe70bfa41f0280851afaa49c5d3634c64a7dc676e3c62691efbddfcc028155249b22c48e15a02ea1b55bc62654cab60bb298334d22fc4bd2c02b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b6e3b76309d8d78ead68557072dbe22

SHA1
c00d96165fdd8aead0f98e63bf600d0d3d7b8af8

SHA256
4fc96a405f5d3c5cbdb457f3d6083d1230fb5f643bcac1008a1dfebe0cffce54

SHA512
1b0c7d5832bcb26d8b2173c93042d1b41f049776bc34e158164beba5b3e1d550bc702d18be2623fb6bda0f4a3d9d35948db9056677723192617d66d900add420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
adedef5448a4091ff09029b9f33193c8

SHA1
fd7115430fbd07a7d2be6afa5664648a0121d3cb

SHA256
7ebf399088644eebd3489ee71ad91bb863aba239015167216a5b44074fc97ca7

SHA512
63d74f2841119983da2926e132514481e58762630250b01d732b0dd24d79fd5e7b3da0b1b4f374422b46671cd585bf0ab955516c0e4229e912ae62b05fd3b16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FEH43100\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
21KB

MD5
5761ae6b5665092c45fc8e9292627f88

SHA1
a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef

SHA256
7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2

SHA512
1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Desktop Goose v0.31.zip.crdownload

Filesize
4.1MB

MD5
eaad0961b52b14d9a323f092ef307d8a

SHA1
feb3aedf16432b063ff93c90623a865a1fd5214a

SHA256
e66264065923676807fd6d7b36f7c9dc52db9ef1c5399b2811738eb5e22a30f6

SHA512
fc42d2ed6a8a8efee0898236526dbe46218dbec657caa5e70bcb18433345d56a010903c155c726a5c9e117e1759cae42560e18da49d5bbfe4e99048fbd326330

Download Submit
C:\Users\Admin\Downloads\Desktop Goose v0.31.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\ce4f6799-a9fa-41a1-9b4d-b3701227f774.tmp

Filesize
1.7MB

MD5
7d775bb823e658f93861bcc020dc85ce

SHA1
09ddfc5fd16108a289db6c83cf34d754eb0f282f

SHA256
8c198b1c484085cd6f8fc66438025facf9117b3b7a11a1cdf3bab49562ac1678

SHA512
bbacdb6b6620903401e6d334ff3727bf6b9ba78386869397cfc13f431786c7870b4628240fc5dcaa0a5894f2a408f35b4ebe49b8f98d43e8de7fb4331e2e60fe

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
\??\pipe\crashpad_1544_BVFQYTGETKZLWNOU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1356-1892-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1356-1894-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1356-1930-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1356-1947-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3296-1946-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3296-1897-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3296-1931-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/5044-3539-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5152-2257-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2440-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2110-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2245-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2246-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/5152-2247-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2509-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2508-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2267-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2268-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2269-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2270-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2271-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2281-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2386-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2417-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2436-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2437-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2438-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2489-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2439-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-1942-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/5152-2441-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2442-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2443-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2453-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2454-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2455-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2456-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2457-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2458-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5152-2486-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5280-4134-0x0000000005180000-0x0000000005190000-memory.dmp

Filesize
64KB

Download
memory/5280-4135-0x0000000004F90000-0x0000000004F9A000-memory.dmp

Filesize
40KB

Download
memory/5280-4136-0x000000006FDE0000-0x0000000070591000-memory.dmp

Filesize
7.7MB

Download
memory/5280-4133-0x0000000005610000-0x0000000005BB6000-memory.dmp

Filesize
5.6MB

Download
memory/5280-4132-0x000000006FDE0000-0x0000000070591000-memory.dmp

Filesize
7.7MB

Download
memory/5280-4131-0x0000000004FC0000-0x0000000005052000-memory.dmp

Filesize
584KB

Download
memory/5280-4130-0x00000000004B0000-0x00000000004EE000-memory.dmp

Filesize
248KB

Download
memory/6892-4316-0x00000000037C0000-0x00000000037D0000-memory.dmp

Filesize
64KB

Download
memory/6892-4311-0x00000000037C0000-0x00000000037D0000-memory.dmp

Filesize
64KB

Download
memory/7744-4185-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4226-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4250-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4251-0x00000000063E0000-0x00000000063F0000-memory.dmp

Filesize
64KB

Download
memory/7744-4256-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4257-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4258-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4254-0x0000000006690000-0x00000000066A0000-memory.dmp

Filesize
64KB

Download
memory/7744-4260-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4261-0x00000000063E0000-0x00000000063F0000-memory.dmp

Filesize
64KB

Download
memory/7744-4243-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4301-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4304-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4306-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4307-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4309-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4241-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4239-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4318-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4323-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4325-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4328-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4330-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4331-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4333-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4236-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4235-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4234-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4233-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4232-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4230-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4231-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4229-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4228-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4227-0x0000000006690000-0x00000000066A0000-memory.dmp

Filesize
64KB

Download
memory/7744-4248-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4225-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4215-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4214-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4213-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4212-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4210-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4208-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4206-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4196-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4195-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4192-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4194-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4193-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4191-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/7744-4190-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4189-0x000000006FDE0000-0x0000000070591000-memory.dmp

Filesize
7.7MB

Download
memory/7744-4188-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4186-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4187-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4183-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4181-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4180-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4179-0x0000000008590000-0x00000000085A0000-memory.dmp

Filesize
64KB

Download
memory/7744-4178-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4176-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4175-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4174-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4171-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4172-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4169-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4170-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4168-0x0000000006DF0000-0x0000000006E00000-memory.dmp

Filesize
64KB

Download
memory/7744-4167-0x00000000054A0000-0x00000000054AA000-memory.dmp

Filesize
40KB

Download
memory/7744-4166-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/7744-4165-0x000000006FDE0000-0x0000000070591000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads