hxxps://tria[.]ge/

Analysis

max time kernel
1795s
max time network
1794s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE

Executes dropped EXE 5 IoCs

pid	Process
452	MSAGENT.EXE
3420	tv_enua.exe
400	AgentSvr.exe
2400	BonziBDY_4.EXE
1072	AgentSvr.exe

Loads dropped DLL 31 IoCs

pid	Process
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
4384	BonziBuddy432.exe
452	MSAGENT.EXE
4884	regsvr32.exe
4700	regsvr32.exe
1140	regsvr32.exe
2544	regsvr32.exe
4908	regsvr32.exe
3596	regsvr32.exe
1608	regsvr32.exe
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE
1072	AgentSvr.exe
1072	AgentSvr.exe
1072	AgentSvr.exe
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Intro2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BBReader.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd1.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\empop3.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSubTmr6.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvcrt.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL	BonziBuddy432.exe

Drops file in Windows directory 41 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msagent\SETD424.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SETD436.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SETD3CF.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD456.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SETD3E0.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD3E0.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SETD423.tmp	MSAGENT.EXE
File created	C:\Windows\help\SETD435.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD3BF.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD3BF.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD412.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\msagent\SETD3CF.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD400.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETD435.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETD456.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD401.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD401.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD413.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD412.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETD423.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SETD436.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD3AE.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETD3AE.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD400.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETD424.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETD413.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F55ED2E0-6E13-11CE-918C-0000C0554C0A}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4B-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriod\ = "BonziBUDDY.CCalendarVBPeriod"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322982E1-0855-11D3-9DCF-DDFB3AB09E18}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinEvent.1\ = "SkinEvent Class"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\FLAGS	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CFC9BA1-FE87-11D2-9DCF-ED29FAFE371D}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{1D06B600-3AE3-11CF-87B9-00AA006C8166}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCheck\CLSID\ = "{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinLabel.1\CLSID\ = "{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24830770-5D94-11CE-9412-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabPanel.2\ = "SSTabPanel Control"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlAudioObject"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\VersionIndependentProgID\ = "MSComctlLib.ImageComboCtl"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE1-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSCheck"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA02-8B5D-11D0-9BC0-0000C0F04C96}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\Version\ = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{972DE6C3-8B09-11D2-B652-A1FD6CC34260}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B976287-3692-11D0-9B8A-0000C0F04C96}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E27A70-69F0-11CE-9425-0000C0C14E92}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 1.5"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx, 104"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EF6BEC0-E669-11CD-836C-0000C0C14E92}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\VERSION	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B1BE807-567F-11D1-B652-0060976C699F}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 281459.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4336	msedge.exe
4336	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
1144	msedge.exe
1144	msedge.exe
2944	msedge.exe
2944	msedge.exe
3656	identity_helper.exe
3656	identity_helper.exe
1728	msedge.exe
1728	msedge.exe
4312	msedge.exe
4312	msedge.exe
2108	msedge.exe
2108	msedge.exe
3516	msedge.exe
3516	msedge.exe
3480	identity_helper.exe
3480	identity_helper.exe
4508	msedge.exe
4508	msedge.exe
2412	msedge.exe
2412	msedge.exe
1956	identity_helper.exe
1956	identity_helper.exe
1204	msedge.exe
1204	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	392	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	392	AUDIODG.EXE
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	3608	msedge.exe
Token: SeIncBasePriorityPrivilege	3608	msedge.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe
Token: 33	1072	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	1072	AgentSvr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4384	BonziBuddy432.exe
3420	tv_enua.exe
452	MSAGENT.EXE
400	AgentSvr.exe
2400	BonziBDY_4.EXE
2400	BonziBDY_4.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 1752	4336	msedge.exe	83
PID 4336 wrote to memory of 1752	4336	msedge.exe	83
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 1296	4336	msedge.exe	84
PID 4336 wrote to memory of 4912	4336	msedge.exe	85
PID 4336 wrote to memory of 4912	4336	msedge.exe	85
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86
PID 4336 wrote to memory of 636	4336	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c134718
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,10804728961918648554,11871433145883709824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c134718
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9349828593686759163,6758022279387496054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  PID:3088
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:452
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4884
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4700
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1140
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      Loads dropped DLL
      PID:2544
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      Loads dropped DLL
      PID:4908
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      Loads dropped DLL
      PID:3596
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      Loads dropped DLL
      PID:1608
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:400
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:5072
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c134718
    3⤵
    PID:1212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
    3⤵
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:2584
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
    3⤵
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2178002787148692858,11621950769658725370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
    3⤵
    PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1660

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x320
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c134718
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,410142559087193621,10838495611793510752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
192B

MD5
5a17db567f4c3f028fdfeae1d0ca2ef9

SHA1
c04d8655ad4f94f40e033344aaa8d15be83b240c

SHA256
20421c05327c04a83c42c72969fe2f7cd7a1ad7e7251ecb2d67fe4c2dca5bcc4

SHA512
d2f79f795770b8c8fd446f757042523558be35c2db539fd8b8597143875047e7703dd83eadf9e5ac2bfaf730aa344a00a73d8382545bbe42d88d2a157e556684

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\91ec72cb-51b3-4531-a60a-fdc68629320f.tmp

Filesize
12KB

MD5
c5d56a9b505f39a93bbe6299343a9843

SHA1
99eca233a08865640c89dde9d01e8dcaa7166315

SHA256
c5853d857c93e81bb52f1e0f12fc84fd2c752086e6dd7e688d9d898a5dccbb3c

SHA512
e0348e1308a237b59741ed969de2430b126d02a6cd650e4ac6f5b2c28a1ae5688fb9ecdeba692502a5a14adde292b7b40a78ad401bff7ed86716621671eba8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
77afe391a0744c024f129058907a7c6d

SHA1
2022ffa4adfe87a9a58ce734fd80037bdaf1e800

SHA256
cfbd9f804783aa4eae8bec525556e7501756bd3a52fe4ec69453156011617957

SHA512
43fa9b4b3dd9eff5a9fb6e83d1f134d8d83ea7aee1055e59dd77f289e7658d3b81b0084d4d7c2cc0015e7634ec0712f3664f9a8bc34f5022b2263613b9f7c728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84e5c0d8bb63041b10d8347523114f61

SHA1
97c8b47d3a40cd3695c4cfd2cf9450bcf52a563f

SHA256
07949a8edd05d05f7ec2458bd3d571e4ffb91934c6daa870d5d052cadf419079

SHA512
dd26325c8612ddb13ae1ca0c037c269b5542bbc3bf7f0bac80d515b3be750e8fada503525e651187b0004d31c53b7928524fd44596147d4c6922e65a4ea2412e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
35c387da29ad496d50f8343906ad1a9f

SHA1
86d8cea701c002085c88bf6fdaacb03b6f79a223

SHA256
fa6e6f3be1783033f29e2e89b8e85b1e7bf38a13b6d87d5a2e07dfff934618a2

SHA512
aa8fa1a67507abf349f44fd3b9f71ccaf4f101b357351be349bcf059a56225b3c6ab836f512dbdc3eb5d52677493d22d0c83f1721e3e2e07e25a70b750f890b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
43917ac82e2cf51f082099912a8a12c6

SHA1
412f3d28fb3230e1c3771647b1e10afc29cdd4d1

SHA256
af31a05d53e1ad2ff1b7f851de7774c220b7fc5d0563b9ee07fe9a44bd30679c

SHA512
e59e7d0e44c874d71613f7b83d9dbda37cc3b58946dfe3d2e0527a4409b16fe0d01ce27d6cdabc74be0f1cf4d204963987212a1d8f85f10593f0dca34e33305b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\183ce1ef-3cb1-4860-a3d6-34fcf45760a9.tmp

Filesize
4KB

MD5
fcb653773d6629cdfa6b1d251529e07a

SHA1
a7274ca9e0c48e49b7b2b86f92da9367b0a47c8f

SHA256
df3b5bac800d509fa127481a6beae03ea59b7a82f513b1ab67af59fa4bb3ce92

SHA512
c9fb36c800f0bcf4419177108242d46f8dc15a82bb78da5a0cff032665a7eb364c5927d889a8ce43e2c95420247be5b031dd4bdeba63dd5ad9c4f26027dec9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3de1378f-484a-4884-b2dd-537bc40afc53.tmp

Filesize
4KB

MD5
6193a41846573cf9391abbbf9de385ff

SHA1
86fb96cc6a8cc2ec2ce69c4d4aecf17b27523ff6

SHA256
895fdb6fc549d8c7e9c643b9cb912884a3332cfa407969fdb0e8d6950a7ae195

SHA512
d1588d2095129a08b1e5027b56ffa751548fe45dc15310608824063a06abdfe99c2c141849691c93381ea6a229b7ee09baf9ee9b53a478856b9bb1e520f55849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
36KB

MD5
338aca3c8c7df83973288cb797423c3b

SHA1
1f217f876fe3c45fc686f8eca4951e030d96b05c

SHA256
e81d76077f95c6410fc20ad8fb0f3a474ab724aa795e1b2a99453ddb31de61b6

SHA512
f815fc8a5e3f278230b9ab8290b932d121c147d33d0d781a240dd497673f505cd74919c4fd563c6c4e4d266bdefa741d53dad1b14b56506a37e19312f6a270fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.1MB

MD5
34a02dd7f8b393eff0b3f133576adb8e

SHA1
b512edfa50e3ad8f44064e7805443032f8cc9b28

SHA256
f38d66808f86e685fd596c778cf5e8dca79d1d0b223c008d9b31b636bce2299f

SHA512
53d2669725bece4eb3f9c9d2e9714ff9e73dade82a63c0056cfe9e6bf2cd905866e38fafd0d89ca4a2eb9406ecaa7aa89221cda4641a355494b21922d42ec48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
56KB

MD5
7538ae25001820cd0c822fe0b940dc8a

SHA1
40a7f6b5d7dbd61c5388cfab5c7546a696fc3c82

SHA256
b1705e4cc4a302a53252b71ea72891c06d19e9138f93ad0cdea4aea511a47452

SHA512
9d0abf539bc8ccad9a3ebd7613491d6f14dd6a27d936bf3a18f9fa406329deea374e6881cccccd8dc014e9e11c084c150180d91abb935b30f436c979f09d2e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
76KB

MD5
009f9b74fe69211ce154a3cfc510adc9

SHA1
cc20b243388135e16f0f5f7ef9d6c6f360807803

SHA256
43d229ff9061d341c839eba7816dfacb613078a52afb4e6be15fac475ef27e2b

SHA512
3a657c12450a94721cb00296df54d5dfe3dddc1041669b9c887826c48a9e2dc40990e42407d228e89ebb35bbf86fc77383c21fa9fe490ac01643f57473ab3e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb

Filesize
76KB

MD5
b3dfe33717ac4692e3fd7bcd7f239c19

SHA1
70737966b47654a7545505ad91adc2bd6215031d

SHA256
fc7cb95ed4afcd7174563c36a979947591ed80a0947b5f4cc0b98e13890459ff

SHA512
1a90fc011f2909a6c12388395d1ae4610e599edd51a896507fe2e262fb643aafe12c00c6806d91ed93125b9495e6b9ee905a9ef93f231bb68e28ca1fcf40e630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000129

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
769bd963a19e3f5a0d19885e472234b7

SHA1
3c5d74ef993fe2c59f32b5a4c1545140e94c6817

SHA256
8b423afc4468e53d9804acef965f8b76488da9d4cf1d7c921236882abedaea50

SHA512
de57918759d976c7196a4de85cc21692e9e1641c7a37abc69b4fcfd3c64338241f243e9660b6f0c79e1913ed329efeb88884edad745148e828fcf9309d2d3402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b0642232c5e45ad_0

Filesize
1KB

MD5
fdbe5a1bc8dec216e0e4c0b7a451735a

SHA1
459162bd8d37ee4ac823b077c3579159d0989e29

SHA256
6a4fd01174e0822a6f679090456b151909835218b9779c36d41c325530882a4a

SHA512
2cb0f0766db9812258c2e0712f1d8726a5ff8c1f90e9d8d225d1e6d5f197e6d631a60929c4da89792144a32810085f5f2548fc25dca8c69c53180ad8ec5f3c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
6071838fb8e98134dd4b46dcc05252a2

SHA1
b94ad2fba5b4ff1eeb36270c476298bb8654f7d0

SHA256
459bd55bf0c1ae6a677ef74dc3a366e431caf03c42d4b64ccda437ab4fca4caa

SHA512
666b8c1022f2c5db9422b156d4d79cfefd1a76f1951d4940b15b6a3ea663cf70b60c05ed6d79f82e365d3b7be34a8e89010b3eb490434dbdbd5f944118bf6d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23c07bc9a5d23b64_0

Filesize
6KB

MD5
352460249266505ca58283effe3633bf

SHA1
373bd98e19a4cd1195e09c3e3a5fb88b88b87459

SHA256
840765b9cb2f57707aab2057f1cbc5fa8e2c85109ea1a668941b713d5474c1b7

SHA512
7e76b2372702945ee441f362c1b73259c7902b902151a676e20fce9d0c18070a916eb3e93ebc0dcbdeba85acacc943a34ed78ec7794f726e4a095b0ae0422beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
820cbdcab1d447619432bf2766ce5e00

SHA1
482cde7738895d232b7095a90bfa92697c53a20a

SHA256
9fa5d4d0296823c94a7f00bed3d8ef61b8ffeee10d32878d77a2ed2b34dcca99

SHA512
fe662a1765fd4088930c3be06773eb22ee9303f81d5944a2847a7bb61b7825db1ca9d2cabebcde5f976c293e44b2060eef9ed265018758e3043006232d39c8bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26bf13f96411c421_0

Filesize
433KB

MD5
d60e934f308915500fffb17d25b9f08a

SHA1
76f29a44d87225adf9db5ddd0bc1ca766db1ab25

SHA256
7e34b1eb373bd7417eda11ec5feb914faa59cfd3142a894cca396f3555eb1de3

SHA512
46dba57c22f6bb1b02326dd23af41041d32cc190aaaf32d54f72dc70b38096e03344ced534a26f8370723363bed044601e760797e6097e7ac5688d6195d72e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

Filesize
5KB

MD5
058b097a0c5550f1f492af4581beff7e

SHA1
d9f49bda46e59549281c86dadddb118b260a3d41

SHA256
b98b722aa5aabb8cf809a53dde41d051a5800849af0de2d1b536cc1b854dff31

SHA512
8ab18f9863cd66f9f9ed4e47bb5dc0c2553b9749db0dff07af8f3fa01efa87e95da3d6f93eda5ef367f37eb64c245374a91498d13f203aaea41277640e13d131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

Filesize
5KB

MD5
b2fd0f6bd87a7eecdc46aa873971acf8

SHA1
c23e8b630474b6f76e9ca658b2364764321b41d3

SHA256
7a37769ad1626dfdf26db0c831c9f6b14ad184172a74e0ebd2483246ab61bd21

SHA512
267a647fab2214208fe65665a25500a302140dd3f27327fd97618b3321b8de467f17b3264cc497698c319ebd0615327bdf7a8b4454447a513a11e53dc4303e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f0ff640028f5442_0

Filesize
25KB

MD5
38f8c888cd47205f987bbd4f03b70141

SHA1
0a160d7c80e150581a479695d91e4e77d5c93a62

SHA256
ceacf5dc68798c5cd73d840ec95286345399867f23f41f9ba1c7c956eba0c5d3

SHA512
eac1730fbc1f5f89750378ef73a4e6d6996b879f1c6dbd8e1a37acadfbfeaafe84dadb04f48d84dc3dbd6cc9a780877e553aa1f0ca1cd1573eda7b557328b86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36d0ebc633be7fe1_0

Filesize
262B

MD5
b8408af647b8119dcdb550e99fb71212

SHA1
44dfd6ead76de8637e10b6545c177ce7128ab748

SHA256
586912ec78cf01351eb1b1d9d9638efa31edeb232e9f5faa31545cc370224f7b

SHA512
703e53539b41bb839b0e2f4f8183309cbccd0f23b78e53a518b83a6d7b60554e5eaff230fc04a56983aa96823e8005747a816406d34a942349c0391fe2998542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f06b5b75d53878a_0

Filesize
4KB

MD5
cfc0d7bd44eeba83fc54651ef0156f7a

SHA1
3ea56986bb0a3a5abf2ce893ef1c1f31c06287f6

SHA256
8281f38ea648d71d52b8f66f742e4342a9fee6473d2a20b984bdb4be899d347b

SHA512
9bf54368869a79b5448da6446cb1ab5d6b75d170dafc3b7b67d2a3183df83fb19cb262e8d18413e32518de50a135baea06a5b9727594352de1ec21a5581b9dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
197601d7fe1d217141fd04996821efa2

SHA1
2339c1e0dde8d0e0c459c187d98b60a525b4ecb7

SHA256
704dfac97ac5b2570f0a95fb2531b05d6bfade6f999ce9279f3eb5631384b713

SHA512
4220801e3bb2e3aeb0a3bcb924a3b608e85bbf1bd96a9c58b35f52b5ccc66d2aa19e50695d6be0a364a1fb64af32e21d0834c503995e2ab6b8001b49e1046287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
67d0f22a9d1a78554db67c40f6155624

SHA1
6dbb08234480a6ebaa1e5797c831a05e17d164b4

SHA256
379fd608cb708c66b5533b72ec903dbcde60d0c997764fc9cf6ee0d46c8b97b4

SHA512
7f66ee9c98c27896d695c88ccf5a62c5e8afbd93321feb90fb4f4dce2b0c2eb94f94d0a9fd64700de7e67c44e7bb0eedb3e6ee4d0a638915ae6460827e6f2e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
47b44614ccd654b8f647e6506818edab

SHA1
dc337594343767b2936de436f90a59f4be240ebd

SHA256
b978f16906324de6e71dd8677efc6463008dd7f03eec8d77e643c9aebb3d8ebf

SHA512
f3a42a4ccae376ba1ddfbcb729791e5af682b74e233c89d19bb64d20841766fd4db867eb158b5acee21426c46e363f2e6e4b001dcd4e0b4bf217aa43868c38bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\55c6a8f49de7b4da_0

Filesize
289KB

MD5
d7569d16be5f4ddddca6dc78c88e500d

SHA1
caa51373bc52016f70ab743534a855f6b9292160

SHA256
d63a7d60285fa1cc41b4dbf160b904aa33b341b6148cdc125dc94a0f60c5ac44

SHA512
f0e9945cafb5a2cc386f9ad629422b70b358e8f6ed521aeff56e73d5215071602a0c3e071b1bc42efc68064d4d9e666783068680d5c789a185bb05fa4749b1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
10KB

MD5
c8ac3120c34d760eaff667c446bed757

SHA1
f11c848f31ea12f2b6d48e183e9556d6076b33bd

SHA256
b706c6d1b80fa0bd917189701afb4314e8cbf5d61e4c94fc2eabad8656ab3d1c

SHA512
0622f1bdaf519a766989870736469bc40fce4d8db89f13fade2578db4ebb7b4f828e0a2bc1f49971405b6e5c4dbc842d4a28370ec3c98aab92dd0737c0491af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
c4f2a74dde834fa1b3a306496877e376

SHA1
53c9da1c94cd250a3767ca27306fd5700252ff39

SHA256
556c8aa80ac6393a44c4f8774c9fb5a9c25e8f5b70867309effb427a5876703a

SHA512
ebd5b8442e81fbb4463f2ac49c0cddbdff7c31a87484a8330c998fe57f3f686f9de68e391c09bad1595ecd77449ef2ce36b332c13a76d05c7e852805e2b1d2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
53174a8df824f0f27d80196c91059182

SHA1
24242cfa581a316b46a1af3710999b15424f03a5

SHA256
dcb36d1689eb22d41b9b45e39783749b4fc00e12ac27ba975ff10b543dae25ca

SHA512
a527fce781fa4e8b3fc70eb0c888a948f29f07716e8f00a9095100ac01ba1be709cdea8059fb56cbf20363ce5bbaaceab2fc437b56e88332b3dc3213025a47ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
e55ec2f20e4aad81c4f81193fa4f492f

SHA1
d90247710fb9a3028c0b2358919ed60cd86d3814

SHA256
b2ceb1457b6890315f56e308f62e996201262f2d518858bddf97ff098db1d9fb

SHA512
4fe4a574aff1a79adb83dfc3f79af0c6ff4c3d58214443e6445265bd7aa57191849681d919695134026bc06cc47f7b500f2853cbc507013df44ed37fa947ab48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
c7fa63cbb906709cb852f90cf1e5e510

SHA1
befe5662d267f2b60b81b68efac1cc8f1e928735

SHA256
9a83fda5584085e59939441fcea5dec4b7b813c8cb3d32f6ab67471a26ebb7a3

SHA512
9a316e7d8cdbf5c13c169061a6af94ff1e4b8f5f938b765065312aa6a5122d29537d010006ccd19292473a1ee60eb1885e86373bd9d34c821158711b2b0a1fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0

Filesize
26KB

MD5
4492c3d5d024825b937d4909dc85475b

SHA1
83e4a608c793140bde143046052fc397b957c235

SHA256
88025a8ea24ef5a18a9ced6634808d76d089efad16e884d2c9255e684b29afc5

SHA512
904c164ba3f3c135b21cb015331cf978760b5a449f254b5ef83f6e68484b770009b7cc9643f6a04891f0157fdf2ff994f82065b8aaac4961b16d23b890b7739d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\839f0d8c7f1a4c83_0

Filesize
1KB

MD5
b13df9c482cff257c7febbb9cdf876c8

SHA1
9b1811cd7ba465afa98c6c4657e6d42451191d1e

SHA256
ff45708d83faf8c9d5c20a27fc04c2280142cfda546e7c648af1b6ce1550350a

SHA512
6d2f85373b19660b08b6947e4ad256b8b30ced98e4d5e305642eb4aaa8c08555670564701cb343cd56478ce0756b2d90d3220342a6e91157016a3eebe868cdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a9b3662d971774b_0

Filesize
2KB

MD5
cf0e4279e5ea40d504bdac6abe2d8c3e

SHA1
0ce3a9b1c944f7a663315bd9c8589db67918f5cb

SHA256
e819f353c1b695e76c75dd1dbe627e15ed49aeb7ce53490ae8746002775dbe9e

SHA512
6ab0b67d8d19f9f31a081c6adfe6f38b5d43152354de97aad53c590bf3d163ac862d9105b23bf9bcbaef5812e6f4beca4be7ac08fbaf2e8bace2fbfcb04ebe56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\93feb620f8d71538_0

Filesize
2.7MB

MD5
0469a1f625a06ef113b77546232b3dec

SHA1
907d807c9dd84c797961577b188aa28a418cdd79

SHA256
5496d168ae8deb8008b0daa8c72dadbe820720e8da26a7aeb8c5ae7661c01eb3

SHA512
db68cf1765a6df3e07ffc52a4977a308d08312d936145079429eab4933c4eea91663e8be303e4838ab3860cdf774629337d1aa3e08cede5a87b6847c618c9040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
e4ba8d686ac4ce14a5f4fb43576d69b2

SHA1
0725af03508da94f283ae9c3a5e08cdf28f61d14

SHA256
d33a3afcfcdc456ed012e08959aad92c9d9cc8b1ba87d7e870120094791239df

SHA512
959afbc8dba0dde92890201d5e07880a9ae7695042f1355473935d19e981b70ddc2caff5523a30ff30c607e95b435e06fb2ff9fa3053267da79abd4b34db3c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
ad5a4485032d9aebe9a50ec3333346d2

SHA1
35bac2258adda34706b512aa1c848c941a27005f

SHA256
6a2fe263cb6a2bbaed52c15e940a49fea87fc83f66a98f69f5f2ee816d099287

SHA512
a9b0e21dd4700a26a9eb79401b1590ab9232a5940ceab8fd7867cec0679e6a7d4c25cfa076e833601d8c31904446d6a56179ca8b58973a72327e18c87978ac05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

Filesize
1KB

MD5
d53f894755e2c9e40e3a4edce4e329da

SHA1
140c6fcf0c62f3c4483ce6a90dcafbf406af1d74

SHA256
bd09e1c459a90203efed94e1620b38d72cdd4e1f85d7040d1f337e05ea53a2da

SHA512
01209e4bf9d18cd53665aa9b8cd3a3d4b9d013b865d643c30dba4a1fe6af6c00d8af21919ac199f659c6718dfe3480d0896804b2e3dad6302039715850c5e269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
09452625bae2d29d0e66de3a7f64707a

SHA1
c3543f03990a0a2f0500c54a251ad54de753a94d

SHA256
a76544ff03fd533b9e7af232a2202bf987e9fe3c10203e459dd3727a617bfbc2

SHA512
28f91912a47c575a1f2c0976483b66c875d5fff90b003a32987672e02d0b2164e70edcc7163162399e7b90ef22065928c012775ea9b3f001fd198ada9c25055e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2e8c167e1462fb5_0

Filesize
3KB

MD5
445f8a0d97f4f0249bbde8e15b79b232

SHA1
b0e8095e49d94ad61d256e021ccd9e0ad89480a1

SHA256
eaf9a054eab5f793837f522a2583e64260c976a949374d2c0c7aa7f781fc5494

SHA512
10414da76735be5eb7215a6a7a19d8465f139843f13201fce2e587ad4991c7caad6a9d22368d05fb503ffc68a1aaa747d13cb54c6c1256deec6704c987ed0e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
cf6cef7604b61a32e7939b3f88b83cfc

SHA1
7450dba1b1eb4d79ead708da49b7187f93e8d30e

SHA256
b2040258173ad0ef7cff8f88ca51773b48bc6db53677b3ec13413397d675bb4f

SHA512
0a587708e9d5b9e576c6400e0e4ccef33ed41f181348ad57b36ca527f0139f08c56359fb4c2533a79b7f2b2cf662dedee1eed8cdb6ed35f80beb03a586b771c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
fe1925cba2dbd27da3855a0c142ac896

SHA1
275df33800c92dc1e6b4105e312542eecb0c6184

SHA256
a88d682f4e0ce318a29a00c73d7c9fbf3163ce8cec0c201acf2afcabc4b97d4d

SHA512
43bde6f3879b192f79e0d9b04dd231b7845ed1ad1da673d3804539e0b00a253a666986beb0739f9183dfc958d6f86a7f17882e5972adb556ab7844c18e49b1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
162e393b99f0121f43957c2268d2234e

SHA1
0af110900c89671e0b2b3b4dda7fb99da5ceaf85

SHA256
f37e225660b5ee27c637db28b591a7719465ca60f2cc79b5361c8b2c257f3729

SHA512
da4e5a13fe7a01c24264e0c1ba2eb2bf054a4b0db7ddd75d0915fe5cc41e9045552edd6419f62765924b9c539958a24577a52e0f9f71d88efb4097122b103ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
40f996785c78f28bf7331602e46e1ade

SHA1
db6279497193ba663d5983c7fa9b521ac4f03371

SHA256
7a030d9f7e48abba6cee591c13b544a77876acd61e0ee758416d7829bced8392

SHA512
2f352219ab4c436e8af26e8c610ca704a4acbf1bf7d90fcccad1841962ce4e9fc571a912d35bc9a71dbfc6866a766c8549cfd6fe3c6254f4750d9e8047cc387a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdad702bac195e40_0

Filesize
3KB

MD5
6c7a1054e10cabfa6ad1af2a5766d792

SHA1
8b6db0237e26c3b106374cfb39bd4854825996ed

SHA256
61c75e4f27d76144a4842d1fe73cd260a8993d5f1f5d02e373c1cf22d6f45aaf

SHA512
4db363305b7b15c91238ae09a5b3b99ef5b4d108171198bdc6423d3e35e8278fee45b0fd8ce2efb8356f57c4f9a16a8f06221342e5a15bde42540c19f8ce3e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

Filesize
12KB

MD5
0b80cb029b732313114118f2fe9c9ea8

SHA1
a9696e217faef19a242b232a50d2cefa951346d7

SHA256
0a8f2a3ef2b2b18e34739a42e48ca0f620cb25332ddc6244be8e8a3cef20ad4c

SHA512
16f333155d4b40590b38231df41aa92ab6b1f59916abd6bf4a2431cb1b0f611a6a351a5514469059094f755dff86e1b02de827c79d3c8b07848113a9d732819f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
b65fbd358fcc9df06561b7fea8b9f278

SHA1
d9e0efd6a3e4ec9d7ca64282ef107d0e93567ebd

SHA256
a4fb09e10cd2f9de8905653eaf9cca2b10f0040b60169313b1eadb641a1a7b85

SHA512
9271a183802cfc22a7a3f75f1bb30e0be29d14b455fe7f318aa1d2f32200743ec1c3035f833433cf360f7498d440900ccf4c078667238c0ab0ef64d731ce41cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
3c4d0806c9db67047156b766a9ae00a8

SHA1
b1784554a2a56befa87ab67531a03307fe0bc0ae

SHA256
524a78031edc82558a79ed3079ffd3224f2ab4d0e2d96957760a988563b500c1

SHA512
0f93d9e5ef5c74953e791593a33cb1c800540d005e7d698906bb1d6ed0e913cb270338b64d756df6b446485acb3b4d5820aaf6a01c7f41de5fedd984ca8e479c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6818a7cec921d4b_0

Filesize
20KB

MD5
863726390e060839ed240bb6bb2c8dff

SHA1
8dcfddeabcf1e9b86caf6e64d212867f7dddb6e3

SHA256
036e6f97e4cbb64ce54f1d157c30f8414abb7d05eb14d8e6bad4cd77f766a3eb

SHA512
01518228b32e9de323b93f4d71b1a9b16024aeb49d4751f5e129c8da7bfe4d2e542cf9a608741bb8b8a4eaa5b99c16e9c6ee86029a241ee8daa57096e4e5c34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
939322290c66c61968c1c0426bf0e97a

SHA1
845743652efb1d8413d34ce004684e7f5053c976

SHA256
7072fd8fb1eb259e4bc8caccd17f6b1cab1bde841e7351c93885fa662d150899

SHA512
cf5f8ae3559f76608278f2fb0cdf267b442addd9e6137e180c6f756ae2f9698ef66cbfa19f8e62b368b7a7d18cf32fbf563b1641d55ada5f53ecdbe75e2c3246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
83c71d908e1b211ba2577303538189cc

SHA1
1e888f51a1a7b1bdbe124cb811036c9cf1f58b23

SHA256
13995f0e8408809fcbdbce993fc877d85f0620ece95071b04dcd135b8ccf543a

SHA512
ad17652dd6958fd18fca380d515af6191fcedc913192ab59ab23349d2bd14085717f6b0375ffeb6d96d96e9770c311b7ae276f244c90aeecc5fcb5c26f7a8499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daf0b019d07753bd_0

Filesize
2KB

MD5
95939043cc4f553ae95ece3dd2f9eb52

SHA1
e1687fc5ce7a3caab1eb5b868d4ff978d582528b

SHA256
e273584868a9cbf04947f7852df1680a80c4ed12e2b689a7bb33b8d501d3191f

SHA512
3dacd0fbeb31ce94cb95b9e0f4cf512f9491807be4e9b6cb57ab5dd28cb82a68c258316fc8447020cd92ead7c2640647cdd6d6bec2e9e39ce2d4101d3c173abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
5646f3d6ff649412df67d78cd63572f3

SHA1
b61bd56965a2afca4e441490168d22aaae6f40d6

SHA256
9aef3f1d21f61aa76f5666fcba5d1580a769e7bcd6c56564fb480fa09a06a17e

SHA512
f901758c88cc5333964454af59efd7f8a657979b015e6853a38ac927f08c1f26b15d3d567a0da0a34a17c2f89632e7be602a1a935d4a4fa30ae3d886fe25952e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec0881f7d6ce2669_0

Filesize
175KB

MD5
ba1c41eec05677a31ecedf1028e8f380

SHA1
9b2209fd36477241ed2117d43db96aa0883f278b

SHA256
be572f8b3ac4eb36f29f68faa788c26097c8393bc73b6335f4599fe23df379b6

SHA512
b6260d0c0acee1dd3ba64106b5895e61e8542963c33c8e54a69aa33361407e5e79477c3f21633d185886eaab277d72beac99394109fad386a5141c79fe7cc417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

Filesize
6KB

MD5
eb7d6a6c10f4e6406f7043f1b54a26d3

SHA1
c945268d08ada8162edc9ae885b9e989e887fbc6

SHA256
22bfc4feccf558ab653eb21614acfcd2975a13f2e93f976415bff3b99d1b29dc

SHA512
436c2a349af4a46526c38a1615f88e0176445d3abd292adc0f55a22c506c0ee73c4efa689eab7a14f2f0d5129e4ddcbe7ac17e03843a03286c56ea85dbf58e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
987c84247e0bb62cd15e83a2a3da86b8

SHA1
467bf7deaf652c4e7c5bef369957e16c9d099d9f

SHA256
02490df240f17146c0113f3be06e6f8d661ca568e6a7ac953c3fea332890cbf0

SHA512
f28bd0980fc3002bb16f9aefb8484020902e33016f57c8d6c239e1ca6d8e9798eea55b7cda4a37a5c8207a5e787c1133007a1e096831babce8cf24b947d0dbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
730843731f1bf57e2d1f36e667c4170b

SHA1
0cc428a7ce857023f67a9205e823003516ff4de6

SHA256
9ff0d3597fb18b67ea2143eb6bc8d3f38c36c96d3a1e59b84730494af85efded

SHA512
f5703d672404b459ab678bbbbce4e731b08166da4e8378c203a236d069f079906789835ce5810a9791c0ce10065c92525d00e75e65cdf2beb53ed2bcc14696b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
0d32de1dcd98805310fe0affa263647e

SHA1
6604a5cbb01289998bb8e8910d05efaf31e93a30

SHA256
3027b9887ece8784e9d21089bdbc3a65c0ba0f38bfb33683c42a748b59342899

SHA512
c5c4d806f2afe39f0dd9af5f7161f4619f585920238e4027c79ad56f67f0dc086885808f77b82a4b0f24e61155ba15e331389f9d78b574df80f5ff35b968db3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9815d8cb7bc9b900335f5efae53df30f

SHA1
ec7c1643c0e4713213cc801a1109f52a448cace2

SHA256
3843b6af60ea55b982242eecfc609d61e66312142ac6b4a5bca026a3a39ecd17

SHA512
31789165586427321a2ec3fed62676c223ba1405840cf5f3fdce31f5c27866b34bc3f0396080e1c1987f7962dd79ef9162ff9be4bbecb624324e8a230a8345b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
21eb8174c129cfdb89d42a0e436464e0

SHA1
cd2a0545e1f1cc8880bf45d87d34fd21f260ea83

SHA256
07615942b8dac9a98d57649dbccf61c6f03ee3a4307cf6e5d9785b0c9d28a50c

SHA512
b19bb2dd51aa60f5660c25cc86a086075c157c91b507e79be3e981f679f550e6ca0ba13e4ce67f2092853e52f3d32b359edc730f2bef1593a4aa72b7daf03e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
72be51e889461c3e46731d7b60e4df37

SHA1
0bf1a558b2a68c798e2e0eb7b8eb6201a95d5f9b

SHA256
02186ccc0a856150928fe371f25de0719338bcac549e65b006ca85b4eb6821e5

SHA512
b6ea17d477800130ab4b2c23bb903bd97e8b6e91c69994fdaf6e5871f2db003c944fade91a36c47c927cd373cec2ca02da35737786ced6aa47265e9af819b9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
6a30038b95f1b20c43cc34ac1353bb43

SHA1
1b97478c2ec418ade12dd7aa2998b97aa161b633

SHA256
a214420c4f1c6ad8be06e24c147c480a014902889ed1a28925cdaba5e2aa1cc8

SHA512
213070684811cae6a7f4ee40e47ec8e5f5791c06ccc95f4dde4bf755ed0f5a35da712294ba2feb8dce32bd8d24193a53631d4ff3bd7d8af0cac4e6bf826375be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
3e319eb10fed16add69e07c8050713d7

SHA1
ec2a1078fd24d55154963569ee5ff00fc3c4b331

SHA256
cae7c355deb9885ab260986c4edd5e57fcfd1b4d92d4c8dcfb2cc9ca74211799

SHA512
947ff372213267633b7f7efd939e8a04d1f8afa59dfa7b45cd53c706f4a9074f15eb89a61a94937219d73902068059e87a065eccbc7dee146e382a253e618236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fe27247bd9bd882b7524f60baed3cb20

SHA1
23bb34847cb7ba67bb3a02abf36b804f64bcdf10

SHA256
57d1446239a58079a5c4e607d035293c692fdedcc00e6a4ac5b0747866f5d2fc

SHA512
69f4f30f0113927538875d01119505a8a908c160b33e90e653b08fec51ff6ecaf804cb421c602beb3c098aecbd701a7758b11764f8bdd6e8966c6cab0bffdaad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
97966457f6079adc8022e77b027f6d85

SHA1
6d7706d9582c5df99ad17f61280609a690eacfbe

SHA256
bbde24a211dc6dcd1fe796d06d0ac8375aa34c4686cebaeff5afa01bf9e2f173

SHA512
564f402033d0148fcc818fde42774cf1a9aefbe071a152c46ddd80f9b7dac1e3bc0559942b4dcc6eb2e5e1fe06a6cc35f403db8c6cb65cb68fb45f24d3a96510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
a46b6d3a98e711a11da0e415ffbcf8a2

SHA1
dd1d6f90d717bfebb39d42c627c34a78c9cca54e

SHA256
6825e597ee08dbfd778b5cb53c60faff06157a975118878a8db590abde4d97d5

SHA512
5e207eec3e8f8022e201bbff567844fb9bfea539b632f09ddcfd83df55d31d2825e18fc8bb41b3abbc162cd2132389eb790a91ba46a5ca6817edb37be602732b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8bdbfce506fe9ddbe3395a711bafc8a2

SHA1
84122f326fd964b2b834b32db446ea36b4a8bd71

SHA256
7c8a7ae245d015ffa61d45d4dfb9e650c7888bb6fe7d3c81609ddc1be3eb7992

SHA512
c804106dbe018b398af422bd57d8042a9ea8589c974e0d637ff264af2716f5b7fce02622f08158250a8e9bfb8f9deceb6d2c320663269481b39b1b48e6c99ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
8bc12c3764c19d178bf60560768f7e53

SHA1
7567068e88ea6a6ff7e9247b77ff9e8e45306ee1

SHA256
08e1775615f76929d9fc5338b1851278ba28a6754ef6377b81a3f11fe41ea7e8

SHA512
3072087dba647fce6705306843598cef93847de527a568767768a57ce734fdea9dc40b6ace3d8c4433fc4797a41d7a202a002494031e5dd2c8af4295bc132d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
664dc0f9973a862a7bf0933df4bdb083

SHA1
10dcb9a51bc049e2e2e7536587e23fe46d99bf74

SHA256
c50d0bc252e84d08ecf45a0350ff448c6d814f3b5d4bb155e0df79172646aa85

SHA512
1205f081df9fd6073a9ef786d5bd2280f96acd270c27f3e7d2f191233e89e3cb2825c2691c828a4de33fd141d632f4a3fe145c3c6983be9dcd21d34802e0c3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
b01d18cf140bfe7ada31071bad7e9779

SHA1
a51b937b2e04c55495b81192c4b507f6dd06a62b

SHA256
7501bdd96081747a4204db22bd8dc78d91aa834b5cfc63dd2c1f366dc0d0e3a9

SHA512
8c75dd7b5d59abc82f2de740c8bea5732589c69c66940486014c47ac2d22e869e65a07a2c66e3171e035a2e611dbb0fc196231ac0ee56a0536095f7bb5f94f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
e6809d80000cc53d8f59e0462d252237

SHA1
863f59a4dbecc71f6c09920298d5f5668c5cf410

SHA256
4e718dca4ae6a906bf24c01a0ab08c0cbafcdc80f42575c8b65e4a990843d2b7

SHA512
b4baa35aa04223783c58567452d581766c688967ede9c793eb26602965bf42f674b9cb7fdb158920c84ea08619207005f184d99cf601e13958c225d0d3c691f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c4cd85dea893603cc04cf0667b1302f0

SHA1
faaa008fd838beae8d6b6e0d1effab406711f94f

SHA256
f168925477150c7dd36c7bec41cfd543e3cb6beb27417cc63aa4de658cdb1441

SHA512
41e7e726f9afdaadd4e828e1e8b02dcdd62985257e7d8ead6f25f9a86ee40d6c837f46ccf4fbb525c1ad9b42ddaba7a4cb8f6382b3f3619f1123bbe5af91b70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
25ee4989bff440965a4198305cdf6842

SHA1
057ea6d6a57c1ff37e8ad9e865e5f0dd2a6bb9d2

SHA256
56feffea24caddcc0bf7ddbe2b06a7427c06d71db47c8f3cbdb098cd3d7fa95b

SHA512
ddd9e283217212ad401548b12437cd7034d14e1772cc4d193b3f3023de58332ebba3b5ea531a375a9182cf7f90024d9ca1e42066a7a02a9bd7f0a74c81f32a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
b3c9cb0836ce3036b5a06494865b8750

SHA1
4110fb2a5400f133e3ded9eeea910b5a7433e7ca

SHA256
eb6fabe8b11f04a101958c2fbf6f3472e940b6b9c5fa953fc419b3ad4fddd324

SHA512
267dced37260a960383bc51930329743d655803d51d844a4c0537896df32c9d852168b389c1e64a300cd0b080b79cb09bee1db5225055527443807da5f6789eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
c5c51edab5e0e6152acb77042aa36b58

SHA1
97b18355bf82dd36af7d14e08a139421479486d2

SHA256
c4fc81370c3af040f54b5870e5ef2d12d57b5a7b52577f44037338f5bfb28c2b

SHA512
e02efd0a4c62e9c1cbea6ff3b160282c6cb0d35553add42a7bde46db7e221ad9bcb9a6c4d53eb4876ae426915443baa963b2da0a6d5cb14aca760af9326a7b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14a0abd7fab650707c1ed81416cb6819

SHA1
17810878747ca0c7260071d119d7e1143cfe5afe

SHA256
130daa05fcc3e4161a403d05d09b1fd7ad46bd554d0009602539e3738c2a83f1

SHA512
63f0b3a5c068769949483e11c2299f5626a91e200dcf12e4a69b0f5bf349ef8419c339769cba24ff4cf92b4c74c937fb51eae18ac8fe617b25eae78cc0929869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8811dbc57a1c60f3d56c30730f8342f5

SHA1
85c1d13734027cae5dcef7c3562101a3ff3f82a3

SHA256
d60093f9a3fa89ee7d355f90a25219c9e85719795325965d837b49a51a70e261

SHA512
967a1b0a26b8bec88e7aa4e7729afb44a20b517abb425bd2797d1564519cbb5a92426f2e2fe07cda1fcc2abba7d347b4d862fc0334f813cf3348852d03ef542d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4deea4aabf4faf120e0f4817a529bc8

SHA1
62d8d23669e99af5a66bdbfd5996bfcf0d003662

SHA256
e0e72a337c8e074a8c846a391e4288464933d0c8b8493d1a80a5cab5ad9556d6

SHA512
e64e5666f32ecd4d6e2d47399d621f99969a58057851811ecae5ff3d46c6e5810dbd7e707a3bc33f7da58bff5d5d0a94ee0d1949550b76c34795bc35c49792cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
1f76d6954c7f58d07c09e696f521b632

SHA1
0a97023fd2b79f447c723b9cfb0dcb0b3db266c5

SHA256
9410bb4267982a8a49dc5e5a51f65bd2298a3c555ba1b1d3d677eb94ea234580

SHA512
820ce9e5628be5dc5dfa00d4df24dbc5b8c5298d45d675dcc46c92020b85c601ad454de900d4023e0871bbec425f2cc439851246fcf428ab30acc11b23f01227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d9b2e83f451dd776c4c3a83cf97bb408

SHA1
f42ad4bbd46a85ec6964e007f4c6d965414688e1

SHA256
69b7760943916c1b3151898c91963bcef0ee4ba38832828bdfa5f079c3554ecd

SHA512
33d025fc6333e6aab2c4bf03eb0559de57b052dcf4fc01cc002be2c2ea705ba95601a27f0ea571d35654e50070e71f58345bbe43b2369ba1dcbaf93e3be10d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
165a8c0078f90041f1eeb210f3b7e12b

SHA1
966057e499cfb825950dd2b8795dbafd87da5851

SHA256
6bf27c23660a1cec1f6814e8238f3f31b3a5b54daa562efdec3280ea179e717d

SHA512
0d37e82ac92e6fedb74ccd11ee6a2ff92a4dd0cca53dab62a7e62d77824f87061470b39b1e789426140aca5609313df0bc4e4aba103da5f9878c31072464c7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
255aa19b67490e1518fa4a04477a3df6

SHA1
40fee0f68f943abd3101a333ad01a5bddabf8a45

SHA256
6d1e135539806569b08cbcad32c7a9d9bd3369c54206fb2ebb64da486b6dcfd1

SHA512
d40aa84b70d43d04428c8a69e4e6f0060cc9d3b8ff09702f8d05b7219855646e60a5cdc1f9c7c6e54134c621e52825d361668f8019eeddd509702781827304b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c19fd58d2200323b9f72c32cf776efda

SHA1
9cbe62632cb880ca2e95c31567cff1bef1e085d0

SHA256
54dcf0be98d8461c8a69fecc8604ed80564754dd61d5d3abe7025003a5659087

SHA512
1c9cb5441fcbec84cf352d56ea18350205ac75cefb6e148d5a57a04f3d4b2e29101adf8e36f47d650c64f7a3047654a039331b5f1dc9aca736e0018362fdb4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c39dad62dd538851fb60c19c99e69f07

SHA1
eadae336acd31675032b1d63df15f92d115128bd

SHA256
c7106873e9b03cdf99c494da4b3e6971768f7be1b51b7dbb0692981e8c20b7d0

SHA512
cd261953dfc5c6b0f388f7ec9f5fdccb716e1f3652c0826936233df3fca053288c271d25a049d73b44438d92cc2206f02f4c0b7b6578a9bfdfbcc468cf46b524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
90798d898fd0e55dca193848a8688241

SHA1
c36696468e688e2a79aed198b5db4da4ff972ac2

SHA256
e524bb453f49410315312721a0ef6012912b3295b69ef9664829c1fc9e687210

SHA512
8f0b7d01c58c666f2f76d9fa21e987203e38941c20fa3c2d9acc9cb3eaa7abfe3bed2df3642d3174b385efc78124ea717d938737d3cdabd137ebbe5aefba695c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f23316e36e5d22eebf17f5cc14fe3a7a

SHA1
eeb722ef61a3be306310ebd11c6af04cf3e14854

SHA256
f0ffdb2135100a5c22c42db537a98beaf6a00498b19c3b07bf8c267497e72537

SHA512
d02a0dd318c35b070084d4ae668260383b5d7f8579ddcd562c8c23e74c80f161c9541013bc2484aac6be8c5f670fcaf0d666888e0b49fa070cc1decbc7bdb88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
57a22dc3293fdcd881391bdddf1494d4

SHA1
e5ce6aece2b83f43a6c6bfc9c065e26c23e34037

SHA256
d7cdb90e4e100f881a63a3cc5ece0fc544daa80f4cc28bad74575c4c78d423e8

SHA512
f3fcb2d93a6ae4ba7d0c10a9787dffd5c929bc351f1d7e3d905196a5a8247cc989e9f8788d156c5d4a4a07ccf44cd6383a778c73f4d8c7b83dc2cd494948a71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
93e7a58ba8d32bb8a43ef296aad91da1

SHA1
a1e1cc50dd66dd13e6f39cb52635744cdac02c2c

SHA256
c56d04d70310713a8c6f0d4c73561ec3dcf34ec6ef06acd16678e1f947539ed1

SHA512
a840d88e8e14f0e62ea1698271943d5616c99c4f269b21abc164c1f64ae9d7cb91adabcc8b6deb24dcaab46639c341b993009d158708f9a71a0d0653743c597d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
555ae20d6723cacac1f987357187e02e

SHA1
67fd4361db3888d2b90bcaf2c8d2fd0c96dde3e3

SHA256
e6d3d2f013b303ea7bddf78fa05f7d8e1b3104f1365ee63ffbe9ef0ad5acd341

SHA512
4b88d5f184fd0afdfb6c6fa6823b76d71ba9c3071f5bfd40db41e95da4ead2661fee861edca919f23b8ffd1556ba49d710f0d3a6a48a28e1379427c8352c5eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
72bc5a132ac27007b855400f95dbcdc6

SHA1
9a6d785c94287fc88c6b8962e9facb0fee988041

SHA256
fa24a77b2d1ca592627ba6eaf1cc6d266708349f0d84f82a9bc9cc5dc79bb534

SHA512
ea824bebf2824db0ed506f73442a6821ddd7c0bbc0f400bac788b7b51e28d69269c10664c3f6566c11201269c061259f2d3eca5db3dba6caee3e3aff6d4192fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
dbf0b950595f981bad43a6dcedf8b675

SHA1
21b405749ab1d2b0b63c6643d78788e0e11c280d

SHA256
4a99164689b05bcc553189cd284ac35fa33f80eed0bab960d8114c79ca2105bc

SHA512
ed37fc3d8ac832a40fc3e1fa3cfcb62ded8dc98b9bfb8ef65514394bf163a773f8eb6cb38915142f56d980ec56599012a9c69a74913606534d0af4aedaa1aaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3df7f51f3e97c22126f3dc1fb11f5626

SHA1
97e44bf94691164f3f9d7ad57479a8c8b27cf68e

SHA256
55e80e05e4d99e84323178aa506d7b3a96b0d1d2b412da6efca07ec2e85cc1b8

SHA512
5013ca5083b1dd778b9723e3409e707ce1473dd65a5d4e5346d363b226365e767a161c60047317510a1b6b0eae85786a1d8a632f96d4203d5a3b9b834b3df2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b3f2235b75ab806a6ba606446ad4fec2

SHA1
8928e8f9d740e1e17407a32f066399f6eac245bf

SHA256
7ff9e6c8498d30c184cdfc9a9de93e845206f6712b792779224d7df44301f23c

SHA512
1b0d72f225712892ebaa12c94059eead05eb08cbef18ec3a1fb9d554df5e86881f9397a43a0ae5152e8548bcfc52e99ff8232c1cc5dc7f65f29ec629c5be5c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
78960f552ce87949fd71a1baa454cea1

SHA1
999b38bac33ae9cbb8b8832d501dd762c21f1d5c

SHA256
eb516b706e63a487bb81d3d1a87f9aaf73a1ced3cc7d5685b43aacd1b1bd594c

SHA512
9d46d84ee91b16db0f3075518109a97403d58924b5c5cd814f32c11d5e0d06bb992aa24da20fe565b790a405cde64703a9380942dcbbe49b9957b2d102d4ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
32bc816ef5bcff70aa064c99531bc6da

SHA1
19b4d6fee30a160c340c8c59c8749e6816e76e17

SHA256
2252e591d6931ed4c161b98096ef3c06d2c2295c21fd2b3a75f6659cd01c73ad

SHA512
c45ac00b22e8ebde7568d4ed2aed2d201967c00e76d70c2ed92ab7d9964401e99a707ff339f9b60483fb10f0011f887e09c750ddb7f936e4e7c0b44c58de9ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ff2609cb1bf91ef6bb3ffd478d0d6734

SHA1
d814df2c88e216565695c948e401f72ba7b32efe

SHA256
09031004ff3a9b712b1317610f3c5adad4f5006b79c228d08760ad6ae310aa22

SHA512
fd4b7dbe3b9b7a1f9872531fade196908ab8c328a1d9062c271586495860f9f3e8b110ac34116041d031294f85c5cea4a4e02944767e9f86fa1e5b0308cfed27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
fdcaf3e0b5e7f95e0fb99652fa9a80e0

SHA1
76a6d9f9e275401b6636c2f550dc4f81cde72ef6

SHA256
46cfa4674e790966ce4cad0dc2ab2ce2a438cbcdefd997ee0e453c1c82818aa0

SHA512
9a19028cd0c5990fb3e2f0822cab86c0677421fd6c4e80369223e6e598994ed4ba8e921bdf9ce7719eb940a1e81875426f8378a5ee6a39bc7a922bb3cd0833e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f0e5aacacb2c3689f4b0799f9d195795

SHA1
537e26c0e058bb823e361b444145a4bc318aec69

SHA256
05863b7887255c3a5806cb3f0edc73b984d4a8b5a9fa88d2988e77b609df3dc5

SHA512
689a5b89ab5e89ef808cb54d57efa992b48eaad6da5eaface8b3d34e81b5e2573c439c11e0c96d3f328a26b8aaaafb680210fc25d57e3e2482ab3e04f94aa344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
6a2537882072b24725eed79dc00fb1f4

SHA1
e7c16c524ef2886b03216eb9fa9bf7871af0071c

SHA256
cc56148e67ac5f36f70d236080215c845656b3c3e4cc243b209351aca867495f

SHA512
6178d9ff6658c02b914b3309fa6ab24613e7bbef14c071895352546450d6b9e6d55375639abfc0917caf733fa1b04a79376b20bcacb6d63d7fdb26662b238887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
270e09c3baa058139f3e521ed22f0c3b

SHA1
c9ba791b8765b65ddd978ec2119253bab1cb05cf

SHA256
20adde8d23df5a2f3f96862f83e31ec5f89ec82599b80936f63a84bcd3e75942

SHA512
e19fbe95b1bdc9ee8f7dee4821c94a23ed8517efd2e6782c677c6ec864970031146241dd4b0bc418a85ed1f9557955728b0f24b6e9ad189c2c64e45dcbf8c9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cc33775cf51917cc14e4df5ffd13cc53

SHA1
95e296a4da8923942887353dd81c7b840ffd80d8

SHA256
a8921d898ea342f5726b5746dbddc4ca4e585266568cf48c6c71e0cc7babfa54

SHA512
15fdbd434340a5f73821d6074c48c388cf84b6f8c3b34ce106527fecbf1cc04faab3b08c1f50355a342b967d593ad604140c9037f4c7988c5684e72b1b7b73de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e283ba43dfed9375e4aa252e941f894c

SHA1
04e4c319b660194ca582ba973af6a4e0c7c5baff

SHA256
e4bb4eea372c2109a3621c5ed9d82a60697408ad748a080620ac13e0e8296ff6

SHA512
4013a4ff333cc81568e2b9ac8dc930e4f9c684091cef46c7811b2d34ece344310472642b9c9f79438b2d00d429269896b610ffcefcfbf3b25c331d3cca73461f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cb152aafe39f7136cd62d7abb9231ca9

SHA1
4d77b211b4736b6dbde8861353cd7911f11c5d74

SHA256
ee896bd8e0d895ebbd69cb3981e1c6442e7e96968d466d55fdbfc44db0af805c

SHA512
390d95b6c71e36ecd9d5fa5cd57df7c7a7802325e5e82c8c36cd07dfd50eea0dfe90380d80f46bd1007f43c248370f5313961e95efe9c9a4ac62965b4b4d21de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab08e3a496af71940f60d61c2778c32c

SHA1
472c4b989afb34867630c36b92b653ba2bb40295

SHA256
569e851dc475edd8362e37461467070cdecc82a4d62624c059fabc1c9797ffa6

SHA512
8645a28006a6fcfe225fa68ec7bee021cd90b4aa67b2b71159c9a7528c69a1e8afda0e87540e571b02b4202c264c432486b1780e8a70e7ec72c420cc840d991f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a4b24657be971572c99b5b172e03889a

SHA1
a3c0088e6bb0d45ca4ea72b7fe9b2f30dc35eaf9

SHA256
bd467732702160050c1a69fe3fc3306e92bce164bfb1e260740655a7abcad1db

SHA512
05df4db0b1f8f4b62e7ac65e1629e89e3878aee28958f6c3122589b93bd6ce2b6a98e0f5ddd14fa14b70b19675fe6c3d758c0669295cbc8c74d06a1e8d6d5143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1082d342fae7b35fd6bb2f25bd6886ff

SHA1
37afecadee29e7a5cff9afebb89db2bbb2a7928e

SHA256
3930b54d582ec0dc7f00bfd132536ca8e6eb37479e5c95776ab8e127ba805c61

SHA512
2a0de851d58f56eb2aee9c0b73855495542a2264b0fc522d6420a448f9478fc2d7c510400a6d26b6b19db5a92f253311cfed77af62c7c5fdeeb1242e402f72cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
719b1932392759a19e46eedf584a5120

SHA1
57d1fc83b18931af1f97b1f74f45ef0e732ad34b

SHA256
262adc6a23927e6b80cf3abff8f97541a5572ae79245bf0fc2d51f77cb79b944

SHA512
fd251d1102bb3cf9e3b1c675fd30d81c70a6c48e66b1a2fed482cd2e8daadc8960612746f0b540e0841cd11faf438aecd261c013a88b083779e626605849b354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
423339826ef759858417299a165aa8e8

SHA1
3c8ccb1d84c485c30d7993ea0e61141525ea7b5a

SHA256
ec488df95890e4e16e65248913f26c810e11da259bdf3c231a5d2982dd82b549

SHA512
43bf4159b3eae0fc3cc04a0e33f13e7577c77b47d96be4e06e7001d25263bb6eb0f9cc289cd2b99fa0d4ab9e03c2d0829fa16fe80c6e5501e2e1fcc3a5f8fa61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3eba3157878144f7527179f6bddf6aa3

SHA1
b762d810088a1a9485f46431d7db4017fdbf1937

SHA256
bbdb3b56a63b5da1186a5ac4f30c69ee2688a7cc01108407b9af8432c310c38e

SHA512
9018230bb61dacc1aeeb29fed557b467920da98e438316a7cb2b02145032b77368dc530a4332688e16768b992212a3417d541263d470ba199074ee4094a3094b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
81fdecc4eaad4f3cd5ff42b4f2650e5f

SHA1
eaf9b1e1258a0bbdd74bcb5d178f0b2a02f6d186

SHA256
801b9ce3d37c3455d35ca802be2f274a8f35db2e6ac3a05953eb6a4bd4e9497a

SHA512
b8fc394a6bee5deee52c33306d5087a70f7252f101b91266114424da794973d696bdb44ca741b88249e37d7533caba6b6ce5061dddd256c08130cfb31488a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
333bbbd97cc2c162dac7d0b51adcc27a

SHA1
74fb38f89d29c648332722d6adf3784eea5ed39b

SHA256
e25cd3067258f546fd64fc7ee6457ce6006a0b3182f5499189c90a1cfadac088

SHA512
8bc9711626dcc68ef601f033d50c5f2d1461c0bf89e78387f169a3e6a055939164ec4f86eeda2acdeefb6a8e207be1bc372d1799f70a87968b2b55927d638100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
41b78b14da4ba6519d73728afcd7f605

SHA1
c57e3dc2d6117b6907ac7c94051719f2373dbc1c

SHA256
5d97064652a9d718bdd1341ff6cd8444328caa8caeba72b33422c0a19b676f6a

SHA512
4b1334c7ec10bd1bf7854e82f9fb200b224245f0259c0ab32f55a93655ac17328988453f36191fb025272df9014a078fe48f91bea0f35aa4253837874918d50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
950f46ddbdb99c2848d9def4c59d3901

SHA1
a96fd160eac4708dadfac742dbeff9f3ac116bfe

SHA256
b14e0b3e8589701b3f1e31a2fe827b501c77b174fd1b9ecf9157980e7af30f62

SHA512
bdc0cc35763a2021c05045d2e6d09a1ad390b183e8789dffc4eb6906bb5aa1fbfeaca0ff2235e3616447f43564711e7726cde9639afc61dbd799deb3ae1b34b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b362.TMP

Filesize
204B

MD5
1d319dea90d0fd406f8a1b45eab322b7

SHA1
0a6c812dee948b2ac9babd0721d25c182d0c830e

SHA256
5b772074e580561825510591b1210a313d07fab7b0d88e08877759c69297a5f0

SHA512
9e9c3cf8029ea73ec72051cb5c05cf4cd3e03af93a965defcfe5917cdcb7431e71fd3b61dcdffe50f2500c6cff7c93f709eb87bd7a0286bee5167e88c665d5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c186327a-e505-46f6-a373-a24948a46c06.tmp

Filesize
6KB

MD5
a837909c7c8dbab2736159aa8ffcdf20

SHA1
fd73efff296c1c7787540505da3309deae504d8d

SHA256
d1fd3e7edff800ed87c6b774d110b6d60ee7587693f57ae5826864ee151fa28b

SHA512
1510a0d07b7f1a2d36faa69759fbd076a29f0e002ed1b1b8bd69e8c17ea06818257b09461f62920db0d6fb215d3a4fd52b1a2ec30adbefe04ba9b4d011881479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c9a3c6e8-77f7-40a9-b4ed-0715f2d0157a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
27173ec530ed2963bb5e5c97ddba28d0

SHA1
55a43c092d6ed2cb5be83865f2b833518e5d911c

SHA256
6a04bd85808614d311d851ad8770ffb163314eb447eaf4db986952c282b55c88

SHA512
57f1b19245d41616ea173bb17eb04a3271c816e2a5edaceff9b0b8db82f1ebd6a00600234feff710b551a2e34263a4161f7fb68e11fe915a017e0f6016d1039d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ab6b24ad4f235113234dfd8b406da86c

SHA1
5060482e61c78b5dd27d360819995644d972b014

SHA256
4fbaf0c3c56300e9181f787b3b8aedbc47928bace737939844448f4adaf7e48a

SHA512
367800ceba079205052d665a94a7d28f2e9685492ce102a4bffccc861f08b29de783455b66d4887e782f07b3a518e67168f0ce6c32c47db1a9f850b440cd744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
92c21b9b0a2023a7612857c6fbb33e6b

SHA1
31b4f13b5d7dc7984391288e35440e8e3068b02c

SHA256
8981ee0bcfd2314b51f0baef6f74231bd6dbc51b1b0bf0494c23f336184d4832

SHA512
7c8e4afcb009a31b208cf1e963e03a93c6181e1dff9be4467b26362559ebb1ec3866bec9ff80a29758402d7bff3c2be11e87d79ac756160acc8c0fa8ed54ddfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2e7d0dd20b3bbdffe2badf62cdc942a2

SHA1
ea96a103e0b6c02c03d6a5ca8bec0fea4b119229

SHA256
024b78f297659ddd5a15b1bf4df5b9549eb17639cb18c5baccdd4cbf4dac7565

SHA512
ac8c02106443e3f8f3e478651a668dc2390d34fcb056d5312b67f92cd8b41242811cccc8be5ac35555c50412593181ab4ae263c3313c27cd3c59cb0f15dabc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
67b545e412de8acd7ca4cb99a16fd771

SHA1
d99e5a4549a0ecf3689499721e938856ecb204d4

SHA256
dc1844524cd54cddce5bf8ba03ddbe07bdb047afa248afc690b6e8c3a14a046c

SHA512
d9391667a293ee4d8f1d9a5ae23114b08acada00a834381ad4366f6a1b7e415316c088295fdade0b661be619d30e946a9c23ca0172cb77f04a8455d20ea6440c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dca07fceb07f648eb8820b3a9d1fff5b

SHA1
12af6bbcada103bee765580b51368c68644fdc93

SHA256
90671cab90c07926ac8207919d4862d4eb877549f105700acbb771985d7204d8

SHA512
179ea26fe4d2e51dec36898e67250c9d707d2fc87bb47e5406e4346db69b853afa5df798fa4f4238f0678781c9ae18a1bc47737c51b25a05ec080baed982c215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f5de8cbbcbab2eb6a6ed9fb9dda8106f

SHA1
9dae9b672c1f52dbaac345ccd3d4d44b1839a03b

SHA256
d293a60815c7ec2e88a4dce754e309b37bfd332fb2d94248a4cf5b60af776a6e

SHA512
82fdb2b280f515932245265ef0455a08d54987cb79d4ef759b981bedb005378b6fb04c6ffc51429a898954ca8998da322ebdbf42fb7168a4db994624f6ce5d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1a70607801e3c5fb1151ebfed25a9fd7

SHA1
4bf573da03f6756f0b2ff560f7e9514fa779c8f4

SHA256
93a4e1c8cb134f776ed5a6443c0ff71637c7e35e7d74082acd6477c968fd4905

SHA512
59392d7d7bd59b6f569168cac159f85cf8897ef3a5db1a9131b51d7fa7672d905819db6dc0d3d09ae9da15f0491b80964572b2f693081299a4a90c81241a173f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 285019.crdownload

Filesize
2.2MB

MD5
63bed05bd9bfe0c3dc08d5fb8c18c09b

SHA1
309c9e4cfd044c32d884678067c9d217e3c927b6

SHA256
d782fd0ea5be0d0fbfc98b8c25be950f4a779cfb158d8948dcee9e65f0299956

SHA512
22f8e94e866e3522d6a5ee5ef08f6cd9335eb63aaf6a78d514d6ce78dc688c769ef54b3bac2806d5d0044f0cef20336d7efa91c08cbc047d88550d757598d605

Download Submit
C:\Windows\msagent\SETD3BF.tmp

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
memory/4384-3721-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4384-3508-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download