Analysis Overview
Threat Level: Likely malicious
The file https://arc.net was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Modifies Installed Components in the registry
Sets service image path in registry
Drops file in Drivers directory
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
ASPack v2.12-2.42
UPX packed file
Executes dropped EXE
Checks installed software on the system
Adds Run key to start application
Blocklisted process makes network request
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Runs regedit.exe
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Runs ping.exe
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Enumerates system info in registry
Modifies Control Panel
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 15:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 15:04
Reported
2024-05-09 15:26
Platform
win10v2004-20240508-en
Max time kernel
1286s
Max time network
1266s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\NirSoftBlueScreenDriver.sys | C:\bonzi\StartBlueScreen.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NirSoftBlueScreenDriver\ImagePath = "\\??\\C:\\Windows\\system32\\drivers\\NirSoftBlueScreenDriver.sys" | C:\bonzi\StartBlueScreen.exe | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\BonziKill (1).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\BonziKill (2).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\BonziKill (2).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\BonziKill (1).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\BonziKill (2).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\BonziKill (2).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\BonziKill (1).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\unregmp2.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\certmgr.msc | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\SysWOW64\is-7I7C5.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Windows\SysWOW64\SET691E.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SET6A23.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\speech.cpl | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe | N/A |
| File created | C:\Windows\SysWOW64\is-N1STO.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-IEAQD.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File opened for modification | C:\Windows\SysWOW64\SET691E.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SET6A23.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-EAVE2.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-TKAOK.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\Double Agent\DaShell.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bellcraft.com\mash\mash.ico | C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-71LJO.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-R5JVC.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-3O14B.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-5KAFN.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-KEHJL.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-OGS15.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-HGJEA.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-SOGSG.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-7SJ2N.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-H37KR.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-0BT8E.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-518Q1.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-N8091.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Double Agent\Setup\DoubleAgent_x86.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-SKQ4O.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-FLI5I.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\Double Agent\DaServer.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Double Agent\DaCore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Double Agent\License.htm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-RBIG5.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-6JDN0.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-M4288.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-9O2UF.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\Double Agent\Dev\DaServer.tlb | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BellCraft.com\MASH\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\Double Agent\DaControl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Double Agent\DaHandler.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-GNMHC.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\BellCraft.com\MASH\is-QCGON.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File created | C:\Program Files (x86)\Double Agent\Setup\DoubleAgent_x86.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Double Agent\License.lesser.htm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\intl\SET6608.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File created | C:\Windows\msagent\SET65BE.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File created | C:\Windows\speech\SET6AC6.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\assembly\tmp\5V4YN91U\DoubleAgent.AxControl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\Y9ES0CZ4\DoubleAgent.AxControl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\speech\~TMP4352~.TMP | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\msagent\SET65E4.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\speech\speech.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6B59.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\msagent\SET65E2.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6AA1.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6B58.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET65BE.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6B57.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6AA0.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\help\SET6607.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET65E3.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET65D2.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6AA2.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET65D0.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File created | C:\Windows\speech\SET6AA1.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\vcauto.tlb | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\XTel.Dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET65F6.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\help\SET6A34.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe | N/A |
| File opened for modification | C:\Windows\speech\Xlisten.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\speech\SET6B79.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\lhsp\help\SET691B.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\speech\speech.hlp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\speech\SET6B59.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\INF\spchapi.inf | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\Installer\e624eb7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6AC5.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\speech\SET6B27.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET691C.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SET65E5.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File created | C:\Windows\speech\SET6B58.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET6609.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\speech\spchtel.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\speech\SET6AA2.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6AA3.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\speech\SET6AA3.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\speech\SET6AC5.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\vcmshl.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\speech\SET6B57.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\WINDOWS\SysWOW64\mspaint.exe | N/A |
| File created | C:\Windows\help\SET6607.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File opened for modification | C:\Windows\speech\SET6AC3.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File opened for modification | C:\Windows\speech\Xvoice.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\msagent\intl\SET6608.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File created | C:\Windows\Installer\e624ebc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\speech\VText.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\msagent\SET65D2.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File created | C:\Windows\msagent\SET65E3.tmp | C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe | N/A |
| File created | C:\Windows\MSAGENT\CHARS\is-T7KVK.tmp | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| File opened for modification | C:\Windows\speech\WrapSAPI.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| File created | C:\Windows\assembly\tmp\VVATG60Z\DoubleAgent.Server.dll | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\bonzi\LimePro.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\PING.EXE |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000c9712a8ab103c3e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000c9712a8a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900c9712a8a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dc9712a8a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000c9712a8a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Colors | C:\Users\Admin\Downloads\ArcInstaller.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1147E530-A208-11DE-ABF2-002421116FB2} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1147E530-A208-11DE-ABF2-002421116FB2}\Compatibility Flags = "2228676" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2}\AppName = "DaServer.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2}\AppPath = "C:\\Program Files (x86)\\Double Agent\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2}\Policy = "3" | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Programmable | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\MiscStatus\1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F440FB8-CE01-11cf-B234-00AA00A215ED}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A05-459B-11d1-BE77-006008317CE8}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E505-A208-11DE-ABF2-002421116FB2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\ = "Microsoft Rich Textbox Control 6.0 (SP6)" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BellCraft.MASHScript\ = "MASH Script" | C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4E3D9D1F-0C63-11D1-8BFB-0060081841DE}\ProgId\ = "DirectSR.DirectSR.1" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E549-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E550-A208-11DE-ABF2-002421116FB2}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9F11A95-90E3-11d0-8D77-00A0C9034A7E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A9-DA1A-11CD-B3CA-00AA0047BA4F} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E547-A208-11DE-ABF2-002421116FB2}\TypeLib\Version = "1.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A33AA0-44CD-101B-90A8-00AA003E4B50}\ = "ISRAttributesW" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66523042-35FE-11D1-8C4D-0060081841DE}\Insertable\ | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{1147E537-A208-11DE-ABF2-002421116FB2}\Implemented Categories\{1147E500-A208-11DE-ABF2-002421116FB2} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff | C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip.2\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF2C7A52-78F9-11ce-B762-00AA004CD65C}\ProgID\ = "Speech.VoiceText.1" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E55A-A208-11DE-ABF2-002421116FB2}\ = "IDaCtlBalloon2" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1147E552-A208-11DE-ABF2-002421116FB2}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\FLAGS\ = "4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89F70C30-8636-11ce-B763-00AA004CD65C}\LocalServer32\ = "C:\\Windows\\speech\\vcmd.exe" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A26D7621-6FA0-11ce-A166-00AA004CD65C}\1.0\409 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2C840E0-E092-11cd-A166-00AA004CD65C}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6469210-E095-11cd-A166-00AA004CD65C}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEE78591-FE22-11D0-8BEF-0060081841DE} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1147E561-A208-11DE-ABF2-002421116FB2} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1147E533-A208-11DE-ABF2-002421116FB2} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E506-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E501-A208-11DE-ABF2-002421116FB2}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E543-A208-11DE-ABF2-002421116FB2} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\ = "Common Dialog Print Property Page Object" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWow64\\MSCOMCTL.OCX" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\ProgID\ = "RICHTEXT.RichtextCtrl.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\TreatAs\ = "{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A5-DA1A-11CD-B3CA-00AA0047BA4F} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E526-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E501-A208-11DE-ABF2-002421116FB2}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A8D6140-E095-11cd-A166-00AA004CD65C}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1147E53B-A208-11DE-ABF2-002421116FB2}\InprocServer32\InprocServer32 = 33002d005d0073005400750051004b004c0041005e0071002c00300036006b004500720062002c0043006f006e00740072006f006c005f007800380036003e005a007100630028007a0027004e0051006b003f00550054002900270061007b0039002b002a006b0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E50B-A208-11DE-ABF2-002421116FB2}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E527-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E501-A208-11DE-ABF2-002421116FB2}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1147E516-A208-11DE-ABF2-002421116FB2} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}\ProgId | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E503-A208-11DE-ABF2-002421116FB2}\TypeLib\Version = "1.1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E516-A208-11DE-ABF2-002421116FB2}\TypeLib\Version = "1.1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EDF1AB81583E1F4CADD2783223EE1E1\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 709482.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 435251.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 967646.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 350908.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 469161.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\WINDOWS\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe | N/A |
| N/A | N/A | C:\bonzi\netscape\navigator.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\bonzi\StartBlueScreen.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\ArcInstaller.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://arc.net
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\ArcInstaller.exe
"C:\Users\Admin\Downloads\ArcInstaller.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://browserco.typeform.com/to/k37wtsev
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 /prefetch:8
C:\Users\Admin\Desktop\BonziKill (1).exe
"C:\Users\Admin\Desktop\BonziKill (1).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Users\Admin\Desktop\BonziKill (3).exe
"C:\Users\Admin\Desktop\BonziKill (3).exe"
C:\Users\Admin\Desktop\BonziKill (2).exe
"C:\Users\Admin\Desktop\BonziKill (2).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Users\Admin\Desktop\BonziKill (2).exe
"C:\Users\Admin\Desktop\BonziKill (2).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Users\Admin\Desktop\BonziKill (3).exe
"C:\Users\Admin\Desktop\BonziKill (3).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Users\Admin\Desktop\BonziKill (1).exe
"C:\Users\Admin\Desktop\BonziKill (1).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Users\Admin\Desktop\BonziKill (2).exe
"C:\Users\Admin\Desktop\BonziKill (2).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Users\Admin\Desktop\BonziKill (2).exe
"C:\Users\Admin\Desktop\BonziKill (2).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Users\Admin\Desktop\BonziKill (3).exe
"C:\Users\Admin\Desktop\BonziKill (3).exe"
C:\Users\Admin\Desktop\BonziKill (1).exe
"C:\Users\Admin\Desktop\BonziKill (1).exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7668 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\BonziRogue-1\README.md
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8
C:\Users\Admin\Downloads\mash_full_setup.exe
"C:\Users\Admin\Downloads\mash_full_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp" /SL5="$F02EE,6008127,53248,C:\Users\Admin\Downloads\mash_full_setup.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\COMDLG32.OCX"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSCOMCTL.OCX"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSVBVM60.dll"
C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe
"C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe" /Q:A
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AgentSvr.exe
"AgentSvr" /REGSERVER
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe
"C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe" /Q:A
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe
"C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe" /Q:A
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe /q:a
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\DoubleAgent_x86.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe
"C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe" "C:\Users\Admin\Desktop\BonziRogue-1\BonzVir.msh"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x4ec
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ADED4DC073ABACB2B777A96D453C73AE M Global\MSI0000
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Double Agent\DaShell.dll"
C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe
"C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe"
C:\Users\Admin\Desktop\BonzVir.exe
"C:\Users\Admin\Desktop\BonzVir.exe"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Users\Admin\Desktop\BonzVir.exe
"C:\Users\Admin\Desktop\BonzVir.exe"
C:\Users\Admin\Desktop\BonzVir.exe
"C:\Users\Admin\Desktop\BonzVir.exe"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\bonzi\midi.bat
C:\bonzi\clippy.exe
C:\bonzi\clippy.exe
C:\bonzi\netscape\navigator.exe
C:\bonzi\netscape\navigator.exe
C:\Program Files\Windows Media Player\wmplayer.exe
"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\smash.mp3"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\smash.mp3"
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\bonzi\netscape\navigator.exe
"C:\bonzi\netscape\navigator.exe"
C:\WINDOWS\SysWOW64\regedit.exe
C:\WINDOWS\regedit.exe
C:\bonzi\optimize.exe
C:\bonzi\optimize.exe
C:\bonzi\bob.exe
C:\bonzi\bob.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\bonzi\start.bat
C:\Windows\SysWOW64\notepad.exe
notepad.exe
C:\Windows\SysWOW64\calc.exe
calc.exe
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\certmgr.msc"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\system32\mmc.exe
"C:\Windows\System32\certmgr.msc" "C:\Windows\System32\certmgr.msc"
C:\Windows\SysWOW64\charmap.exe
charmap.exe
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d21ed9dbe24c439c97da58a2a37535e0 /t 512 /p 880
C:\WINDOWS\SysWOW64\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\bonzi\LimePro.exe
C:\bonzi\LimePro.exe
C:\bonzi\LimePro.exe
"C:\Program Files (x86)\LimePro\LimePro.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5640 -ip 5640
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 660
C:\bonzi\netscape\navigator.exe
"C:\bonzi\netscape\navigator.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\bonzi\nice.bat
C:\Program Files\Windows Media Player\wmplayer.exe
"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\nice.mp3"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\nice.mp3"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\bonzi\end.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 15.3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\bonzi\boi.bat
C:\bonzi\blue.exe
C:\bonzi\blue.exe
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\bonzi\StartBlueScreen.exe
C:\bonzi\StartBlueScreen.exe 0x12 0 0 0 0
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=54984174387200 --process=176 /prefetch:7 --thread=12148
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13352 -s 372
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 696 -p 13800 -ip 13800
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6148 -s 328
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 700 -p 13748 -ip 13748
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | arc.net | udp |
| US | 104.18.30.160:443 | arc.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | releases.arc.net | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.201:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 201.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o298668.ingest.us.sentry.io | udp |
| US | 34.120.195.249:443 | o298668.ingest.us.sentry.io | tcp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browserco.typeform.com | udp |
| US | 107.21.208.191:443 | browserco.typeform.com | tcp |
| US | 107.21.208.191:443 | browserco.typeform.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.166.122.92.in-addr.arpa | udp |
| US | 107.21.208.191:443 | browserco.typeform.com | tcp |
| US | 8.8.8.8:53 | renderer-assets.typeform.com | udp |
| GB | 216.137.44.64:443 | renderer-assets.typeform.com | tcp |
| GB | 216.137.44.64:443 | renderer-assets.typeform.com | tcp |
| US | 8.8.8.8:53 | 191.208.21.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.typeform.com | udp |
| GB | 18.244.140.48:443 | images.typeform.com | tcp |
| GB | 18.244.140.48:443 | images.typeform.com | tcp |
| US | 8.8.8.8:53 | public-assets.typeform.com | udp |
| US | 8.8.8.8:53 | cdn.rudderlabs.com | udp |
| GB | 18.245.162.128:443 | cdn.rudderlabs.com | tcp |
| GB | 13.224.245.80:443 | public-assets.typeform.com | tcp |
| GB | 13.224.245.80:443 | public-assets.typeform.com | tcp |
| US | 8.8.8.8:53 | 48.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rudderstack-control-plane.cdp.prod.data.typeform.com | udp |
| US | 52.73.117.31:443 | rudderstack-control-plane.cdp.prod.data.typeform.com | tcp |
| US | 8.8.8.8:53 | rudderstack.cdp.prod.data.typeform.com | udp |
| US | 3.91.108.210:443 | rudderstack.cdp.prod.data.typeform.com | tcp |
| US | 8.8.8.8:53 | 80.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.117.73.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.91.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logs.browser-intake-datadoghq.com | udp |
| US | 3.233.152.251:443 | logs.browser-intake-datadoghq.com | tcp |
| US | 8.8.8.8:53 | 251.152.233.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| BE | 88.221.83.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.224:443 | r.bing.com | tcp |
| BE | 88.221.83.224:443 | r.bing.com | tcp |
| BE | 2.17.107.105:443 | th.bing.com | tcp |
| BE | 2.17.107.105:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 224.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dn720005.ca.archive.org | udp |
| US | 184.105.214.249:443 | dn720005.ca.archive.org | tcp |
| US | 8.8.8.8:53 | 249.214.105.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzikill.software.informer.com | udp |
| US | 172.67.43.115:443 | bonzikill.software.informer.com | tcp |
| US | 172.67.43.115:443 | bonzikill.software.informer.com | tcp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | i.informer.com | udp |
| US | 8.8.8.8:53 | 115.43.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.159.155.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.179.117.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 194.17.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | software.informer.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | r15stv.itch.io | udp |
| US | 173.255.250.29:443 | r15stv.itch.io | tcp |
| US | 173.255.250.29:443 | r15stv.itch.io | tcp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| US | 2.18.190.83:443 | img.itch.zone | tcp |
| US | 2.18.190.83:443 | img.itch.zone | tcp |
| US | 2.18.190.83:443 | img.itch.zone | tcp |
| US | 2.18.190.83:443 | img.itch.zone | tcp |
| US | 2.18.190.83:443 | img.itch.zone | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 2.18.190.83:443 | img.itch.zone | tcp |
| US | 173.255.250.29:443 | r15stv.itch.io | tcp |
| US | 8.8.8.8:53 | 29.250.255.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | udp |
| US | 104.18.9.90:443 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 90.9.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 186.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 2.17.196.75:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 2.17.196.107:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 75.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| BE | 2.17.196.75:443 | r.bing.com | tcp |
| BE | 2.17.196.107:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 2.17.196.82:443 | r.bing.com | tcp |
| BE | 2.17.196.106:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 82.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 184.105.214.249:443 | dn720005.ca.archive.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 2.17.196.104:443 | r.bing.com | tcp |
| BE | 2.17.196.145:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 145.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bellcraft.com | udp |
| US | 192.185.6.41:80 | bellcraft.com | tcp |
| US | 192.185.6.41:80 | bellcraft.com | tcp |
| US | 192.185.6.41:80 | bellcraft.com | tcp |
| US | 8.8.8.8:53 | www.msagentring.org | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.bellcraft.com | udp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | validator.w3.org | udp |
| US | 8.8.8.8:53 | msagentring.org | udp |
| US | 8.8.8.8:53 | jigsaw.w3.org | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.6.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 192.185.6.41:80 | msagentring.org | tcp |
| US | 192.185.6.41:80 | msagentring.org | tcp |
| US | 192.185.6.41:80 | msagentring.org | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| US | 192.185.6.41:80 | msagentring.org | tcp |
| US | 192.185.6.41:80 | msagentring.org | tcp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 104.18.13.149:443 | sourceforge.net | tcp |
| US | 104.18.13.149:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 8.8.8.8:53 | 149.13.18.104.in-addr.arpa | udp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 104.18.5.227:443 | c.sf-syn.com | tcp |
| US | 104.18.5.227:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | 56.16.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.5.18.104.in-addr.arpa | udp |
| US | 104.18.5.227:443 | c.sf-syn.com | tcp |
| GB | 89.187.167.7:443 | cdn.consentmanager.net | tcp |
| GB | 89.187.167.7:443 | cdn.consentmanager.net | tcp |
| GB | 89.187.167.7:443 | cdn.consentmanager.net | tcp |
| GB | 89.187.167.7:443 | cdn.consentmanager.net | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 7.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 18.200.225.135:443 | dpm.demdex.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| DE | 3.124.210.90:443 | ps.eyeota.net | tcp |
| IE | 54.77.42.245:443 | sync.crwdcntrl.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | c73834f0981008229054973d27682d7a.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | c73834f0981008229054973d27682d7a.safeframe.googlesyndication.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.38.105.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.225.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.42.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 104.18.5.227:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| BG | 87.121.121.2:443 | netix.dl.sourceforge.net | tcp |
| BG | 87.121.121.2:443 | netix.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.121.121.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.usertrust.com | udp |
| US | 172.64.149.23:80 | crl.usertrust.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 2.17.196.176:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 176.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| BE | 2.17.196.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 2.17.196.115:443 | th.bing.com | tcp |
| BE | 2.17.196.130:443 | th.bing.com | tcp |
| BE | 2.17.196.130:443 | th.bing.com | tcp |
| BE | 2.17.196.115:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 115.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| BE | 2.17.196.115:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | wmploc.dll | udp |
| N/A | 127.0.0.1:50251 | tcp | |
| N/A | 127.0.0.1:58314 | tcp | |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | 124.8.63.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | oss.maxcdn.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:58342 | tcp | |
| US | 8.8.8.8:53 | browser.netscape.com | udp |
| US | 13.248.158.7:80 | browser.netscape.com | tcp |
| US | 8.8.8.8:53 | www.netscape.com | udp |
| US | 13.248.158.7:80 | www.netscape.com | tcp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | geo.yahoo.com | udp |
| US | 8.8.8.8:53 | bcn.fp.yahoo.com | udp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| IE | 188.125.72.139:80 | geo.yahoo.com | tcp |
| IE | 52.50.88.82:80 | bcn.fp.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.aol.com | udp |
| GB | 87.248.114.11:443 | www.aol.com | tcp |
| US | 8.8.8.8:53 | www.aol.co.uk | udp |
| GB | 87.248.114.11:443 | www.aol.co.uk | tcp |
| US | 8.8.8.8:53 | 139.72.125.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| N/A | 127.0.0.1:52491 | tcp | |
| US | 8.8.8.8:53 | sb.google.com | udp |
| GB | 142.250.200.14:80 | sb.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_916_GMTFSGHVPHCWRQYQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9344cedbf844e89cf30e0555684430de |
| SHA1 | 82352f1629aa38c79433d3c589e26233a5fe39c5 |
| SHA256 | 8554219092f778895b2239a4e01ff23968b7dd8708b3ed91110c12ee36342b03 |
| SHA512 | a4756681525bdcd5313cff97408626cfc2365f61e373882e2158641a85828d59efc53c28045761e3c0842218f371e819965a833e9c32660b05d43bdcdf160ec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 709482.crdownload
| MD5 | 327394a452bc590a8dcc35499ec21060 |
| SHA1 | 799eaa40f88bb3a2a5b385e6fb51675c0da69981 |
| SHA256 | 20fe34797b5d870900402aaf927136076111bec331d6bfc443b86d66c551243e |
| SHA512 | 325529f6fc4421e299c9e23139b43647301c90d7c2d6524f8aa64e52b5308bb9d67125e90847f740494da06140dc5753ec73269b117c3687d788983bfeb4e02d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | edab959325d16593b0a827e8fbf5bc82 |
| SHA1 | 3ce260ed1281e6669eb044affa8531e54094a167 |
| SHA256 | 60f7609f5adb0888342c67a178e15e612ab35e22b99a1d5723dd9b72e3bce177 |
| SHA512 | e84bf2bd9d5c78f9deebbe14a898e96b600e114c91948d0639fb2604ccf0230051d318617bdd9d47c73c6c58a772e8723128e7046a3bb236828d3ab2425fa6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 279c9f093fc88644b541bff5d6fee887 |
| SHA1 | 80bf314483ac1687c4e45ca58ec857c389c37ac4 |
| SHA256 | 473a4d34a13fc734d6a558f95770150c1635507c4ecc43649f6f3c3102da38ff |
| SHA512 | 4cc71ce8f02c93ab54ee21586056fdb8a6e9abb7472f93cba84a0273374312972928f976caffeefe179efffa69338f2e320c4a315abaf977c960ebe30ecb93ff |
memory/5084-150-0x000002BF0CEF0000-0x000002BF0D0A8000-memory.dmp
memory/5084-151-0x000002BF0D490000-0x000002BF0D49A000-memory.dmp
memory/5084-152-0x000002BF0ED60000-0x000002BF0ED68000-memory.dmp
memory/5084-153-0x000002BF27950000-0x000002BF279FE000-memory.dmp
memory/5084-154-0x000002BF27A00000-0x000002BF27A82000-memory.dmp
memory/5084-155-0x000002BF0ED80000-0x000002BF0ED88000-memory.dmp
memory/5084-156-0x000002BF27AD0000-0x000002BF27AF6000-memory.dmp
memory/5084-157-0x000002BF0EE30000-0x000002BF0EE38000-memory.dmp
memory/5084-159-0x000002BF27B80000-0x000002BF27B88000-memory.dmp
memory/5084-160-0x000002BF27B20000-0x000002BF27B2A000-memory.dmp
memory/5084-161-0x000002BF27B10000-0x000002BF27B1A000-memory.dmp
memory/5084-162-0x000002BF27B40000-0x000002BF27B56000-memory.dmp
memory/5084-163-0x000002BF2A900000-0x000002BF2A90A000-memory.dmp
memory/5084-164-0x000002BF2A9C0000-0x000002BF2A9FE000-memory.dmp
memory/5084-165-0x000002BF2B490000-0x000002BF2B4B6000-memory.dmp
memory/5084-166-0x000002BF2A980000-0x000002BF2A988000-memory.dmp
memory/5084-167-0x000002BF2B4F0000-0x000002BF2B512000-memory.dmp
memory/5084-168-0x000002BF2C370000-0x000002BF2C42A000-memory.dmp
memory/5084-171-0x000002BF2C810000-0x000002BF2C886000-memory.dmp
memory/5084-172-0x000002BF2B800000-0x000002BF2B832000-memory.dmp
memory/5084-173-0x000002BF2D1D0000-0x000002BF2D1D8000-memory.dmp
memory/5084-174-0x000002BF2D320000-0x000002BF2D358000-memory.dmp
memory/5084-175-0x000002BF2D2F0000-0x000002BF2D2FE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 115480ef2ef53122f4d35bf7aacb21fd |
| SHA1 | 84d1b3692f30a03bfcec9100c3bee4336aa80849 |
| SHA256 | 7a8ac77c3403fbb3250320fe02351f95cfc4a2a17ce538f16cbac43617b09ede |
| SHA512 | 01998c97eb15bf94cb9eaf50c821d666ad338cab023015f418c28a8e678ce2e82969134681dcfe04175870fc942b5ba47ea9c6be0ecce1556aa76640e61e1439 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f537220b9afc76b90a797281f7d0eb6 |
| SHA1 | 025c0ead5428649701c2e148f5e9bf086c88a17c |
| SHA256 | 455336c4beb1604881d811525a0e4b32fc71b903e8b5346528d854aac7972da1 |
| SHA512 | 6c43902114f3ffc62ee89bb36d9ce5777be12d3d6c6ceabb818de8f7738554b3062ec7652283b0232334d1029253a4c23c198692c61997d27fe88a7e8482d251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec25be551ed0c2448da0ac529ac81840 |
| SHA1 | e6c180b4e00a04d21c9ceb99d9763961cad87c39 |
| SHA256 | 34d8dde18cb69877cf85f644a8ca6a633c5108cfeaf9e84fd58af0a8fe5e75a8 |
| SHA512 | 2d0cb4279f0da70140f028d36df7fad9c59cd3009138e32bbfc1d8ee3578de4cf1d4d058b8f8a57d3a5f9c27fe2e9b5d01d1cb22d2bfd578d682291bfe9992c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b09923d7527e2e4a29c95491c162c8bf |
| SHA1 | 3849a05cbd9f82f7a4b74efe20d6ae0c772e05a2 |
| SHA256 | e794882e264426dacc0b85e937bb7bbc7e17e69df62f75d93bff3c18a0720784 |
| SHA512 | fc6567aa9c6633186ad856068c074ccdadb7b6682b460265cb259b0fb5e8ec99f263269019d78eed7cf7a33a6d2b0af406193edcf6510ce03b375ef9b2bb0046 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 78d31e069d3559fa2b016ee372d707b6 |
| SHA1 | bc9e63f52b9ba88423c593d29da2a32849764066 |
| SHA256 | d511c9ed523aba2f6c5019bae9b9929d4aa4a0d46b2bef431d075257d8b5eec4 |
| SHA512 | fecbee11ea625db0493f686ef20dfe4c3d7343e66642931b985f31b3f8896cef97ddd491e998045e1076b5fb82e9e81fcf3cb2f3189dfa325a6aa336605f3b0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fc61.TMP
| MD5 | eaf6b3df896b948477ced4b2b234556e |
| SHA1 | 9ef989621f26f04f463aa8c15b9fb5569e02332e |
| SHA256 | 5dda1f0e010a01d002b4e680858acb7ba0dfba71a3ffe4f59a7063b1e7225366 |
| SHA512 | c7e3a75eef6e1f419826f0c3e21df86240ef2e25b0c74c3981c81a996db6cbbb339ff973e9459e675ead6129a540a2e3195fa810669c87b821a39adb0cccd53e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f47739de7cf47eeb376213c463009546 |
| SHA1 | 2b6095704150ab7ecd7087dba599090802ed0b95 |
| SHA256 | a0c789d07583c4b753089a4ffd604d1f4232e3db3ba56e63b6bfc5846339f711 |
| SHA512 | 7c4b9f9f4fad5821f32864e95602d02c9aacb525f472f7241a0da737c02da851c94323ab19521ca2e17d92048cc9c58bd6ab65223ecf6b7c241e7e2a0f75430d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 052ae879d0606ca7b51dd5d60bf168f9 |
| SHA1 | 51ed4981134ded98cc76007a97a6eb6f5a604594 |
| SHA256 | d5bb278f2281df3e9b58e0b0f7123c216040b0d9ed5ad5b5cf8f9c08469014d7 |
| SHA512 | dc6dc227c98127f08854916e07d75853ba185892c98a830ed604886db68b939bb609d61d6fbf9a4b915437c09aef8494e5abc18c3929f3bd88116a68785b99dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0a76e36dd41854f43689ff81a74a229e |
| SHA1 | d0127ecbb88ead2e7e2b625a7cee5611db3d9d93 |
| SHA256 | 6a847edbcd624571c6c09f39098ed26c79577cb9496cee8ec237abd6a751c36c |
| SHA512 | d9646317156412281618a491b7e951e282f395d953a92784b3ad50fdaea631921d1d3894f64b29df84993db6932e7fdd69c4005414d29b5a5798e649ef89ba04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1bdb69aea136285322aaaef5043f3c82 |
| SHA1 | a3b14af40521c55f9366e2d4a5a4d4273d953be8 |
| SHA256 | d3a1c41bfa99cb9d4682c2da34c98063d272958ab22c8d877365b8117be8a355 |
| SHA512 | c42dad8ee04beb4b7dd12fff9e54a2469b640b4f58364c70704858589dcd41e3685320064596ad7565064f8b184f0f824aa7ea33e65ec0571c32eb6774af8edf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7cc0f5af4fb44880a15243ddf69921a3 |
| SHA1 | 93bf0fd72ab1b2f958e2e2a73a8876655c51cc40 |
| SHA256 | 94b44f0538061be7e39108a5f2f73600dd8491102362a50c63f9f5e1cb0137a8 |
| SHA512 | 612bf5def37c44395b8346564ea79412f4e87dec551e87b1d37de8ca5b8e7ddf1aa74bced931ec9dc5a7554a235a1595213f7cc70b41d2192f25fad8c556144d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4ea121d2de319462042f3c50d088562a |
| SHA1 | ed4e6e89b41545e2353ea04989acd075df2c1261 |
| SHA256 | 707ce8e1c7aa5a79bffb319755ab6dd171d540a9615f021e664f981d09e17a25 |
| SHA512 | 676eca3f2981a34929e592441ad01aa0997bf2ce42db883b63b7ae7b9d549883e4e553d66e114ab5b1c729ffde9c0242747da293874830b64158df857ef1047c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 3f3f684eb83ff1664c429038a832ba5b |
| SHA1 | 7830d821cb405a42a72a40bbee53a5d3dccbae68 |
| SHA256 | 8541ba265babe4a1313f05e9b5e8bae449081016dfed8377372bad7a50285d24 |
| SHA512 | b1b6cc7d0f9c2559d84a061b05e83c027bcaa7d6144e27844903cf9e2099be0847efea81d35026221048f281bb4b771ac1009e87792228c34ba2a4f7736ff78e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbf2a22e5135f8472fa147b9489a0f66 |
| SHA1 | ec30fd835537c29d4a6e9c324c582f8123cfe623 |
| SHA256 | 5a681b93f9dcc552fca656519a9638b9907bac87990806b9a216ae79e12f2ee2 |
| SHA512 | e7dd2d75d6e0c8bec3d888ff1952b696de8230e18f2b8b998092928f4c48e8a033a275f1bb20b1b6bf3fb7e662e5fa6b5578d528faafdfd760ca63e93d586782 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e43410727b314bdca0f044d79fbdb85f |
| SHA1 | 162e1f35ea7c3e780fa4876b430805e327a3daf9 |
| SHA256 | fb48106c3630cbebd5447f5147013ac5d817ffa1800245ddf6dd4414607ca1f4 |
| SHA512 | f34a9e66828823a26a62a17c4243d7cebaa952a7bda778e7c6c508c9ce5d4a9bb8a55c030d296ebbd6638b2f98df9e9ffd71712ec92dbbad8e28b13d3a515371 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 18950d0f7a371b6191cd217ab9c9c695 |
| SHA1 | 7d7622fcc4431aa75fde9267dfb1d30d99466d5b |
| SHA256 | 96c2e8b99703a841b5c57c7d6427a3a060c9b11d554c2f642d3c6ba8814e18ec |
| SHA512 | ac4a12eaf27b898eac0635c66f21a7da40416796da57af8b9984dad3378c6c1ebe70f984a7ccf72af6bf4675095da36bcea19b219de267befab2d32a09782cc2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 03046aa6936789d9c9c567249118ab91 |
| SHA1 | f60a367c22623bbd110243eb3c242d3235eafa0a |
| SHA256 | 8d06b156e8cb126da7eb2dbc29a3779aa53d061679b2e92acd4f9acd2bf443ae |
| SHA512 | 949f86a1d101a5d1d75af9a797ddd3d035d26dd0440abeaabcb731ce21e5c4f4afa7d80cb7ba610423c03ad832b7b2bed74bebe878cfcf0a2f8781aa3f96fb22 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 72475a0056d1eec277d4e6074ac10107 |
| SHA1 | 5ca3aeed46db404707873f3eb159d0df9315090b |
| SHA256 | 25d621af3bc8da885c7501e51ac1edb5b643b98511c3901a29e73c21e829d837 |
| SHA512 | b230cb4b4824d8552aa90d0f8a346ba2f2eafff9db368e2e8ec3f865947f830ac1239a0e41d0611c39ec0359fb6a054cbb3e5a0d5eaac506cbcce0ff776bce15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1cf320ec136b1d1c65942f319c6e6172 |
| SHA1 | e78608e75f553f4a4a7266da120ad81392771a94 |
| SHA256 | b1d3d6205094c317e5085cea7454f4a42b4b4e44dc62d12fdf0d1818820b9f19 |
| SHA512 | e7f2cafc4d0d83d0bc1d16b25b5322bf75c81de303790e60b99a23b0837ba1daddba03525d8f80376d8ed28be28aac6e0e5e654820af75017fac5aacbd04d06c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0fbae5ab38f3073c438f7af3e84352d0 |
| SHA1 | 8e16eaf4fd8a0e782dc7a0fe75dd520828a4808a |
| SHA256 | 90df00f401eb155a03aa84f2b01af552aa9e5fe24fbd8ae8091d2c7e3ac492a4 |
| SHA512 | 4376a31303af56afe0162175feed87bcac0328e75fd10740b3f700545aa51466c4be38e6d02d71eb341791ea525d79b65da8161fd97e6bad83edc04500fcdaec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 474f58a1a88724994941cc82eddab363 |
| SHA1 | 331382dd7357adc5848699cf55935421a4d7f4a8 |
| SHA256 | 3f7fcb3ffd62ca50440d0ccf6884f81447d19d50e188dbe8bc195c46c2774f12 |
| SHA512 | fbb9f863c5cfa2bd09f3eb95e78d5f836b0737e4a687b49a8e11a2597807d13c9fa5e797ac3a8066a15b7c9f1441b60c5342a791926cc9be51a2b622e25b7808 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c40c3dcc62222db2ad2e1ac77309c1a |
| SHA1 | d28d4779aff418c4833256f3ec4ab17f656d3ead |
| SHA256 | 8083675c684074c0d782465fbd8560564c93ef405fc304ec5d8bb6badbf6a755 |
| SHA512 | 7ed89a38a55b7a9bb5d8869c3c55fa602d41f806091fda751c8c3483297adc51849271851175218e9c1f62a58378c8e3d62764df4d0aa05bb39591781660accb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c145366cafa58124c8446030dba8bd0 |
| SHA1 | d965a66cdec3c8d2d24362c5cdc7d6b00521d0bf |
| SHA256 | 380c584b0fcb0ccaba1fdb4e8c920fb1d4e946e8c7ab8971887774435f7b58d3 |
| SHA512 | e73aac9d9def60dd6ce596fb6417cbfc56c3105113ebf769959a9e0d676353ef72546b24aa5c7fce74d56c268645837be8401e9eedca39671fe0ab193507d2ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075
| MD5 | 475b50689dfe5ac600b3de04ace088ea |
| SHA1 | fbb328c285b985d98e436e1a2025dc2ef814f08d |
| SHA256 | bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1 |
| SHA512 | 55bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fdb3e09dcc68d2e671f2aec2de5a7672 |
| SHA1 | f97d593067f91f1345d55367b317a44881b1037f |
| SHA256 | 8cc581c747f9d9868ec1586430d704a5eadc0a330222ee8f34f8ddf6dc9d5f8f |
| SHA512 | 4fe61c9735852befba019425889a3ed65b69056044e7cb9b54bf5d3cea1c1e037f480cc4e3c6e4358a28c0333991186d5bd64bf5e3b57774de56aeceff0c5ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f916b87f691c094d972a34dcaf801e5b |
| SHA1 | 27f8a2dd8f05f12a82fe0cc05c529c2ae64620ae |
| SHA256 | 215b7e7b3133fee2806012cf73b3b09ceaf8bc8b5ccd9c72290f742ea4a6e95b |
| SHA512 | 64ed75a8b32340ee87d52a755618d2b45f19debd8bd511cd879c0a9485e2e479fb0453449350218619c7ae4b4c4e1d59d39362d820a127c6b0b258f6394c2f81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c87c46590ebec016653af8e015e18f12 |
| SHA1 | d4a7e1f26ccce28c2eeccdc6361e4b7ed36665ca |
| SHA256 | 14268c5a28d462b209bb74d01dae63cb76c91ac12cc24b82bb9790bb5cf87107 |
| SHA512 | 9a7eee8678fe90145b38688227ab8fd31c8c54e51906c541aad4cf067371b846008d7815e903cefe354df5788dc5a54a2f4abb1f6a37924c0a09b6f5cb363fb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 330c1632fbac965ca4d469bf806ae4d8 |
| SHA1 | d3a13a64af228a0e499b2955ee234ce768baf27d |
| SHA256 | b4ea8de58c6ba3865518a40e3c9ca32a0e40ad8628ede5e485e21071ba01a357 |
| SHA512 | 18fe75377dbb315f64fb8d8fa009d584f7d5bfd65787ecca5a703ad6571e0a1798ccbeb30dc875b8d7e26a7952b3bc4d540cc3098c00cf4fce3d6de7666ce187 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | cebd88a0a829c355d8287c325c1a922c |
| SHA1 | 3a7f6aef9b2c2f0b6566392b20ce962694251a91 |
| SHA256 | 77e518009c99f7e2c33a1fa11c989079b3ebdfba2215d6256b6f2cab4d22d337 |
| SHA512 | 144ddf1ea87665d650adbb444efbfc4e4057512185e2a5015cbcd504a0b930975cc29ce3c76d78dfa37eddc81cbadc84b233f2e595360343f8ff4b4fa44c0f33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 477ff323f8a264ceff74f6546bc62092 |
| SHA1 | 14f203546d62f99a97eb8aefb35006269e6e56f6 |
| SHA256 | e181b5aa1a49f17e2e4740bfba517fd69b4079c1ede1b0d2e3efb4e5496a2a65 |
| SHA512 | 55c648322161c82d77c79706494851647570196f8b71fd546c95229578a84e2546e431a4164d00eca337f3a78b68e62fc8b935ed3d7315e76c620740bf6ebd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 507ba44ae5c8e1c20e2d8c58c2a569e2 |
| SHA1 | 07cf7aca3d268c8f4743b4c2837980dffbde2d47 |
| SHA256 | 48bc244ce3034d63aa7f4ab5eff3423f372cfe120c769079cbe484efa62b4777 |
| SHA512 | bd28f26859e9778e5a10759cae53128126ae5571c0a8dc750718c58ed0be808f9f42d11439591296c7a2b1bcda648ccc11e159574107e5183fd26dca0534e32b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 665462684977bcb85b6ae5c0fdd588c7 |
| SHA1 | 07be55c07f8361af80358d07e10bcf953eec78b2 |
| SHA256 | 2b12fa1ce53295c186343da5de57ae7a0dc2c247d5b07367a613de79f452064a |
| SHA512 | 6a53d25aeeff539e71ae48310ed02804c07954927213af99dbcf78080fb7b424a8ce7c8f89e822ecfa73f49fc2667a3ba5a1b1585c8edf8e00d74c8c9cfd8c50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d51be804b86101a3d9d0fbec1335a948 |
| SHA1 | 0a7b24e02dabbb8744e852f82bc4431c9af5fc18 |
| SHA256 | 5e8d89b24334b34b3b40a190eca38080e1de357fe9fdbdbb1dc9a3a55fc8519a |
| SHA512 | 32caab9dbf248c9f41ac27fd8352bd0cc92f66d3f3ef5b2167984a9b768d71a3d13df3fdd6062d5546df6c12ecb8c8991d6f11f8dd336c26137cbc1fd14cfada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 677048f19c7230f3ae0cb72187874478 |
| SHA1 | 6d4dbb0e2c33396a6176d033519915e0f88f4187 |
| SHA256 | 87151a9cb0a65b1b54daf4f2d44f7cdd9bc1be1c3f845fdd95739c33f3e68946 |
| SHA512 | 90bbaf01ebe209c4e6c4c3ee4f7176f639f2ba1ac0693eef896cb8aef891dc119265ee3b6ba52c290b86a6cda0cf6302950e07b43fc721e7bf006f5587067a60 |
C:\bonzi\BonziBuddy_original.exe
| MD5 | ff8e3bef2b1c444e59d21d5291c81d96 |
| SHA1 | a838dc974a49dc0fad824cedcf794c8c9651d410 |
| SHA256 | 50a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e |
| SHA512 | b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927 |
memory/5560-1693-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5560-1695-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5560-1696-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP
| MD5 | 7eccc259af24ba7a5a0638562536068d |
| SHA1 | acd3e0fc2e10dfb2e57efa608a60297efb32e54e |
| SHA256 | 2e682f6b72fe7f464da31c01cb4769c8fcf556957405740140394282d4fe0db7 |
| SHA512 | 7fc719c7c0499efc6eff2594e1e46390a421db4ae6c36c5f8822cccca52cedf6be4d9282e49db246a9533fcb929a70cd4e7a25e09984f69db2c922f6c4ba6f8e |
C:\\bonzi\blue.exe
| MD5 | c3c1f4ff433df26b896deddacb5817f0 |
| SHA1 | 45152ae046f3e2d5e274feb6a04fa6af59a68740 |
| SHA256 | bc8f7334495c673dd646d092afdabbfb84edb5282a25d9d8b1d3ceadc019478b |
| SHA512 | faecab59d8ab00cead2037ee30435fffb25494b5889ac5dd003fec5f3a0244a2e450425838456ff5ef11b8c674eb85b21ca68c636cdec593bbef5ecf2aba0561 |
C:\\bonzi\bg.bat
| MD5 | 74a195bcfa20e10e672d8681831cf280 |
| SHA1 | b6a75cbce94c208c6d7f13280788b0f4183b6b7f |
| SHA256 | c40a459f38ec341892f062db191889353b039efc613ce1870da6591f27952e3a |
| SHA512 | e800011130350a3df02d406bfd002f92eeb2575cc5d314ea08111ffb347c64a9e8e04dcbdcd217f8c7d176998d4b4b804437b221d5a945fa5e65942366c3e2b3 |
C:\\bonzi\bob.exe
| MD5 | a7bec276ba3a17576158a93d459b5949 |
| SHA1 | 63d6d8bd7b09afe34147dff20791deac219d71f7 |
| SHA256 | 407c9900fe5190df594a3ec97b17fdea941fe801e644013544b52a6b5afc6b4b |
| SHA512 | f93da09998f257965ebed2e8d95f3f4728bbb61ee9eac5e1f428841a23f69eb122d0fc43700165d9a6dc6f3cb22c8cfa8f5953768366697bd00b63964addac1c |
C:\\bonzi\boi.bat
| MD5 | e3fb07dba9803c1f174b725d2a05ea51 |
| SHA1 | 98fa2129f93fd56493914d527f07f727c2b45ebe |
| SHA256 | a7a14afe50ac26962f92bafbcadead48ca2e8fcb546cb259819bacd8156fae84 |
| SHA512 | ab3e817ad01e94ff8a6c58ca89d64a45077f0de49ea8a9e7059509cc7d694a005deb9043897caf060d0a78cfb8cce54ebdb9b3cb0653975771b23340d548dbfc |
C:\\bonzi\BonzVir.msh
| MD5 | 0cf59661f4b25d7bce496b51264cf6ef |
| SHA1 | b55d3d5326f38f3f7d3ed6595754fa69113843cb |
| SHA256 | 14ed561155ef917214695a958392fe53295e1b972bd247da7672e7d38cc4eab2 |
| SHA512 | b0115fb134a145df36fae74791f30f4e43d24a049b0ad290e807a82574cc0d12ed5ccc1824e6a241fd0346b326493c359978071bf820d30bcb6bfe33f486902a |
C:\\bonzi\china.wav
| MD5 | 54c052f317d02d6129afd7c565b046a9 |
| SHA1 | 5ab2014eb65fddb8a5f9c68a6b375dccc45916a2 |
| SHA256 | b1ed856b9ab097c8ec91778a241443a660a7e0ed5e3157a181a22dba1e31d55b |
| SHA512 | 200b66da2aeaf9c7502857e4e6d2d5d2294e3932f2fb7c3dacc9e161093c479028a3cead0dcbd9acefa46652406928f659b51e95d8bb2f0b0d93ce17eee6b2d7 |
C:\\bonzi\dicks.wav
| MD5 | fba01dbcd05f71566cae1e56928ee875 |
| SHA1 | 0e387de1ad68776f610e8a352cdb4034420500c1 |
| SHA256 | af11d1bf70e77336bc59cfaeaa0ff6f916d3be3154185ac80df59861eb19a99e |
| SHA512 | a6586e6fc7c765d77fdbdfb474408648df5f54707530614e097e06e23320eb610e38768415db3d3d1f6e19e48413d8993983b6fe48c445af5f0df26fb6714003 |
C:\\bonzi\clippy.exe
| MD5 | 038bf1f54a35164fedb79e2319e1bc49 |
| SHA1 | e92cdbb5bab92ea3f2d6b0f8f40a5b5df199c6a9 |
| SHA256 | 655a8c2bed8e2d85b24525aa426e5d647f15ddfa156967d64f144c497e8c9665 |
| SHA512 | 5928082b8fef2a491eb84ed4ba01c8428cd96425c8c2d433dc6ef80d9c0d4866bb9c20871c6d1268824e435f42526e4e1eb468fe451f0ef02710edb35c08f1c6 |
memory/5560-1730-0x0000000000400000-0x000000000046F000-memory.dmp
C:\\bonzi\LimePro.exe
| MD5 | a6ba111c7ea638edac79ce34bb7a3de3 |
| SHA1 | 903d1af04439189479bbaa8eee77f1503f1c54c2 |
| SHA256 | 6c87657cfe2d7576333c2887d90f543c8fd4241e50f653b2c3a95efff2c4a268 |
| SHA512 | 2b32ca91b42884cbd134d3471db74995321c1edcf1b2d579e1f0da4acbdf70ad08e05407bf93d711d966e2c3c5a0e25bc5338de5fd878a5bb0823010cdcdf9cf |
C:\\bonzi\end.bat
| MD5 | 83f1281124f33a31fa88e6ca1c7c503f |
| SHA1 | 35f7824bfa87a40083e57991f41abe01dbc6fd94 |
| SHA256 | e923637d148d84c9f99bf50e1b1ce8c262c3a40ee2a043d90650e7334cb862f6 |
| SHA512 | 0d903d914b548969476f541794312febb72e56fb9a0dfc6e563d16ff2e8a74c6b13e184729d1f2254974e0625e032483470172b6cc270c416416fea93bac0906 |
C:\\bonzi\midi.bat
| MD5 | 27d92ebfadfabce5ab3fa8f842e6a2e8 |
| SHA1 | 2fbbe766c10820436a34ac47dcc49909a52228ca |
| SHA256 | 2acb21881a9c9625c653dcf43a79c6f5fb81d65bec36d290f12e1f2a6a7763c7 |
| SHA512 | 703031215f5b282d9e4889cbfe69a80098a9663d2fe056e05ef58a9f431fd38afc12f6165b1417173856c9bcd263ff92ec985d1624044df2fe64316b2a18c021 |
C:\bonzi\netscape\res\html\gopher-audio.gif
| MD5 | 0c428f6883c912e150ce42c954b1bd36 |
| SHA1 | bcfcdc2946c6e8113083d57538de5713aa033e9a |
| SHA256 | 39c501d97b098136e6d3ef487ebc2a04b00b367af8bf04a16ce183064656dc2e |
| SHA512 | d809489178b96dafd4a0c95edd56fac21625aabb2b7dc8260345eb96b9c3c7ecb1b18505746bed15581ebfa1265cf96c8aff3953dbc6d69d56b31fcf54db228c |
C:\bonzi\netscape\res\table-remove-column.gif
| MD5 | 90ef7ea72f363d421c608e37141f0e29 |
| SHA1 | 891c963cb3c26628dcb18db5653eaca5275b0f9e |
| SHA256 | dd6549e0c43acaa44bba371928f96cb02f71440149f6ae4d2e9ad4706cbe2231 |
| SHA512 | 6a05229fd5e33ccab5b5e4f185395fb77447384c83b2d0ca5379106e3a06296a6e372acf8c3be7b7d1e8046d5b3002ec5c4c4c22ea186fdff828acd2aa5702d5 |
C:\bonzi\netscape\res\table-remove-column-hover.gif
| MD5 | f6f8b831f31c8a4081e61403b258d944 |
| SHA1 | 389daf6bcd0ba84a413dce4aff02ae9800eb1061 |
| SHA256 | f19d34969cef9b58e845f4f3630ec3df5a3cc054831f3880c1b68a34afa431d8 |
| SHA512 | 01bb9b06927083d052b11a76ce147073bc25d7c95308d189dbc5598776f83ba26c22a260450f41c2d18e4c3ec86aa24719a90bdeae1417ebd4b1066b80c8fbab |
C:\bonzi\netscape\res\table-remove-column-active.gif
| MD5 | cdeeb11aaefc565b7e2e6de6c5122adb |
| SHA1 | 67c0bbae8ac6dd12cb66621f3539fae6971d91e0 |
| SHA256 | 1ba095a2abd0fd53efb16480111e199cb06cdc0f7205c73691ce83e302af1c03 |
| SHA512 | b123401eaf3d0407638c1e0f3a17d102987b769139d83f2af346d5f5c3a1f16a7aab17bd9c046583542d15fbdcf11d24206a4bdf62885bf87b2aca4ecacb77a9 |
C:\bonzi\netscape\chrome\classic.manifest
| MD5 | 13089bf20fa0f5a0161947e2ea68ccf9 |
| SHA1 | 7b118a78b1d2a6dc39e3bbc819e2fec1fa38d064 |
| SHA256 | edc130d9baed6516f1b1c268cdcc9fa7f604728da700f4ac73eec32800c5a8a1 |
| SHA512 | 48e1ab07a1c90b478aa3b6b362f762464c0e002c2c3bff4322a369076539e29046ef9ef83ce8908239d970e5adacca22ea8ebc8a62735c218ded4937074475aa |
C:\bonzi\netscape\components\browser.xpt
| MD5 | 1ba3ad31f3c642ef5cefd10f72f8275e |
| SHA1 | 876ef9b6e990caa864d344f52d517f5d7c430747 |
| SHA256 | eab3322f9c4146cea91f06b25ca8713f087a4ddd0b2b39ad1739c974728c3750 |
| SHA512 | efb5489bf619c45ceedc37b98645bd420fa5f7f52a752801268d10c12b079e086ae091e70d8c4a38331fa5d322c8c2d7df49e4eb40b65dc8c9021a900efd58ca |
C:\bonzi\netscape\components\FeedWriter.js
| MD5 | a7206d0b86a66f8d3818f8398a0a72a5 |
| SHA1 | fd8adef12b8f73fdde0662a028297244ed4ea9ad |
| SHA256 | 0fcae6b535f8af369989cdb3646f63245720d3ad8b10dd15d736b02ee3bfdd26 |
| SHA512 | 31eab727e151c7ef14f006b78ba0b7b6dc02c55966a388577c55b1a897a2f997cc8870b54840d231cf44c4632420e9373bac9bea0a9458c45c14603af6400b2a |
C:\bonzi\netscape\components\FeedProcessor.js
| MD5 | 84d2257da1551d5ebd09fc7bb97d3134 |
| SHA1 | 4ba59d1389710f004742f67ff154aa4c95294aaf |
| SHA256 | fb879ce16c7382e3a562def28f46c240a86a942aff2cf29b8cdbc779e1644461 |
| SHA512 | 071340c38074cf019f328476c6026db05e0ab0374a7f8f4122c8ceafda55e2667a7ee35abc41f35a88480890df674edf9add59dd40680efa10fc25c7c356fc24 |
C:\bonzi\netscape\components\FeedConverter.js
| MD5 | 20f8a15b1e1021dffe52ce936399b849 |
| SHA1 | 59f59c8d662e59cf960f12864e932b09d28e1f26 |
| SHA256 | b23290d66cd0b26375e032d2c6c7578b874e379c6ca8907cf1a7cf122b74efa5 |
| SHA512 | 4a0f86f0ee4b33c9f6ecb88093f81143fea0f90ad767b06d1440743f22c8d7bbfcf5bf79160add79334f22b17b9a629db77d4983bb6f581ca5356dbfe3746c7d |
C:\bonzi\netscape\components\compreg.dat
| MD5 | f7487c8a3abd34c22ccd8481d08d8199 |
| SHA1 | 2da738409048fbd3159a4047e5ca272891e4182f |
| SHA256 | 213a117f2ee10391a28e75a4e3a9f9a1eb6430b86bb54a982ccb063c7f70ba9f |
| SHA512 | cfaa363b6fb3255335192c43b2362d3b55c0dd3cc2db79f9804debd0ab8c911fb0df50981b5ba960f28fa8fa95eca54f18703e01b09da32c6d1538a15f504a96 |
C:\bonzi\netscape\components\cache-module.js
| MD5 | 9389b62b97d5620aa4445635e96fdfe6 |
| SHA1 | 781f260c6b74cc579c7f88029688c8a1728ef6fa |
| SHA256 | 1f9fca3df0162b0ebe0179210928f99b9db35bf13741760a56b34261d86d5d15 |
| SHA512 | 62fbf011fa02674086ca2058f69eab8857f381c3c199e7f7b4045ffbe42374915bfeccabdc305b17b5a8b9539d7a01555d7cf34f978e201a2407aed913580137 |
C:\bonzi\netscape\chrome\toolkit.manifest
| MD5 | 991394a770c6e55b97cba3cc51e53de2 |
| SHA1 | 6de9da3b00576f99d746aedd8e5e13da41f174de |
| SHA256 | 7d3386c5ddc9ef60e780464f6431614072f12a0bef1a1081e21559daf3c7e503 |
| SHA512 | f41ff4eb874abf493833acd3558351529c1fe79acddb04f612d7ab808e92adc93033a2be0cf79cdaefc4708fe78345c2cac0bb7bb583e003fa9adbb6ffd689a6 |
C:\bonzi\netscape\chrome\toolkit.jar
| MD5 | 0d87ef638abeced11511a63c5731e501 |
| SHA1 | 4e238a4ccf5f6a349215a242cc1df1d2cf71c49a |
| SHA256 | acd04082faebeaaf75956db33e8c57e4909e6f8822477268835d3bcece15d85b |
| SHA512 | 5ab5599c59bcbf9a7638dd3debd12f890776e843d9679a25742a183dd7ae663425a9ebf5e2de012183b2040949335d3ccdc99505fc79346ae7b1b6dd2e121511 |
C:\bonzi\netscape\chrome\reporter.manifest
| MD5 | 5e0bf4f3dd0617b0b195312bcb7abb62 |
| SHA1 | acfb78064edc2999c06eac8b56cd31fd52bbe6d8 |
| SHA256 | e7e01f5a59a1e1e4d7c56f40395167d3b14890661b87f5129d57ae5c2b10114a |
| SHA512 | c6e5ff17ed9861ea55d70cf89bd8385b91159c17313cb7fa807aa06b4836d9c12466c6a4d849ff588f745d522242af060575a8d0ed26985d4115297071d59af8 |
C:\bonzi\netscape\components\jar50.dll
| MD5 | eb78d8af60119fda6c2e15655e791ea6 |
| SHA1 | 71dbac8bfc1e839c5dc7c70f84348efb6cc55838 |
| SHA256 | caab06ea40310d202a5a44c64221a2f920d4f3a12be6dbcc0a59362c2aca9364 |
| SHA512 | 45c6e975e7366df1b8bb52e6bef820553f129e251c1a268c4e5014095000107680ddddc06aa0317d864b6c96f49550bb80a4d7fe99abe456f2da15b23841450c |
C:\bonzi\netscape\chrome\reporter.jar
| MD5 | 3e2d14577cd76484e53588a18e2376f4 |
| SHA1 | 9c119cb9d64109a1a56b11ca0fa54e5331e891cb |
| SHA256 | 65905b0497281fd57dcda8eb5c47eb41dde577c2d2c40239e0c9d8d383963f33 |
| SHA512 | b8cd63fe2522763c3207d89f66a71b07fa8b2e568a3a9f7f55183c7d4aabfc6979aa6ee6e60c507ef1c2b720cc43e817d4dfe193f8df09b3e22f51c32956bb5d |
C:\bonzi\netscape\components\nsHelperAppDlg.js
| MD5 | 28493f44f1b16a11978b6a9d4bdecf00 |
| SHA1 | 4dff589dcc0919b7b14b1acd893fb1f244e994f4 |
| SHA256 | 9c658cf5f1ee304d441743dc541acbc45ac576e148d32857ea6ec6b43272cc93 |
| SHA512 | 361c4214bca4bca7c92c9fa1fd6f19c3394bf019b604768c1fd51a3a94a07f9ee87a5c0ae49abce6d1138ee65c9d9d29cba860a617ae09a0b8c7a1c5acf40542 |
C:\bonzi\netscape\components\nsPostUpdateWin.js
| MD5 | 065761b78f95648f3bef78586a4818a6 |
| SHA1 | 8148c85d3b659a3b68908c5bc5f4d20a7e2403d2 |
| SHA256 | 1da4e8e644c645145076e75bc15121761a7e02188cee019d99492e52fec84579 |
| SHA512 | 9b5d917cd5f27546ebab377ec019a8387d72f1d399789b12fed605ab5d839e2a9fcd2aa7e137e9967c133e31727cbf24c694e87c92eef3cfead027a4316a64fd |
C:\bonzi\netscape\components\nsMicrosummaryService.js
| MD5 | 8ac38534b5938307aebb0216328f61a5 |
| SHA1 | 6dfc0a3fe1cb01ea0efbfa945c6923d97d9c88e4 |
| SHA256 | 210a3d95a2e83ebc159d968474d4bdf46c91a26353e5e26b735e49ad854debbb |
| SHA512 | e59e6e86c74f3b5ab15c05a0fe9d8264fab3fd7b9b5d569e5f83aa613fdd4e1d29e6fcb6f79129471a869aa218a8d2000ef6a4496636faceafc8d03dfd069098 |
C:\bonzi\netscape\components\nsExtensionManager.js
| MD5 | 64b4361af9504b0c370ff17478ae5a92 |
| SHA1 | a874649072bb1a86d622122a3f61d2d02edb7dc3 |
| SHA256 | 5503b110f211e94a5c171e563641b77bcf12bc6643131fbc8b73fe08860bc7b1 |
| SHA512 | c9fcf51b5b19a8bf8b2e7f45eff02b6b79b8822b2745dcb9e11b86c91071c9f77e62a8fcf3d68a5298a21a763b888e163395394538132d8a82eb4891d8ac8360 |
C:\bonzi\netscape\components\nsDictionary.js
| MD5 | 0b22332c1cf81bcdd9255d6685d69047 |
| SHA1 | 98a5472ed96bee490d0520b26824eb7a85ab1e62 |
| SHA256 | 29a878a841e231390d7a393d694494717094e8a98a7998523a2e61d233af8d18 |
| SHA512 | 138afdf38ce07ac7f81295a13697cdf1a16d1d6517fa5feb11a6d7ab84c4bb9c4d48ed93e8e74c9e1f308669148c9e0ff436935b29f28e4ded412a617e2cefae |
C:\bonzi\netscape\components\nsDefaultCLH.js
| MD5 | 741a764eead0827df6f9734d1f1633ce |
| SHA1 | 7f2c38a82e089e84778b6dbc1bc1066ca3dbaeaf |
| SHA256 | df4d5a2d4f82b24c73d71e57c9647bc02286decc704c10df37d393292dcc8660 |
| SHA512 | 4b74c9680a9bac47afa1a3476b536973c63895ba6a94ef9af4e915ba3d2e58089a14a9f7e87892018293ba1335009a43bc7a5f82312f2c19b717837f8dbbb534 |
C:\bonzi\netscape\components\nsCloseAllWindows.js
| MD5 | 4f9abffba5d2e45acd75ea2e0505d049 |
| SHA1 | 1ad99436b0cafafe31907f4754abbd34ff2361b1 |
| SHA256 | 11f85a992ea0489490f305e7ac05757b5a2a10b8d04fe5ce362c6605b5aeeab7 |
| SHA512 | f1c7cb6f1e91dc6ced7ab15a82eb72860672334552fe521d694916ef2a5582280c38d3d40839c24ed52a2702eeb47940ec354997f98c0dfd6c5ca641f0b5cb97 |
C:\bonzi\netscape\components\nsBrowserGlue.js
| MD5 | eaec1d6852c10f66a9ab3024ed40860b |
| SHA1 | 9996913f95f9ade98363c59821740baefac7eab9 |
| SHA256 | 3c4ad7e846618277ba373e2173593deac7f9ef0739655b017756a8a43d02bb87 |
| SHA512 | 28662134ffafe9e5e5f4e56501f4a7f035752b72bf8e96ed248db3a7c8d924fa86a78dfca01e950eb2a8c41d3ec352b94ad44b620ab03fd31969fbb32fec625e |
C:\bonzi\netscape\components\nsBrowserContentHandler.js
| MD5 | f707c6650ef895f4b9246ee1e43f86b3 |
| SHA1 | 9d1432ab58cdae7f35e91fd24695191554d9a6d9 |
| SHA256 | e1e497a942d7a903b6556d511485d76457c7ba2855f897eebe9c0b3734c76b52 |
| SHA512 | 3b7994420c9fac1f5a44af5b2120f514794e0f21dc45d1b715d326ed46581c954f3b6c4c314db11098e59a17ad48170210b7e53123826c83c9d31145020857bc |
C:\bonzi\netscape\components\nsBookmarkTransactionManager.js
| MD5 | c24c287db46c59c71561c1b1690322b5 |
| SHA1 | 181ad97c6339d5e32fe2f54e5018a3c5ec5fd35a |
| SHA256 | de39cacd8f59edceacc27b1808bd0dd1508b809f5e65c6522d2261940055d364 |
| SHA512 | 3a45e6cf727bb20cfe0df6d2958674b3e344e056d6c56c8cce6c2df6438c81cad876fced141e88fa12911c09804582f69ba06657598fbdf882cf797a1df8724c |
C:\bonzi\netscape\components\myspell.dll
| MD5 | 08fc5c471d479fdcfbf20b69c0bd0d68 |
| SHA1 | b885d66100a04cfb8da0ea2ca0915650bce2b0cf |
| SHA256 | ceaf58967aa34778d5bc35eb5a3bc7df7e61f5daf55bbc411bb50579169a37d4 |
| SHA512 | e6c096412a8366e43761c3e360b9bf1313420292ba217ac75a55c4620cce27eea81560d121de5ba49562453c48d423bb7829594cfd46dd9cb73a739da36f60e5 |
C:\bonzi\netscape\components\linkpad-module.js
| MD5 | 70fecc49fcd20479309d9adc05078830 |
| SHA1 | 833f0d0f8cb3a0bacb11819c8a7662590006f7f1 |
| SHA256 | a3ba21168f4f8b6a828ad0f0ac72aa2f60cfdc541ee7de6ba5fdb86d17ac86a4 |
| SHA512 | fe4f1cf24ed680f5a06fc84da6075ffe0d404a2acb6eaf99a353bcc3a28392a393f281ca4cff700ab700aed738417fce7ee35971319157a221ba6eadd5f73b0d |
C:\bonzi\netscape\components\jsd3250.dll
| MD5 | 1a6924f35fa615987df6fcb1356a5f82 |
| SHA1 | 0f964d2be3a471964d8b0e98695085361af0ed02 |
| SHA256 | ac6bd5690942ce2a1d9d0396bf3cb07d6657cf4bcf361c541fcc00a884324259 |
| SHA512 | 7bc030694316895a9fc3919c3d9c14fe77f536f0128ab70bb3e67fd8f9775d5a86e42808e333ab390b924ae45b1c513db1ab3e945451b462f3b3021ce7b4ac36 |
C:\bonzi\netscape\components\jsconsole-clhandler.js
| MD5 | 0987ed598b945dfa32853c4a30b757df |
| SHA1 | 5ba15d5d912aa77e8028b89b65eb1a8756f74f13 |
| SHA256 | bdafc44ec1ffc146fa1fa0432cebab3e0180b19e1bca67288a2f7642fa4256a8 |
| SHA512 | 5c377974c5d193c53b4ad235a80412eea122f26da32d247e6ac6b60034696b2fd54ae8eb2260fd942c66ed94e8cc682e380995a03ce77c7a2d1a5a81e93dc404 |
C:\bonzi\netscape\chrome\pippki.manifest
| MD5 | 433dbb4921ce78024add72a778754702 |
| SHA1 | 4608e7571ad013787dcd68f23ae385b29c5691d4 |
| SHA256 | c249df4bc8fadcceed1dad278a96d7915af54f0ae97ae0f23fc8eb4175731880 |
| SHA512 | 59cd550765f633b2a94443c31edc3740053470c4408b31c9b28bae307b27d030a1edaa3c6974eb82fb454704eb0e46286cd454e7401cead18b1694f81bc5344f |
C:\bonzi\netscape\chrome\pippki.jar
| MD5 | 9a7d55620c9f1780441fce11a443e402 |
| SHA1 | 5fb1cba9cf23512bbddb07dda8564798ecb07c72 |
| SHA256 | 485b27b406a07a19195af81285067919da3e5165747bf01b2f7a90b6527038f8 |
| SHA512 | 832bb408758b9d803aef5ab175f80242ec10c99405611d5f9ca93d0b40b247d58c3a875f88767c8893f992d2d3ccba1ea205f181ce963f18e61ac7067a7f0ecd |
C:\bonzi\netscape\chrome\en-US.manifest
| MD5 | a9fae4b2673d3754b89c9d3ba508ba47 |
| SHA1 | c201a0696a9dc04597da29502bc5252502c2661c |
| SHA256 | b9cdf76c02a0e1f31094e9c61d1eda54a3bf4c287ad95f7df1d4d285de95ca63 |
| SHA512 | e0d1a1911653aff992be54d957bb31e5ef62649958a1c06c2e206718208496547bb9ba851414f9fffed8e5b9a8b2f6d3485dc23a69fb92f059998709dc3310ba |
C:\bonzi\netscape\chrome\en-US.jar
| MD5 | 4b5e8d0c4a9388ef045c60eb9870fc40 |
| SHA1 | 6e2c1852aac68ae8240ddbd9f2c8f1f82f6c0f90 |
| SHA256 | f6f452c736639acc1bd75a83aeacd10ad0f83af7dcb6e47ce6dd32a26a2a0343 |
| SHA512 | 85a9a675a245eee03d6a6cbe33f8522a3c8c22f42b70e3ba57dedc7e49670f050f7e4152ec6fef29428b17e765f870d02f097954eeaa634f1583b84c9a22bccd |
C:\bonzi\netscape\chrome\comm.manifest
| MD5 | 940eaa4676d333fc76e2c37e7e7e3a85 |
| SHA1 | 7f4a87a6a08ea398704225a2e5483a98a01cd622 |
| SHA256 | 28c245f1be3a0865ff3b6898f78c87408a43ea37aa53ee74cb18805c4eddeb58 |
| SHA512 | 4f233b8b662ed8a4e3aec5c19d3b7ebc479f59b4344c877d97eb4925f25a16e324875e76ee266d653ccc9612b8131cac6bbdefa9e8a74fd1733c3f70961ee247 |
C:\bonzi\netscape\chrome\comm.jar
| MD5 | 6f1b9ce083df442d2aa5fa03f6cb6f60 |
| SHA1 | 8afe52d7ec7f49df4a4ebf2f2cbe83005e8dc6c7 |
| SHA256 | 0ff2af2df6107236531d54f9ad6c81c60b4c66293c910c077a153ebbe66bd2dc |
| SHA512 | d50e70367a706c0f11001e10432ea3564d2294fd6150706ac5b910275ce5d4ef857257bb33bb68a62a6a8616dd91d0b6c072d768e786e4bb77b758357eab1934 |
C:\bonzi\netscape\chrome\classic.jar
| MD5 | 23624d88c9a71f0c366b7da0c986c74f |
| SHA1 | 1fb9c47c58a497974bf142106136c0a3de3d884b |
| SHA256 | 55818d24c66b15a04650bc4158068e5d02329a34d1c270fe1d219e2f53086b21 |
| SHA512 | 025dc050fa19dba690a135adfd1215c306719243e52e3f71f830517e58351381dea614b4cbddfd7c3ea4c397225d2201bf5b52f86b6d33c88eb4a39a9901b367 |
C:\bonzi\netscape\chrome\browser.manifest
| MD5 | 78f8ac0d911444edd41ee4c91bb6739d |
| SHA1 | 66da36d602e7e774043a8b47df762bda13eb0088 |
| SHA256 | e94a3fe979e6fbe23ebb0061dec47ffad95e054fe0284ea5f30d544267f409a4 |
| SHA512 | 8621e082f28ea28fee03fb8e38c9a8df64e1f0dc5046069bdf8d162f06896b83a91f722b338e6f37bd5c0c37d96fa17870b5be2d9bca03fa4954059f893c4f82 |
C:\bonzi\netscape\chrome\browser.jar
| MD5 | c8395710f824ec9e881a4d16fd6b98ec |
| SHA1 | f4f873cc1e21d4e52aa4d94b1a74b18c4293be20 |
| SHA256 | 3e975f38a5d95932bec15dd8180af717a6bf76206aacf937a0dce94251c8a567 |
| SHA512 | 9a210c79022140f5a24a921a8514407f964444231d62300270f1eba318e2494ee20eae86445c1c9efae6623b57c5c70e04900c5594fac402890a3f5992f44e62 |
C:\bonzi\netscape\browserconfig.properties
| MD5 | 2071861c3bcc63421c4552ee2bb7adc7 |
| SHA1 | c2cf21a40fa560436999987b0e5b03a30cc11892 |
| SHA256 | c80fea75a41531da6b48b13419d358a00adaf622849db5024c0dde020e260be7 |
| SHA512 | f7e002e839bc691fa70f27ba432be8ab7683548c29a2144292d1de63fc57da4c953a2ab012832e3a475504f64a71c9f735637a967993b611750be4286389d775 |
C:\bonzi\netscape\AccessibleMarshal.dll
| MD5 | 41d1f3a566f660af54961e766f7b62c0 |
| SHA1 | 136f8911db5e2260d21be242c12be32b2f39cd36 |
| SHA256 | c10e9e5064cebe3da1e5adac75e7c5275a1887c7f26aeda77b977c5e67498f0e |
| SHA512 | c8d05d38dc7bd1e60c6f157e2b9aa7e0312bbdb6efe6da150060695108204907948f4a33976ae2aa4e50110a35db6c9cc83cf20b272643890e1761ecc91f118b |
C:\bonzi\netscape\components\nsProxyAutoConfig.js
| MD5 | 08d001dd821413bf330d48fccf57f23e |
| SHA1 | 018c35966f308db51095b4eaf4f9ce6392b23b1d |
| SHA256 | 827152eb92571cfa3418bf17f5cf43bbabc41bb68ab2eeceae9d5a6fa69901c6 |
| SHA512 | e7459bf5f84c4765a316e8e4f51f1acb058563e5c9b610a008719431cd9f55841a695ec08ec708012cba5e5f2c3347d3097e21e1ee1f120f8e53241d9c594c32 |
C:\bonzi\netscape\components\nsSetDefaultBrowser.js
| MD5 | f76a9fc9d44334e584164f56fb7b8b62 |
| SHA1 | 28d5ac9e9faef872bbc5b63d887a4b8c857fe5dd |
| SHA256 | 6ebb03c911ac718da5209b39de0e2be4ddf1980a92619d8bd59fec9749e1003e |
| SHA512 | 422bfa21f86f10ae87074897730074a4a961e4e0c4f97e90916d8919a5feb223e23ca82a3c74f264fe6384703e3d3ecf30243085e0c87816876a88249ad53d25 |
C:\bonzi\netscape\components\nsSessionStore.js
| MD5 | 27d623618b9abbd8df69f13c1c2e5e64 |
| SHA1 | 0fb33087a86393aba5249aa8e7d46b7a8a8b1027 |
| SHA256 | f05be03766bba2a9e398ae07e2e67334c3868dbe561af389bb63a139eed6750b |
| SHA512 | 62ce28076deec31090ada6cc0be2f48e3c36859fe73518827a2717bf201985ce4999c4f4958f209ecf11c0954067c9ada6198f6bca8614b3932a98c30500e2e5 |
C:\bonzi\netscape\components\nsSessionStartup.js
| MD5 | eab9dca528deb7f4dbc8ad6783783d2d |
| SHA1 | a62178387f03d81bbef841ff51b8fd4d7e60b02c |
| SHA256 | 42e8cbe65fc237c7ad0ba99578f1ad4909a8a96b723f47cede11b5c4c2072573 |
| SHA512 | d82dedc8af687ffb6346490a1b4672b5b445dc07e88ed0209139c464cca36455e97e3597e0ca6a509fd407f74a6f93aa425d0961def492e9b642ecb2b7b67dbb |
C:\bonzi\netscape\components\nsSearchSuggestions.js
| MD5 | 5e7e23d649cdb5bbd192964a7eac32fd |
| SHA1 | 1f38817febdf3467679f111df7752c45adcdb15c |
| SHA256 | a0f77e8b1102ce024009480c844e64a6dd6222995418f8ab3dce2972b3a6be83 |
| SHA512 | b2a2decd596b27488a8db996989341809d1a103cbf01f32416b1204b59b9149a6a2fc16ec2c77f13a54efc7c07b32c60553a820744d776d657747f1f444e2815 |
C:\bonzi\netscape\components\nsSearchService.js
| MD5 | 27012140c4a8e8ca5c2045b8f5f984ee |
| SHA1 | 97c2af3d3dbafacd4b9fa9a0d9a9ecc6835ea9b7 |
| SHA256 | cbe5a2e9510a65432c5c5f443d4380d982a2818fa3497db0ae6680d76ff072ff |
| SHA512 | 9de498a5c0e7f1277fd5bdca784bf33ae83a2c135e84dbe0c6638861e95aa1a2ca2fe239b94b8adacf34460c129aad066e6f9351e6bc0aff85edcabd88b5b7bf |
C:\bonzi\netscape\components\nsSafebrowsingApplication.js
| MD5 | 4691115edd580fb8d21aba64ebce2637 |
| SHA1 | 97d917e4c9c0b18a5d8be11e6a2cdf2ee9b2c5d8 |
| SHA256 | ec1448c500922d7576fd5cb5c804166b0e3328b82bc94de58434f39333e241ef |
| SHA512 | 976e96ee9b9ca07212a58ed2e5195fd242830efc48e3cf3925340b6cdb21d374d72495f94ac14b5d9ddfd2ae83fb24daaaa791232682b4ff28bbb2c5d726d05e |
C:\bonzi\netscape\components\nsURLFormatter.js
| MD5 | ad970d1a0bdcedb23fbaf1257a0b26c0 |
| SHA1 | 6527b1d315f7274c31e63536c169cefe35496239 |
| SHA256 | 5329211f2ace73dc205b0d9d7cbd3d977c7733edb38b6c8976ae60309d024b8b |
| SHA512 | 2f5ff89be14e2caa171d4cebd80552e2c259d9e9f3a993495a415feed0485fe09cc88c5bc8651d25e061d597371dfb1cec4e6080590ab6391180ade5b443f095 |
C:\bonzi\netscape\components\nsUrlClassifierTable.js
| MD5 | 44c81aeb42187848b0f5dd387cf6f753 |
| SHA1 | 119be5ac19e88ce09a61411e80441eb813278a8a |
| SHA256 | 1f31611ed540a65c9168a38ede5fae3a927eca39f03fb66b8f8e33ed2c7e4fd3 |
| SHA512 | 8fb9455168e0432b7c582cbb3fd2333a3f5d6360f584d755016233072b3f0262556c7d4a69b87f9bca1484d4a83561da7339e45ba3e3fbc2a25f8a578b0a0b32 |
C:\bonzi\netscape\components\nsUrlClassifierListManager.js
| MD5 | ebfe7bfa671f2b663c79948f8b8d6823 |
| SHA1 | 924ff2a9f72e7d2a5648cbf6f0c7e036a7c9e1d0 |
| SHA256 | 7c4db11301ed9f1bbb2aacb0f9f75c3597d797e2c3eda4567c96660eea8ec144 |
| SHA512 | 2184e74a6e4e7bc8f4b2876175f8ead8117acad2c7c386d53985461a4b8aa5c83cb369ff6459499a4361419892d137c30cd7dd3d5474d6214061e89601e0d9d0 |
C:\bonzi\netscape\components\nsUrlClassifierLib.js
| MD5 | 7e52afdae967a4ed27df43530183a43d |
| SHA1 | 0ab9f5ecbfab7f42f4d0f6ad74cff93f449f98d5 |
| SHA256 | e07b29cb7a4468b8bf60b5e59819d577fba0fbed976189cff768aca56cbb569a |
| SHA512 | 8173047631536acfab539b9f67233af690ed3d5722cc6ee26adcb8567d9df32a578d6eeb2f46557bfe735e164340ba52588c64516bbe33170efc827a1e6b342d |
C:\bonzi\netscape\components\nsXmlRpcClient.js
| MD5 | 74413e91807cc66f2209a19d4aea3b37 |
| SHA1 | e27a9839280c5ee937e21b3ad2b6e49fe074e325 |
| SHA256 | c1374de0451a08a860ea7d2389560036ec0aef3196b6544b4455c8ceec347ded |
| SHA512 | b9847bbfcb7badabed2c3c818e238acb88f30a1fc7a39cc57587319e03d995ace31cd25acdedb399b65932dd9f9a8839375b524d613b4bcf9d84d6e916b22f9b |
C:\bonzi\netscape\components\nsSidebar.js
| MD5 | 9948247b0825b1ea4416e76c212aa7df |
| SHA1 | 23a1ea3f3cfed840a5154385c05e29a50e8a7bc2 |
| SHA256 | 47c783b7ac65e98954e4c09f373c0e7462fa4f412bae01647c845fccd47a7cad |
| SHA512 | 1d8b3bf1dc2bec9b6b2282fff918459b5fd9c89214864940885d7c8de4e6a8db4201f0b5437f5ae3aea691854fdb33d046f84686f4ff933e2c31048b9973bc7f |
C:\bonzi\netscape\components\nsUpdateService.js
| MD5 | d1a73e0298389c25e91a595e5599f1f0 |
| SHA1 | 6f80fd6a58ddc87ee25ae3315efe94a4910ac97d |
| SHA256 | 4fd9bd4026c5154fc56b7d60f53a99835b0820424963432b184fc496c6ceb65c |
| SHA512 | b132ed63a83be39f822c2cde8f365635a2005b2c03ac2d9b89b5e1d8d28c0355f5abd8b1a61222bce465ce4f9f3cdf1adba68316a9fed270d2bcb4d09e47d082 |
C:\bonzi\netscape\extensions\[email protected]\install.rdf
| MD5 | 431d865bfdcc0960eec97e72448f0c55 |
| SHA1 | 194068fcfbf2f6d81e968a4a343064b1dcd8979b |
| SHA256 | ee3a1d0f9b4936be7a9abd49293643ba74ed4d88ea0066d1211963658911accd |
| SHA512 | 2a499ad5845b4d3c5848a9b9dc8bbe7a27141b279d4cd03243872dd9e4ac3a77594476dc26cb56b84b302fb22e630081fecfed33827edc7329e22fe5784c0e83 |
C:\bonzi\netscape\greprefs\xpinstall.js
| MD5 | eb2ce400f30e5aaea7957379005cd5d3 |
| SHA1 | a0a00b69c3450cb5c66b9cc06fb94841c6963875 |
| SHA256 | d0e82435e9600d4e881c0cb7db9b1a8cbb4a918529576c892546c0b877754e45 |
| SHA512 | a4859a0dd779d234dc0134d6b1e0525324b8f7fccef2de22494e9524e44c6432d7b345537085babd5666bf0647815f9be3caf8281293835db40b91310e76320b |
C:\bonzi\netscape\greprefs\security-prefs.js
| MD5 | 53f123fc23f330dd813312147c76de31 |
| SHA1 | 86f25786d1bd39f31141820bbb729bab33e6c4bc |
| SHA256 | bd197f724de55bde3aba0f961eaa971dfe3bd09ba226ee34e193e82a04e96bf9 |
| SHA512 | cd24a704fcd44990087745438aebf248e06cb7dbd95b0079c4ef821a768fbaa3d3c123d046f31dcf2563ac6ce4b7145e769d4473db7f706667a596971e372fe3 |
C:\bonzi\netscape\greprefs\all.js
| MD5 | b4a2ee06c41c338066a52ffab8f29e76 |
| SHA1 | b475a8227667800d209d665d6cca99f5341bf9cc |
| SHA256 | 186741ba1263c9b520eccac62b14c385def76280e82dab337dc3e8418d46dcfa |
| SHA512 | 354ea55bf5930fd11b5550afb9ca6f183f6c2644018626d7d0048666c2cf6949b800b11b97f4f70401b804103a429fa443cd40c3dd2a389a1cd322d84613e0f4 |
C:\bonzi\netscape\freebl3.dll
| MD5 | b5131a9ce0da9fa658a5ff3bea0d1ca9 |
| SHA1 | 0b88eb4d003f9641ada07fb248a3f1a6a64297f4 |
| SHA256 | 4ae900ab6ac0e624051cb0007ccbd229a9c22a69a58c63e5c08701a24a1e64d9 |
| SHA512 | b259f0a99514b967fcee249bf6aa061503931f23c439f3e6c6cf8e9c36e5a5abed2d4d22865a4bcbe8ca99a67060e5b9cd330216d01c187305b74bc1489bfb13 |
C:\bonzi\netscape\freebl3.chk
| MD5 | b9048692c33fc15f71fe124a1ac34c00 |
| SHA1 | 4f014a3fd551657206617440dd158c6b3870e5d8 |
| SHA256 | a91209959d1f78c3c304ba5d2d4e64fee7d2f311e7e198dceb02516290925af2 |
| SHA512 | 1ef4aea0fd1ec52061744fcba5479c04575ae246e8ba3dedb643151d12858a80f481a800c3bf3f74e34d21f25020056c8b77e5cf1eb530f3ae311200e7f48408 |
C:\bonzi\netscape\extensions\[email protected]\install.rdf
| MD5 | d0319e0e1936fdb42c3a56770aff0eef |
| SHA1 | 55761dbb56e8763e9b8f819cc1d51a0bed46a714 |
| SHA256 | 85e35d76855c30aae9e07f9dbaea16861fabd9eebb4222cf0b733339fb3d6a35 |
| SHA512 | fe6e0bc18cf29ed659cfe6df4b0451bd1ec9bc5b3d13323564436f41d819c30021713104ce420a00d6c4f084dcd478476157ca9786b32347eb088e0966ca5076 |
C:\bonzi\netscape\extensions\[email protected]\chrome.manifest
| MD5 | 9e2e3cdb27116815f259b2d9bcd567a2 |
| SHA1 | 27a3809db66020521e16cacec8dcfff24333b11c |
| SHA256 | c9d65e0ce3d7fdd0fdc8cce87858c2cc45189d8778daf26afbbf02ea2e3d1f8b |
| SHA512 | 7d0f52a03f82ee00ba19fa70024aa8af610b56dd59b8cf2faa334f769a7dcf502c3f3c1ea8fcfd159eef7538d9a27a662f8ffc4393ecce79b89687de10d31559 |
C:\bonzi\netscape\extensions\[email protected]\chrome\ns9migrator.jar
| MD5 | f26c61305ecf5692d1c2e192179b6b30 |
| SHA1 | 27d9e5929a0e769f130f73c25e47f50258913515 |
| SHA256 | b04af3d3e68c0254ba02ccebebd223804af2fe2f37c0505dc66edd44f163213f |
| SHA512 | 1b13fe01e9457f53c926471be3776820f9042c05549b0b620981f6f321c98a80c617feeaf789178424d6e0caa76bec518e10d8b24fed8437bcdcf2e0f5c8f5a2 |
C:\bonzi\netscape\extensions\[email protected]\chrome\ns9migrator-en-US.jar
| MD5 | 15a413803fb8c3eecb0465e5d64ff4ae |
| SHA1 | ffa2a75e541f697d71745d80cc20b0ec98a94c2b |
| SHA256 | b20e7e0dbf8b8cd1d3b7608e7c8340330b521d1a6580a9cee8b6d49ce395a164 |
| SHA512 | 673e8c4f14ed31ba98752cd104a376ec9f5f9234c72735784e48af00bbe9da9b1db2acbdb59e1c207e67d764cf0d2e28f80e1cd2a4f8ad9498999cdb5606c3ca |
C:\bonzi\netscape\extensions\[email protected]\install.rdf
| MD5 | 2ef0a4267131641c2e72a4d3f07d5ef6 |
| SHA1 | d79c2fc375d97527c49ec333da1355527b3b47a9 |
| SHA256 | 52af9d35c94d01b83535d846dde0457341cb3affd2086d3973a89f38da0ed7e6 |
| SHA512 | 94256907b2510bc3505a06252ee0582c79fb9feee9019168808bd8605731f2f3946cc5da17e17fcd7178f5d052408dd8adb7bcee0ea4821ee587abeacdf192ab |
C:\bonzi\netscape\extensions\[email protected]\defaults\preferences\inspector.js
| MD5 | b398099ced09c658a4b156ae25ca397b |
| SHA1 | 6264987e2d5733fa1d2e4c18cd92bea04b986479 |
| SHA256 | 58ca53ad7eef6cda7d018bfeba2029ca7a7b7a8b07ca13cd5be0a3bff9f33fb9 |
| SHA512 | 648c9c90bececee74373a0f0370a6b61f1b53bb4a9f220a3f4cd8e366d59925c13bbd26513573df89530beed01bdc445418a92ddc3ec315793444204d32f75a4 |
C:\bonzi\netscape\extensions\[email protected]\components\inspector-cmdline.js
| MD5 | 922c8e14b8b2378b9da216059c091901 |
| SHA1 | a01b6cdd2ffa65d3eb3a73790c89ec485fecb0a5 |
| SHA256 | 77069964afccd28f46d6889153d454b9472ed2161b225bb2bd2ee70119a84081 |
| SHA512 | 644c6c113598f100ee57a0532eb5277fc6db2c93cd48f0386b8124b3ba667e9ec92b4a036fc5c54b7c06219e32b5d4926e046511ed8f8443d3f92ad50bd1bd8d |
C:\bonzi\netscape\extensions\[email protected]\chrome.manifest
| MD5 | 8fcdca80d3692d87ed68f4b993ca124c |
| SHA1 | 1af6ace69c021ae851b78027f379d6bfa8d316b4 |
| SHA256 | 07d100d9460789b4a0974dab9c861bce342c3b5a078df6537851f3b6afa10a3c |
| SHA512 | 864af0d2c7fb8020af710e715a15dbe6ae3a26ce36a4eec9335a4494539e5f75c67b5befa41f9dd05017c39cb3f74acb2258850c42f2b6c5d744dcae4619ed36 |
C:\bonzi\netscape\extensions\[email protected]\chrome\inspector.jar
| MD5 | 90cb2f24267e0120c71ffe6395205ffb |
| SHA1 | a5be679a919247720093950f21209c8093de9647 |
| SHA256 | 91a9e466ad473f4fe493d1fb5a574e2a59143eacef8eceb0a1d65c918c9276d3 |
| SHA512 | 2b92d4c276c02f4d63b37e81eaa38069b979100393b5ee10b6fe3a38c26c3ef8f32463d0733b8bf37b9356cfec7d41c7138c22f4ca42b6fdc8fb7129c5475ab1 |
C:\bonzi\netscape\extensions\[email protected]\chrome\icons\default\winInspectorMain.ico
| MD5 | d9ddc6869edc574e4210b9001859e8d5 |
| SHA1 | 0391f94d4da74e29bbe75cfa6cb8d67499ba5eb0 |
| SHA256 | fc2b8aa8d1dcbe2893566d8f821f0c4565aa27c0564398fb874dd0de6cea60bd |
| SHA512 | daf29f2d0c3f00ae8601f02ccd48ca43214c2a35a4bf5b4eef519260f15208ae140915e4b0eb35f0bc48f5d57ecc75fdc77eea6ba77ba68454342e50c3ee49f7 |
C:\bonzi\netscape\dictionaries\en-US.dic
| MD5 | 508a7bf30b716ccf59c662ebb7d910ae |
| SHA1 | ba119761e911604012a348f9c7358822e2f0467c |
| SHA256 | 6f90f900a772cc49d96b061c489671e217d68ab9b533bcdb854682631fe4d303 |
| SHA512 | e5658db0f04b338f71707fb8b4ac9889335106b993c898ce9082322f711d10d819b3e7839b5b52d6c5c63840fb1533cad1c6598616ca3a17c89e5924bf7ca65e |
C:\bonzi\netscape\dictionaries\en-US.aff
| MD5 | 0836da9065e3f2d4d11db79f1759f019 |
| SHA1 | 66855c47c10d65d92fad5a478460cee71897bc06 |
| SHA256 | 66db43ec9d39dd0875402a900936edc037936c59ad43e24ca086a1aec75314da |
| SHA512 | c3726e8055ed4342997e3c00e33fe8b44468d60ae39affc576dac21088dd92fdc0d08c027c4e5a314c7b395a1ed7ad2b1706aada40939ab09076df74ff69f688 |
C:\bonzi\netscape\defaults\profile\search.rdf
| MD5 | 939dcfba9fa92f86bcacb487df9dede1 |
| SHA1 | 74c89a6c3bb22b3509d86e6e1d428b4a206a3c9c |
| SHA256 | 451c4475c6c285da263f91049224c87cf1567c4a7ad6236f3dd52290d65fab16 |
| SHA512 | e29940cba038a737335e1be397605930d207bdaebf7324b57da1f4894e4f416d665f33e9eb5adc7daabd166864271c4cc42e824479f2fc9e8c6ba48422a9106a |
C:\bonzi\netscape\defaults\profile\prefs.js
| MD5 | 99940ecd258d83b3355ab06fca0ffddb |
| SHA1 | 8d94cf5c736408c218bd7e483cea3357124d232f |
| SHA256 | 0a9bcb3c03867313418c0a1e97eed0f016a3c37ca56d16793df8df90e2f2a212 |
| SHA512 | 057432f34bc2daf33eb2d4ea7a182521e4edb39c4229fccb875615d7d42d405a642e09974ee8d59d1bd018e328126ad8e6dab7d6a2b6ee6a77734c7785ea75b0 |
C:\bonzi\netscape\defaults\profile\mimeTypes.rdf
| MD5 | 6047f42624d9930caa8d651fa94d28f1 |
| SHA1 | ebe84276ea707bf822cf6673064a2c3a6de1d22d |
| SHA256 | c9aebb4219a0e86565a9399c14b70219ea4f066464102848010cefc425d72008 |
| SHA512 | f9b83f91669152a5ca10c95a9fdd502f6a4f7124c76c0fc1958c781d8b1e09e2b28f27705b390b31af23793ac31a709a6f29d5cb00595b0eb8fbeb33a50aafd9 |
C:\bonzi\netscape\defaults\profile\localstore.rdf
| MD5 | ea03cc19c2a3f622fa557cd8ea9da6eb |
| SHA1 | 2d8aee4b5cbfb5e1c08f2a4c9af2110bc1262b11 |
| SHA256 | f72301be0ecb4ce64e26fb8ee57cf4bea3dc8c8f3830f2fd0c91ae893ab5e592 |
| SHA512 | 06f6f5bdb6609f0e72291ef82aaf55c035fa1fdc0906debbd7807549d6b61579428585b91ceadcb8aba511ef7a144c9636c6216afedd9753bd26e4e72f49c330 |
C:\bonzi\netscape\defaults\profile\chrome\userContent-example.css
| MD5 | d3765c7d2de5626529195007f4b7144a |
| SHA1 | 257aab5a68752a4de9375aa50809f3faa8b83b26 |
| SHA256 | 10cd5c7d7fb1f6f1123893530099888822c6cb8a4a41584534c2d2eba38f5ba9 |
| SHA512 | ca8e87d31f8df9fa1f9c46a51aa2960b980949c4e5b360c82297a5ebb3a823f7c63fc8ada7db53f8e7fa25cf409d33d492f573e5ab061ec7659204577f4f0545 |
C:\bonzi\netscape\defaults\profile\chrome\userChrome-example.css
| MD5 | 4788fdaa51b0a238cb21f5c2877ef06d |
| SHA1 | 866b51a43c76c9ee058f7b507791c86e5df8ba5c |
| SHA256 | bbaa6de3247c9d5c9991f8d14b9022491578e603a6b2e2838e760a87c658a719 |
| SHA512 | 3e628961b1d55dbb795cd08508a3578d2affd8dbcc68a4ba336e0d02dfe069a747cedb05d9093b52c36c21ec9f8e9123055e679caf6f13b2c6d600b4cc5be748 |
C:\bonzi\netscape\defaults\profile\bookmarks.html
| MD5 | 7ad9a2201434f3b56abfe706bd79d78f |
| SHA1 | e0730e32d407ebe1c716aeb85e4d46a86c9f1e29 |
| SHA256 | 5720d23c8d052f33acbd334c0b4f4c4a4fef47638b77690f2228615682ee8a3f |
| SHA512 | 58c12594d2158608e7993ab11cf879d6587fda9b9ea8fc8d846db7d9f919d2e5f231c5ecbfce24c9c661a98e8db73b6f1eac775d74362b0f9677e45f93738e5c |
C:\bonzi\netscape\defaults\pref\firefox.js
| MD5 | d89f5220181653b77196c74639a5561a |
| SHA1 | 8d773d0f4e8eb72cdcc77e112ee075f17fb24a39 |
| SHA256 | ea8bea6e0e18f43ae943601756f9e8202a5b24afaccb6a2c2b7cc5d137184988 |
| SHA512 | 3d893ec0c23e7beaceeb10b7400782f40fa14202437b9cd0e8dece2ec45d32564e128c7bac207493f078a4bb66fe07e24d64bffcbd5b25d8dcd5fd8b4923b8f9 |
C:\bonzi\netscape\defaults\pref\firefox-l10n.js
| MD5 | 8feb09bb3a23e2f151d664abe960c9f7 |
| SHA1 | c02a7c338f5fd78ad56cf842d58fdb55a04112dd |
| SHA256 | 6d5ac2568d323ba7d05121afb58c85424d8307355fb16bc6e7e918a069389f3d |
| SHA512 | 85eb1ee8b2008e44e056b0b53ac7124c1e303db404876412bd3c4e1552aaab9a1a890608c3017047dfb67aa880ec83ebe829610604d18e547841842b4ec4f2b1 |
C:\bonzi\netscape\defaults\pref\firefox-branding.js
| MD5 | 25c55ae1428470b8f827ae1535a6d60c |
| SHA1 | d4889ab09d687828a57f433dbb523d52a68750df |
| SHA256 | 13a76cace7913c4e1b0c2d7ea2eb9205330f4ae443bb488894eb3f4099e1e9f4 |
| SHA512 | 8999607218dee26ca9df3b780624fa2319660212514a640480c68eba86319750b8b43499660a8f6c60396e1b3199a4400f88a3a0f17e12d35138b1efb2040cae |
C:\bonzi\netscape\defaults\pref\channel-prefs.js
| MD5 | 5b749a30beda3a05f87156e65b97f89c |
| SHA1 | 4f9c3cf99891dc318a701a3d3c0570c9061f821e |
| SHA256 | df17dd3fc932c653365ca9e0a8dbff0b1f0e441102dace3cb578ba62a3856b27 |
| SHA512 | 13ec7744ffb3be6df4b8e0e5c01f2306efe28a4942146a243208fbae0893efbe5bc0db1504c3a9f34eab86b53ae7e7984f67dac18b35e83c5f6e9052be8f171b |
C:\bonzi\netscape\defaults\autoconfig\prefcalls.js
| MD5 | 4a87b8ed95918a8a94ace81998529f18 |
| SHA1 | 7fb3a79e959cf46c613599568be8b93bd647652b |
| SHA256 | 375fbd824a7336a51729ae7025a01ea1b31d33e005facef3c8bd55fa742284a2 |
| SHA512 | 3bc4c3a9bd72334312588765140e01f1df839c3a9c836bdbabd3efbc11c9e203a658f1a551365f447d95ef0c00f715e41ad77f7be8a9ef07c135817a9757ad20 |
C:\bonzi\netscape\defaults\autoconfig\platform.js
| MD5 | e3c0b603d8720a81116319d44ee421e6 |
| SHA1 | 6b7554f4fb3f1a4f22c1b09f0d1e84eb9438450b |
| SHA256 | a319126b701f722a192e0653d2698b8d855e43d56153069ad1255879a0affcb7 |
| SHA512 | b398fc5f36d54ac60f6487bf950298c03ba9a01821164973c1b999d4d63b280e2271749be803bdfb9593642b79fbf6a8546eb15684b1496bf0432deab21afa6f |
C:\bonzi\netscape\components\xpti.dat
| MD5 | 807084072a4a43fe7068cf8cc9e5b6fe |
| SHA1 | 2da384c3c4da778604d2983a492674f55cffc934 |
| SHA256 | 3cca77f42e7c5c2f843b819c1afa34f3e2836b7c19e39e7878b78692ead57904 |
| SHA512 | 0fe1409e09a471830f2b6f54bb6f70b674b367a9f995b850994036b76e42c0085be939a66d746b46d5b322d1557f83d3597d19b1b866e2af2b264178b2c66a6f |
C:\bonzi\netscape\components\xpinstal.dll
| MD5 | fde7dce307297e73f31b3dbf8280087d |
| SHA1 | fa7b21e7d07bfdb87806763d0b5c95d1dbd3c9f4 |
| SHA256 | 63fd849eecbf81005b50a1b0ac0a90b4b98b387a470df90dcf808c311afe5921 |
| SHA512 | a7e5d7ff91e733ea7c157255e300546d455b138c3db2e9bc3047b9c1181b98e504bd40c1b043c95290aef0377dbcb7e911feb5a653af1049d84ba88f5d80c33c |
C:\bonzi\netscape\components\WebContentConverter.js
| MD5 | 9b72a8b155a1b5d9f58f5d908a6f1cef |
| SHA1 | 7a9da43bd02f63095417891fb64bd9516d549d11 |
| SHA256 | 48f5089af788fc3c9b8bb956ef8fb78353d0e217c24d680c1bb158670cece404 |
| SHA512 | 74ff99fe2c307f6d8f399a5a964d8763d546cfc2d1cdaefe415e80a0d1745d5a7277651736d350b6dbc01d28a78d60af467accdf4892b69f554307a8f5788d34 |
C:\bonzi\netscape\components\splash.js
| MD5 | 581e95ccaf7f7b76d9eba0e9f3405ae2 |
| SHA1 | 1cc422c592345b6dd13a8b0fbc46ecb3d6985270 |
| SHA256 | 7559901b6b9fcfb59ab384c890a775a124f349aaa139b6895aa6f5a5e66514c1 |
| SHA512 | e0c68c199abe96997d15462f6a5d0008c65c2b938a70fb5053663f87d63984f331f93d9ddeca78d0e5a958fca21d8c558c548a91b4074966dfabf4614d616edf |
C:\bonzi\netscape\components\spellchk.dll
| MD5 | f87cd56a00963d60a12846b2a0e09c6a |
| SHA1 | f8e4dab59b0c09f64b29260259cf5a0c4e304ae2 |
| SHA256 | baf98ed31a1da2e86a52de675587c850fd47846f9c84b49782a5362f4a1daddf |
| SHA512 | 49307387d2d2cf3e663719b527b7a7106e9b436b7e30e02563a5c528146155c40195c7ce0099b57553ea98d22bdb9e94d6b68501a15db883dc02757e852a2fe5 |
C:\bonzi\netscape\js3250.dll
| MD5 | 3b808914db411389d9ecbdcb4fa1c1bb |
| SHA1 | 5deb6c3f5472136a5f5bfc5a499b8e5615ec6333 |
| SHA256 | 2b6a59c020e48a2308587d773607da0fb3d94f79af0eacffa47cfeff10acdce8 |
| SHA512 | d5647258bdf0aa3f7701ea26895b9af6533e679572a608fc8440f6706898738335903f31eb68d95417e0c23ef292733922557b6ce001a6cdc4e6f4f7d15b58ba |
C:\bonzi\netscape\LICENSE
| MD5 | 48ff35a6e75247e702019cddd0eacc21 |
| SHA1 | 870b3816420f898f42dfd450ada2b12934b5c7db |
| SHA256 | c2aa7d58cebd24cb877bbf11d6b13a4bb7cd08b9d7db5d3037ca06c46bf4cfd8 |
| SHA512 | 3879fc8ddb55e2ef7ee2c9c01a1bca80c3306f52dd14b1f9949d8d16f8f7b970a9650f76eb000e91571cb09eefccc11cef482a41cb31bc0b00b17e4997e321a3 |
C:\bonzi\netscape\msvcr71.dll
| MD5 | 86f1895ae8c5e8b17d99ece768a70732 |
| SHA1 | d5502a1d00787d68f548ddeebbde1eca5e2b38ca |
| SHA256 | 8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe |
| SHA512 | 3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da |
C:\bonzi\netscape\msvcp71.dll
| MD5 | 561fa2abb31dfa8fab762145f81667c2 |
| SHA1 | c8ccb04eedac821a13fae314a2435192860c72b8 |
| SHA256 | df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b |
| SHA512 | 7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43 |
C:\bonzi\netscape\navigator.exe
| MD5 | ac9cdd36906387f84557acddb219f405 |
| SHA1 | 2539465a3c843d70615810afc7bccb7a5929e096 |
| SHA256 | b529c4308f6c2ffefa022bb8b4c1456778f3a15bc0634cb109436a72fa5b3aff |
| SHA512 | 0204726358b6a319c1c3cae7f6c67e415139fe2c99169de6bcec6029bae3299601b8d01fe804410448863361680fc74e0939bc2d91ab14adb889623c592e4250 |
C:\bonzi\netscape\nss3.dll
| MD5 | 8d0ab55e35866b45f65768a7a9c86f53 |
| SHA1 | d67c6cafcc35b6186b65e796b50ac3f6312fc43f |
| SHA256 | 259db1e89f9e87e7f6711d475abb3d9ad964f42be4cadd918f18502c0e4c0041 |
| SHA512 | 57de0a4e4e0db6735f91524b18519970732b3adc7d15216c38cec0c8323286568f8dfad6cdfb54b148351523507ac845d78605d27cdd7d861955b7ca9abf70a8 |
C:\bonzi\netscape\nspr4.dll
| MD5 | bb39bd7ae471f9ed12bf9cc8457496c1 |
| SHA1 | d8e2f023fdf0eaa75eb776907747013d0879696a |
| SHA256 | 43d1f30fc2b47e4ec0f69a6410dc6e870ee4601b2abb88aa5a7852bc2530a97a |
| SHA512 | 9fd2a8fa2e70827a4172c499c42740b7cd70c47a8a819334e78bb02929694ff49433b1687cd1506dfb70a2d644eff2fdc7ac75c8c1d6b2a9b87959402e482e80 |
C:\bonzi\netscape\old-homepage-default.properties
| MD5 | 774ae4f0f3a74d0806392e37756e4e33 |
| SHA1 | a9067e6b1e57b01d901f48766fe3266e76180523 |
| SHA256 | 407aecd0255e0492d3839a0f936e4ff55e5ed21efeb7be518ad3adb95f98fdb8 |
| SHA512 | 94fb88cf1242b1281f8bb4de888a965e53bd7f00dff272cc215b2fc66bb719732a5fb601e51e267ec721541980ff94a04252e626fe7a0528aeb728fa0cab8436 |
C:\bonzi\netscape\nssckbi.dll
| MD5 | ac325a321a53d920e99f787577c51369 |
| SHA1 | 19993a9b67ec17c3fa1ae2a0170d6409e42d5c32 |
| SHA256 | b7e96e63ac4b1b6dbe6fe2c1562032d5f99e3256c515edcc1b2054dcd7edc769 |
| SHA512 | f9d26f35f8a2a479bf15beaf210e2fb35269907f11cac7d305fe20666efcc350e22d283d99a587da747cda78260a71e48aab94fbded4d77401491a3c4af49a7b |
C:\bonzi\netscape\res\svg.css
| MD5 | 0386adbf839e5e72336f780838965ed4 |
| SHA1 | 9ee5e21be98e1c24a2b84780a13726104ccfa7a1 |
| SHA256 | 3ac1f6e45e7f599ebac6f6658053231f2769da73360405d5bfeaa0317c1ac319 |
| SHA512 | 0cafee434c9c84647be4bd04279b34bbad533cfab916277a20668c20acadec232366e6b4b53a67b778f1a677ca2f94e1a2f6202180b6cdeaf45095371ab54ec9 |
C:\bonzi\netscape\res\table-add-row-before-hover.gif
| MD5 | 3effbb21fc1ce4a3541ff129e61b6360 |
| SHA1 | 226b23cd455176340c8c72f21481d6fa0ba438c7 |
| SHA256 | 82d2c0c94973797f588c41cb17f5965d2979d42032b87a74a66b19b4ca881722 |
| SHA512 | e5e381b2ebcde5ca014634f44ec0463ad7a4ef44098c856e23c112dc84d62f25750fe4a22428617543bcd89424ea8b0e22525ecd11b98ecb49f06eeab846add0 |
C:\bonzi\netscape\res\table-add-row-before-active.gif
| MD5 | e5fcf51b2ccb0d92f90b2ea04e3f234a |
| SHA1 | edd33b631007828da2f369e2c53460075dcfcc45 |
| SHA256 | faf9ee17f3da733b3553b18d51988e1acd888dd0f6cb1812f4601defc504ffa9 |
| SHA512 | 2fbdb6b5e64fa3430f18bb3adaf6433ebef16fe85f35152be119f22a221b0f1258e776c719ff1843d98bcedeb2f469cb514d19757e4bd2742eb14fa977555bb3 |
C:\bonzi\netscape\res\table-add-row-after.gif
| MD5 | 86ea7058408e6573f06e35a22c381e5b |
| SHA1 | 9f55167f4843d25452419ad8b6856c491a7919d5 |
| SHA256 | 4314043ba7acd3ff7d7b068c01039306a6162a706ed9e74ecb4ff9f81512b726 |
| SHA512 | b20a349a6d9b652b0a1b6932c7c8664736927b34529c44ccf2d4959d5b4a08c16b0ae568dde8417b0a4859eab54da3488b80abdeae4cacb33578065250c3e78f |
C:\bonzi\netscape\res\table-add-row-after-hover.gif
| MD5 | 73d91177fe9ee5a7d6f27f950fdaed06 |
| SHA1 | 6cd76a918b50021f3baf7d0f535f1e7588232f52 |
| SHA256 | 7f95f83b24a702e701808d2d294827c37a260c4cab54970d8a89cffca311aa3a |
| SHA512 | 2b03039a595bcf8e3569888682c016f599bbde90ae1db9b4abd0f5369cb388f3b71458e0f8b341dcc24faf7306c161eb937904c4b21a98628d3dda66afc14758 |
C:\bonzi\netscape\res\table-add-row-after-active.gif
| MD5 | 2118b374a6a662950d0bdf4a3aa31188 |
| SHA1 | 86c13feda9879e0bb9ed9c38766a599192cf4880 |
| SHA256 | 3ac7a99ad807a3d329a8570dd2d9f35dc693409b80a52a76422ad30ea0747ea8 |
| SHA512 | 73e81d0470a1fb0c6fd50acfc0a41dd1055ae7ce1a491fb82e503277665fa68f01bc80cb1239f1482bc434392e2e45641e96f3f83cfd2412590f640f3e5e89b5 |
C:\bonzi\netscape\res\table-add-column-before.gif
| MD5 | 2915b1ccccef8f1b4efe358744fc4a35 |
| SHA1 | d07472295c783f52842c727abe8e568bde27bc58 |
| SHA256 | 7aa10dc5f73e868a1cc4790fc4c0de63f7c8be43d9557b5e3a63089fc576aefe |
| SHA512 | 6c5831a948c9f56c505b82504541d99b46c0baf475717f4629b12fac39f09ed47ea12bf8b8a2a6d8cc354aa49d573f4a0d50feaf78a4215a9919f0399a089195 |
C:\bonzi\netscape\res\table-add-column-before-hover.gif
| MD5 | db5b629893e402162b24764d509337de |
| SHA1 | 6aa75faf4e9d7ce0c743d9f014d1349822efd64d |
| SHA256 | ee08fb30bbf7a2bc1fa0351276c18d87315f43d1dcd6e721a076c7f4850d8576 |
| SHA512 | 85ae25cf42e6acd82339d9e34792d7b9de16d38ab08e424beca0dd3129b64006a957074e3599b14402bf65a11f43f43e27023215c230fa2cff32be5f896d51fc |
C:\bonzi\netscape\res\table-add-column-before-active.gif
| MD5 | def8fece8fc888b90526e51828080b71 |
| SHA1 | a1e2ab1b77101c28e2ce585f0d49528466318a22 |
| SHA256 | 0b308aed38c132e3a6233bf1107454102dc1e47a6b44db3630634f177223e950 |
| SHA512 | c8c63fc13388b03c3a92779a46f8a71a7a785f2cbafa17bb212430cbe29cfabc5dc38453c6ca170a950d165c6aa51a5c2ac5768b8d3746b1c26609aadd3ce9ff |
C:\bonzi\netscape\res\table-add-column-after.gif
| MD5 | feff9eba20bc5ffc063c0b659ddfecfa |
| SHA1 | bffa6ac37f2d6aa9f030e7b428bc5ca5ca55218b |
| SHA256 | c4a26dfcdf51f779b80ac85fc417f9c71bfb4544da6fde889de6180db5ea1b32 |
| SHA512 | 09d5f9f1944554fc245d69625dfc5d98417b953ae3233ec48b580a1efa999d7a8ecd84289f285df5606ec544996297a22a0e1e58ffaf9fcb4e7517c8c4ab009e |
C:\bonzi\netscape\res\table-add-column-after-hover.gif
| MD5 | 0c57685fbbd85c5eb8aa186019576972 |
| SHA1 | 33675f50d10cbf4e7de38068a8c35692aa1de8be |
| SHA256 | 5b25b7884bf6be16aa6cf99875ceecf33c40d03c9f3cfec30625b8ad17bfdb5c |
| SHA512 | 6173d16da9ee4f8808df8ecd99d9acb147e09fd0071b311ee80f38409e92bf9d07c936d501d893f9c21279ebcdfc2dda07a8eed42f65cc4b056dded440bf8c1a |
C:\bonzi\netscape\res\table-add-column-after-active.gif
| MD5 | 59952869546acb264ef0a38bbb76a202 |
| SHA1 | 24897012bc14cac8aa27b32f5c3cae0a398f4f18 |
| SHA256 | 662da38b7e6626e561a9659da9f71662ab125dae60f07e099b5bdfce6c85ca72 |
| SHA512 | 2fd72303f1e3168d525ffa4984e29302cc5529197a0f71ea79c0c42aad39645a3af47865b240ca9b3be3129431581d1ffda37c9059b7e508438a837d59a8bade |
C:\bonzi\netscape\res\quirk.css
| MD5 | 79959b19373efb260456c42e0d176068 |
| SHA1 | e4c09185d7d6b9e0a08abb5ba828bdb8e59223a0 |
| SHA256 | ebd1a3ba548d222825d6500879a656f125e71084382c9067d1322fbad4d57467 |
| SHA512 | c312306889ce7299d11c2be52e144893ff8b93b7e989f8de95f8cb39baac54ffe7c0f6a0624c63079c0e06d93dc91978be69c1258f3276d4f11bc95227552896 |
C:\bonzi\netscape\res\mathml.css
| MD5 | 3fa9013a72e4119b37d01fddc304b503 |
| SHA1 | 17a5e859ba84ebd46af094589eb7962e267c8d91 |
| SHA256 | 9a113001b65bd4f0ac3c4d22158e34f0dc393f28bfc1e5fbb2ac0eaeebcb8582 |
| SHA512 | 288831bd11c1f73c4a79fef31fb77e6181a81a4d810c22aae50b57e371114a69981ca0f2ca52c0972eb4bfbe30500106f101ed4aa237d671504b7d71e144a684 |
C:\bonzi\netscape\res\loading-image.gif
| MD5 | e41b2867558df65d6a42a0b53a7c2faf |
| SHA1 | c2efd93d1244801f190b61091e3b180bda94e945 |
| SHA256 | a6b9b27eb70773a93a78e32119ef43f1cc67cccfb674400b31dd7aa0d2759507 |
| SHA512 | 83420801c707e093012b66439b17cefae361c7e3c368e05439a202dda9ac463f0fc526786a8ee5c8ef6668f1439f9a3fd28f23dc308b5266d020cbefb8e7a926 |
C:\bonzi\netscape\res\language.properties
| MD5 | 71f8d87b1463453a1fcba65985438790 |
| SHA1 | 594976f3906f91f2a1a2199f43e396f63e8ff6d9 |
| SHA256 | d90c0946e1382129801260711b90858187c27026a69b3f5612e0cfe60244e146 |
| SHA512 | d627e1d96099d867eea62dfd2e5dc6f83254c19b53177c5e15de7f3a1c8b9b10ae28068f5ac65ceaf8446b3decd4a659a0606eec5d26fba48e1568e3a3579bce |
C:\bonzi\netscape\res\langGroups.properties
| MD5 | 5a20252eb148d137feaf841d456b8a66 |
| SHA1 | 57833f48db56bd70bf538c424f6c5719fbbc7437 |
| SHA256 | 25a8862d429351845e093a5acf8f37b77e3823b7f32e37d2cd5fc021ab85bfa3 |
| SHA512 | a95f1876d22dd6b9df24ca0e80f40867b37a2884259892cb941ba3c225ef7b306e7185dd19827b3f464973efb5c96a2aec1582c8804548ccac930bd67b3404ef |
C:\bonzi\netscape\res\html.css
| MD5 | 7307c19745455b4321b977e531a3debe |
| SHA1 | ab28c3de505bfdab6f2b549fba85549bf6ddd154 |
| SHA256 | 01392ec8fc14f1ba2cc821ff7e67f2550729557fa125376ee15584b56485605f |
| SHA512 | fc67f2fd32048ee5ad5396fa9c372bd5b1b13881ee4c5fc21620a97fb9fd0758d4da7262b7a179e383bfef91a9003b770c5be1df51957a22a7308932be3594a0 |
C:\bonzi\netscape\res\html\gopher-unknown.gif
| MD5 | 471f7aaef12fa84ec56afbf28c44ba05 |
| SHA1 | e7bab56e2f3fb9efd9a5fa542579fe1e96b59e4b |
| SHA256 | 51d1f020c168a650973e9e84f4dfcee2f1c6cab84b6fe721d24565bfbc8efef0 |
| SHA512 | de9c1a4d0714d06f175ba388bb761b3a957f6c0f5e28f405dbedcf0def58c4810727b295197f8591e2a2ff72943436055c59e1b17c431b5ad5992fa07709e68e |
C:\bonzi\netscape\res\html\gopher-text.gif
| MD5 | ca091587f135c792890a714df83f7464 |
| SHA1 | 5d7630f05e8f04af6bb53efd8e106e8401395593 |
| SHA256 | 16dab52c085bf7efc5b11c05f323864bf14b67004c78d964695abc0f7c4789ad |
| SHA512 | 507042ba6072cb958a76a7e4568a367c8dce66d8a2cab97cb82605997017b4803e36a7c361b2ea34ef1d6b51a81cd8b8b3bfbe8d872a614dc8be2a8acaf207f7 |
C:\bonzi\netscape\res\html\gopher-telnet.gif
| MD5 | 152f38b3bdfa36be6e424d6870fb7687 |
| SHA1 | 3b458b1d126f5abf1e009ce0e8efc56447c25d8d |
| SHA256 | 90fe4aa24d8cb14d82afa5044b667fab647d4476e8ee9b24f3b4d727eb8baacd |
| SHA512 | 485577185789cb15cb24f3f7ea1153866b6a5252f4adcca7f788cf03e7e8338422ad4ae66709cf2b948ba9f161a4723e334cc70be0a5ba8c4fdc8cea73b910d4 |
C:\bonzi\netscape\res\html\gopher-movie.gif
| MD5 | fb4779eea87a41f19e0fb21fd8718779 |
| SHA1 | 96e673799c87380573ac9ced1c9d01912a3bcf25 |
| SHA256 | e644b3f76081c2d96951805b038f2948f96b866193e1c4bd1a157f270b866bf1 |
| SHA512 | a0485c61656be0d2562c48ba807cda02e1aa27aac518b8d629307b49ccafa26ae79f7c63fffecc0c70a63cf6674fc4d1d5f1baf687418b43ca6b8a17d7b9d925 |
C:\bonzi\netscape\res\html\gopher-menu.gif
| MD5 | 7c2f66288e1c62c766b6b68878a4fd4a |
| SHA1 | e531cccd1d996ccddec0a274e384ae87bd1fc35d |
| SHA256 | 23de0d6e469bdd1ec125a759be134eac2f878b06d04bb3228699e92a429a3bf4 |
| SHA512 | 4434c8ee638c40e42762e821e2ba29288b114f3f844e45724d7f2f28a4bcc28708e1c0e48e5af8010aabff7d587696a8d45b3edf7da6f370e67ca4734f1e20d3 |
C:\bonzi\netscape\res\html\gopher-image.gif
| MD5 | 2734f280b5cc8219706db1bda4564cbb |
| SHA1 | 56e5482b03daf814a75593e35111ea763244f77b |
| SHA256 | 092e6f42f3863dc67badc9f151aa5969e04a6d46380d052624e5e914cfcbf8d6 |
| SHA512 | 7558e7fd866ba7845f349b3431e60e51d8c605a81e043a421d171cb932172f33f6ddeeb0d6713fd667ce1c1ea4fb4657073f3114f403e2841f98a82e6476097b |
C:\bonzi\netscape\res\html\gopher-find.gif
| MD5 | 2f847301ecc366bd4c24c93057be436d |
| SHA1 | 88ccb29c6fcaed2e779762e1984dbc0aeb49d1f2 |
| SHA256 | 766d25e4d59ec5e532c9e02e088dbf239217ca7721a02b38a33242567bcbec22 |
| SHA512 | 3949f23ec586500390803912edfcbdfb8e2ca5cbd5e314e001d8f8abfe045acaa59095e43bf95aeba96523decb28034cbe0d06c98d446b8471060f73701984ee |
C:\bonzi\netscape\res\html\gopher-binary.gif
| MD5 | 7544430afba18e7d21927bcfe6337378 |
| SHA1 | 6e8236587844a0c2896a91c0d52bf28b064025c7 |
| SHA256 | 9475985417ca221151e350c6d1085a5a0ec8a06373f1c435685afa4d53544882 |
| SHA512 | 0478851bef9d6d5c73a19013c01fe8d344574af93369ba2b14f7ac6f4b9ec848c0ad5523da00b79d2728f7465cb42c742f0a0b6a0b6bc44ead368be258ed7e3f |
C:\bonzi\netscape\res\hiddenWindow.html
| MD5 | 0c016c31bf6369424576eb280c105866 |
| SHA1 | e3345fb059be0a17fec9f212f97eace0fe4ae119 |
| SHA256 | f3683ebdfe930d58f109e402c188eee2f13ec52640d20ef07bd238f6f72ba457 |
| SHA512 | d9bd1d20f690165f3f79f7515afdc97aa5275c4abead33919b30856284c0bd395c718e5dd1ddf73e3170b89a1f088ed7b1e3828828b546b45569de83be7acbd3 |
C:\bonzi\netscape\res\grabber.gif
| MD5 | ccf39b06aa3282d0a1f9e7582418583d |
| SHA1 | c0b32c82d1580b7c9a6fde4eded9612530d284c9 |
| SHA256 | f281e4469914b472b2371fd402e02dca347577b7803ca1ae99fa1beee5ae85a0 |
| SHA512 | 086f1bb76afe867e5713d71a3979656afe4ff5d1f68952f2209f2e000b72566f4163f522cd1e9e7eaccd789d69f48718b6601959e4c4d78df8f8926bc7f030fb |
C:\bonzi\netscape\res\forms.css
| MD5 | 43c717453b00dba083428b8e3583b588 |
| SHA1 | 7554be160c70d44b0d116ae80be38e9624a87e0f |
| SHA256 | 6de94bf45ee501dffd9fcff3f4fcdfd85e2452cdbce630813381bfff77f777d5 |
| SHA512 | 4e0ed98beb249633a670f496601342d695d368deb9dfe3d961f4d16d1cccf208183ade074fe44d932ae7e77088215604055d0fd14fff3a4597cf145302189d9a |
C:\bonzi\netscape\res\fonts\mathfontSymbol.properties
| MD5 | 5774e479d17be06d4d629e5f2c990917 |
| SHA1 | 15ef907d9b07a06936a068406f46869000938f8b |
| SHA256 | cb8a5ac1ba0376619a665cb1eae2befdb882e0c4b02c5e91c5d692183af85c00 |
| SHA512 | c1c0c8e8546d684ed22624298357cbf6e3e67ed544ba8ede579b54e4f8e2fb43c44e19add29e4083aa126b590fa7fd8c3b40e398bc4f11ca94753bec8c819c6a |
C:\bonzi\netscape\res\fonts\mathfontPUA.properties
| MD5 | aab137523a6878f21cd3121f8f734835 |
| SHA1 | 7dd64660e4dfb5b64f84b4eea0b9e5b45109e782 |
| SHA256 | b4ec1d7da983f096879f456cd038efee14db2651a62496dde5f35a94cf195e49 |
| SHA512 | d3041c35a79d68bfd5921f0e58ad5772dcb305b409a48e96352d08b6dc8a75d17f529fead9ad0b354fff9ed996c3c5d5c1f04ef6f7d41966e55eddf7dad89b05 |
C:\bonzi\netscape\res\fonts\mathfontMTExtra.properties
| MD5 | 52c66e82fc4b374580e8c94594984b1e |
| SHA1 | 379319767f7ee6f37eb252bb97a486fda5eeab96 |
| SHA256 | f979886cbb93cf5e9595595e90e85f28d19c7fdd9bd051f98c80aa33c8f1a837 |
| SHA512 | 76d6dbc0800ae7e51f6fcb087bcf279269b8b9a8457b89fc3d9a2bb11bc31674fdcf91a60dd68764263d84fe8e85e3f0a0f242392377e092943325340de4fdc8 |
C:\bonzi\netscape\res\fonts\mathfontMath4.properties
| MD5 | a297dcdfa13b114f18aec9412e5c0d1e |
| SHA1 | ab3fec46481498830b4090d1b2705786279faf09 |
| SHA256 | d0d3965afc01ee6b857368118a87594bd25c4474c3054f65dc3b7ed72dc5a331 |
| SHA512 | ca7eb52530838577a21e92198797daaf07dd70ca4a457ec2b92241b63edc7f75a065e74f6c63968e0cc0b8ef1ee568fa81e023928da102e92b7dc4ee18d03623 |
C:\bonzi\netscape\res\fonts\mathfontMath2.properties
| MD5 | 60b00f7f15888c2876a8162bb3397ec1 |
| SHA1 | 777a9e2335d48c8e05c07b137c9f311f955b9d13 |
| SHA256 | cbead106f2580f6f968b616a64d313ec212a637e4a6cf6a32663db9dbbc7d7af |
| SHA512 | deb09dfa5ed02ada843f9087cfddf68daa3ddcda9a094b346444bdc71809b9b4ca474935fb04f02f2c61e145e806c478115f773703b4df0853210e20b8f7ac95 |
C:\bonzi\netscape\res\fonts\mathfontMath1.properties
| MD5 | aff124d60ab1da137f4ddb4e1584b9e3 |
| SHA1 | ded83a18becb99ad83abe468133ca2e5d6750857 |
| SHA256 | e9fbdaf5846b1971d3da2c7c35577001a6519081a64ed01aca0d75abb44d2776 |
| SHA512 | 04ed018c709107093ea8d215214c0111d1d6e372c67862f023cfaee9abf356b506d024ef5accb389bc230a5728637dbf0109b8881c3b55dd07fc1ff152ec37e0 |
C:\bonzi\netscape\res\fonts\mathfontCMSY10.properties
| MD5 | 6fff89e0fc68e2069e67b0ffbff7c6fa |
| SHA1 | 395f101eae1ac4a9cc3bd4c2a4962abb26961b02 |
| SHA256 | 6c9e23e083f1115d7d3fe980e533ff99d4fa10fc2a14416163b0e1240e894ab9 |
| SHA512 | c6729f11747f19353eccf66f6043c7d8fd24ade79cf6f386353adc98064db213ff93b4667c961f4ab1eaa20ca4865d1427d01b7f9d5533670632d57d15927fef |
C:\bonzi\netscape\res\fonts\mathfontCMEX10.properties
| MD5 | 205040f1b617deca1e07fba15ecd2956 |
| SHA1 | f3a882bddac5251b9dc47ee1d2ec19d0740609b2 |
| SHA256 | 6bc5ec5392d0827f1f2114cf55e7e58d4abf264877c94023f805fa2612fe7929 |
| SHA512 | 0eac2e58890d76b1dce0299610b5dbdd6c1aeca3e0f40f5442871a617ab2f0ee736a0577e979b077f8514f91046bd84f9e04910b261ab859b7814f2375a724c0 |
C:\bonzi\netscape\res\fonts\mathfont.properties
| MD5 | 103cd89121716cf5bdee228d85b0a75d |
| SHA1 | 09ac1bdc994301bf823979d57f994f91c1551bce |
| SHA256 | f14766853f3a90b12fe3ee53b0e592acb0701dbb5188a9607e1a8cc249ebd123 |
| SHA512 | 92f74d433ebcfb70b0120d4fa2b9579bc7a53cc454538be99b66138870d517cbc8353875d6b36a75f084fab523d6294cf0c6d7bd171e194222c1aa17b0c0c4cf |
C:\bonzi\netscape\res\fonts\fontNameMap.properties
| MD5 | e709dd8864ef5f69357ebd67c241bf52 |
| SHA1 | 7196c56e88656704556c2e131f4079dd57785e43 |
| SHA256 | 26b038fb327c518a770db81fe92dcc462f046c5792b17950fb30eb55d0f3b12c |
| SHA512 | e7359ff37c39e2c085301c8e87f60d31f381191430ad29ec7429d0250ab3f8210c203065d1ef7ff38e9c58083550c8d9b057ba69b7d8d09df0368fca938ae610 |
C:\bonzi\netscape\res\fonts\fontEncoding.properties
| MD5 | 31e490b3dfc2699c8688e080234691cb |
| SHA1 | e8847c6b598b8e4e1ec6fc5b392ad119a0ad5b98 |
| SHA256 | 809c0a9b3fc1df5d9883d69566d264c4c9620187e62019ea58b2355caea04201 |
| SHA512 | cf8e0485539296ddf955d2199df4b7a59eb4dc8373f48bb19b07eddb2d82418a206684301cbacc7be0c6c987d3e85cd9ad293336b899e4fd3bf1cb085cf67fb5 |
C:\bonzi\netscape\res\entityTables\transliterate.properties
| MD5 | 1dba3d8d7921c78d10861e451b1ccad8 |
| SHA1 | c4c48f26418aeb4bbf26c309d8c797e107a07fb2 |
| SHA256 | 665c9b0f62315fa40a13ab0d92a6d7b113bc83331536f7dbafaac3ef167c0ea9 |
| SHA512 | 05c52c7a993c82f2564a668fdaf681958abc473e99b174fa77f1819bc30595a5a0dc7b713c04493c2b17d8a881359907e905e1faab32f52de73c659fe657345d |
C:\bonzi\netscape\res\entityTables\mathml20.properties
| MD5 | 69328a3f978e27edf755a5a81332de3f |
| SHA1 | 1fb4bb5c6d92f1283bc3958013d45ab0bb199251 |
| SHA256 | 3f2e7fb01499b64f74fbb4375efa841ea750358b669f5741cfab415b5e7761fd |
| SHA512 | ebdbaa1c941ac894722c4ad86d6ad25079b1c11d6866bc5a2e9c9ead6a7d32bcaa26b911c39ab693fbb60a69ddbbe197fc50a94b726bbe3c961e121666d60430 |
C:\bonzi\netscape\res\entityTables\htmlEntityVersions.properties
| MD5 | 435964b8ff8ea502582e163172151c1a |
| SHA1 | 177481c2b5ce5618a40d6fc8c6d61e3eea492d76 |
| SHA256 | ab8bf8597577462ee2356d6ed647267dc881e596600a0605a834b8b61166d4ac |
| SHA512 | be86de0afc4136f3d9e98040695050552c6e27ccc6a0ede517de1f208c40e31c8590ae5bc71c23320021453ed9e1466964b86111f922a5ec8707d612a67f4987 |
C:\bonzi\netscape\res\entityTables\html40Symbols.properties
| MD5 | 710ac52b998e1711e516320c0adcfc85 |
| SHA1 | 374927a30f80ba9ee2a005b6f31182c5b19c0404 |
| SHA256 | be0cf2d866828cd4011e597db57e2183bb61ca5139cdba7390a3bcede4604bb5 |
| SHA512 | 5270d8dcbd9c6a56c46396c1db1855c61c1c6ac459a5e8f01c3753e7a3e8bd25854139487881082a727975006b178b92e0480665eac2c64e28da580129602ab1 |
C:\bonzi\netscape\res\entityTables\html40Special.properties
| MD5 | 4a451270086e7a7ec3ab34946922bace |
| SHA1 | 59b7eb9d49626e5b6daf102e4cbd70d889df63e3 |
| SHA256 | 3b2a1670bf5858c1a357b4a06a5f8e01078fe8cb010b4ce50297da615bc34180 |
| SHA512 | 3977e4d6ab94a95373effc47d3cb78e263c5cf1267c222177621dd9af33e020619b6ab087490a32061d5f842a6b298acf0abf8c5a1eaed37a88c46beb953b8e9 |
C:\bonzi\netscape\res\entityTables\html40Latin1.properties
| MD5 | 4ba94eac1147dd9ad4b427351b744775 |
| SHA1 | 532df7db5f7f0e656cb79007edd48fb117836825 |
| SHA256 | 23966db1054a2e3241d2c65b093825588f2e42ffcdcd9dcde72dc01a5c7aa7ef |
| SHA512 | 2a7cb38e91bba7641221b1327e9876475e9d79027902a46cb769b6be301c180529e317d692843295cf4e8f3450a231287412d5ab404810fcfa31bd22b9f6e0d9 |
C:\bonzi\netscape\res\EditorOverride.css
| MD5 | 4b3b5ad0b17c566819a88d54026b52fd |
| SHA1 | 86d748c1a251e8fc0df91ce3f3a8c3f8994b063f |
| SHA256 | 4eca3b7360e2d917b9c6c626f9bf5aafdd5eec1d296146baab32d1f3b00d7a53 |
| SHA512 | c883aa074075eb6a8ca3139f28e37b4f82015e2cc8549ae8ce493a414a56de74befde72df5607a88315ea9b85abc445fa65ede230e7016be32c68c1e2c09a5fe |
C:\bonzi\netscape\res\dtd\xhtml11.dtd
| MD5 | 7f7b2f0922918714b3cadcb21eb30de4 |
| SHA1 | 2981b43e6045ff35d34a1027516182447531e0d6 |
| SHA256 | 9d595acd4edcc171ed84213328736337d3a8265ad22eba3b28f09fa514de7ffb |
| SHA512 | ef3bb75471cdf8e02e17405d04bca3e6707fc94e88987efe8b53e6718419f5596e78da4b4855e1b12c9721fe340504fbbc774264ba689874f45eccd5d77389fb |
C:\bonzi\netscape\res\dtd\mathml.dtd
| MD5 | 1b94d59f4ff28824ff6063957964661b |
| SHA1 | fd0d7d47c1e431d65d8ad5d5db866dcf0a23ceb3 |
| SHA256 | 29168f6d6d0e2a08ac6bb748d91492fa94ebfbcba524c589897f0928844e113a |
| SHA512 | 3fed2d216c90ec60517c0c860e5c1b14c6d61e4167259abd15211b77ef0cc330d4c1fdf15db7fb0683bf2f284205398949acc02f247666f410216f624fecdb22 |
C:\bonzi\netscape\res\cmessage.txt
| MD5 | ac8a0ff756ef0956622fadc94946e7da |
| SHA1 | 8d60226a44fc4234116bd32b8685454cdc03f615 |
| SHA256 | 338264c233790b22cea2bf996acfa03f04c60b2912b685124b99d247c91582c7 |
| SHA512 | 6573c098e7378b6dfe944ba9089a545d840e04de9b8efa92779db7cb2fc5b0b61f40e45c4d99bdcac8a83f04a2f0e4a95f23069d7c8636f4cf08651c118c7890 |
C:\bonzi\netscape\res\charsetData.properties
| MD5 | b6d0a4eac1af2673975e140c6f06849a |
| SHA1 | 4492148d951377cde4ce882f1312b0a6ec448d1e |
| SHA256 | 151bd980c43e240df150a7e940bbd45f56e90d0ca3c4192313c6247887231765 |
| SHA512 | 86b55c8016027f4949224dd3cbe7eb9489b0ebf6eae6b9bcd1d4a376aff5e70d2273b97c1b538b963229bfa0d85ca03c3413d11dda3c06c4fcec43230bdc46aa |
C:\bonzi\netscape\res\charsetalias.properties
| MD5 | 794ca007e6681380f7ebde8a194f1f72 |
| SHA1 | baf4760e27fbf4413fccfaecbf281dec06169ab7 |
| SHA256 | c227987f70392daee076057c2bc5b127583da2f67f67b37f870f9cb110d9b755 |
| SHA512 | 9f7811a459482a71e019155efbb8580b39dcabfe6b1b2bbbbdfa8e6233345c1d28a155e256cce63ffb9b28a8fdeb4ff8bab147c9f3a38d0803ab055d0844ca4c |
C:\bonzi\netscape\res\broken-image.gif
| MD5 | 1f689efbc0c154a9f812f033d6cfb327 |
| SHA1 | 5448857ee603f9a53ee9ff224b3984d82cc43ec5 |
| SHA256 | 4d3c8d3f9e495b9b1d22b45f00aecf7658a7ecb48174eb31cf4f4432fb0a0eee |
| SHA512 | 5a4d7f027ab64e36b2b1a63c92f380855c545ea171d34f271ba6309e34fcefbc4842697183b8d42cd1042907347683d85206c46d7dc30f4b390b2a07af0891b9 |
C:\bonzi\netscape\res\arrowd.gif
| MD5 | 9d562b1fca17886ff56c0dcc71159a0c |
| SHA1 | 92a63431faefb91159b417c9b7868477206fe50d |
| SHA256 | 0947f76403fb629b8e1f8512fd60356e83184a4ee363b4ad631c5d8eee8cc46e |
| SHA512 | 2b4aea6410e83f6bc625adba0958e9765e58acae198ce0aad1b1d506fc8ae1700cd38111129fb8bcab7f6f297b0b70f0241f00b979fd3c6d9192ed9fe2f46332 |
C:\bonzi\netscape\res\arrow.gif
| MD5 | c72551f52990bbec40e4b0c2dfad4812 |
| SHA1 | 2adb34a5cb044e2d2676e3b082ef17d9ce5136d3 |
| SHA256 | 180ec27b0b2ae92875492de625756b847043b2abf1bc2d55c8c32cc62ca6ae18 |
| SHA512 | 458dc0acc9eaadaf6d13260990182bda07662d509599c39baa7c76d19cba045715385793521ddea9a369400fa05669a858880b0c593abfa27eb7caee88a62a68 |
C:\bonzi\netscape\README.txt
| MD5 | f1be372b81caf032a3bde803b9e33787 |
| SHA1 | baacc2b8f82724e7296a358f11da3706221dee8a |
| SHA256 | 3ba1ed4d714f5ba913a19eece926cab7b8f78f429e3c2fdc903b2b0ee918ef45 |
| SHA512 | 8aac07eb5524ef7e910a1835f64517d245af5cde32003fc005a1c2b8b31cba85ec07f64f0a00667ab3b927bdaa5512cc81c973353602f4d33e64d5b0a3ab65ef |
C:\bonzi\netscape\plugins\npnul32.dll
| MD5 | f0eb4e3ec55aaecb2d6d4ec8331ef573 |
| SHA1 | 4d539858da4e4495d387e8b8376391a66c0f5f71 |
| SHA256 | 0ffff409ff54acffdef92f2f8489901bb0001dc22809def18c1681d5a8d31a61 |
| SHA512 | 01d80f6030258ada0adb6bc864ccd9c1903ffe0978cd8c6e0bc4e18ac4d3ef0fdd3649b46e67feb85957207b3d91dce6aacf45780f1613aed1cc3c874b8c287d |
C:\bonzi\netscape\plds4.dll
| MD5 | 0bd2bf6f536a881d24ee99c4745d5b56 |
| SHA1 | c41d68cbada011cbfd1295210ab6b118ba00e971 |
| SHA256 | 2d8ff355eb723f2f408e98fc2a13b2ad0d7a2655ff2caecfad9b05d9edbfa87d |
| SHA512 | b032fff82d5695c6360a86717eedc6faff2a9f28b4ae55b8f122b5b752eec3252dd71339c85a268bf8b911a7f0a4519b7c9ea3c7092722f7c03bb756dd4d4d00 |
C:\bonzi\netscape\plc4.dll
| MD5 | 2b42ed8377e0bbc197efebf72cccd5f1 |
| SHA1 | 45efacb4330c7367aa5772dde93e086d27ddfd30 |
| SHA256 | 16a3e8c91da67b99202557724b4fe47232cdd8d3ce8f7d42535919d107c47201 |
| SHA512 | e28c87e6c1b9a5cf866057f2a037fd33bb2fd2dc2a07a659b0d1afb3b8b6c51dafa638635d97ccc047ce29b8cbc9c96f26b3af39336b224f6e9f076905921b7d |
C:\bonzi\netscape\res\table-add-row-before.gif
| MD5 | 3bca4df18e26d1d22adfdc990fcbbcdf |
| SHA1 | 71d14238f799191d3196f662de97445b2544e56f |
| SHA256 | 48a964d88c52616ebd70d146fdd7d98bf585c8488b997963842b0ecb5ee16cb3 |
| SHA512 | a900e17d2af8883f6ce87c334a2d806abcb7104ebfe34ef80a2230072b931bd013bbd55316bbdf5b9279842c1f13776ba809722aeff130be006d5a0fa8cab278 |
C:\bonzi\netscape\updater.ini
| MD5 | 320c48003a9b5d27d885e8644c0035c4 |
| SHA1 | c878885188a2480dc75d1f36a394ed744e2df680 |
| SHA256 | 370d00b879c431c7be9908a394f20c8ced1337eeeb133dcda708b18d067ecb70 |
| SHA512 | 32b8688caae43ad30ea48c4b46d3c894293c925e3420ee9f9866bb5151ed8c86757982b4ec401f77cb5a64874b5337c7727116c6ea778f7f471b408cd68692eb |
C:\bonzi\netscape\xpcom_core.dll
| MD5 | 42ccae3b5d587b2b10c3d095e9551f17 |
| SHA1 | 6a9d41d77f15ed8af659c1e710b38060500b60b4 |
| SHA256 | 36d904d796feabcd0d5116eb15df51ff3d8a917e0cef1e4e79d2348553a56374 |
| SHA512 | 3ab47d3cf2da617b3279c0f3b06d62b3008de451c55311d7657a0cfa84bba796d104be46209f2ccfae06722e060e3924ebce598d5524c4e3b302740f60016583 |
C:\bonzi\netscape\xpcom_compat.dll
| MD5 | 97448f58586c55c6fcaa72e640a61d74 |
| SHA1 | 5293e2c179d6563be589e6c1e693da069523fe90 |
| SHA256 | 7757d3259a2a7906d8452e7aaa5ea6818f21620dc5175bf283f61e21a5cc2155 |
| SHA512 | 927ef4b228bd40bbe4af2fc73c730f4e468c18f21f1a16a61a9ccb92e68c4153477d77b40a74e91deadfba4c2be35edc0ab99a145a4884b5ec98aed563886839 |
C:\bonzi\netscape\xpcom.dll
| MD5 | ae953e04b41dcfba2ba527979de8e52e |
| SHA1 | 0994525dc2ec9b733725b6a01bf48d4a9e0c1224 |
| SHA256 | 47e72bcc89d6652219666cf7d1b62b54ed1e264af08ab4714d9b9deb7432b69a |
| SHA512 | 943a5de7543744569c3a9ea492100a30fa2de9f5f9bfb3229be8a180f253c0fa02a78d52ceee5444af02cf7a5fe37144844afdcc513c20aa7ac9b9b35243b123 |
C:\bonzi\netscape\updater.exe
| MD5 | b3f10bc05c5dd33be9ebe2c9b097b809 |
| SHA1 | d4ff4292903610271830709db9605d8a6ecf2c90 |
| SHA256 | 153b85c26c8a6158d669184629357e69418e3774115490166b18c5ecbaeca3e2 |
| SHA512 | 11840ac48d8453fdaaa4b9114e65e076ee2222b9ace9c0a8fe896613b44f3775ab0a71776339efa116d590dabb648b51c1f7d2d370b7ea37431631872a8bc2e9 |
C:\bonzi\netscape\ssl3.dll
| MD5 | 095759998c50786360999fa59f1a38cf |
| SHA1 | 2b7ccdbbec337b8d8f99c9b267f75867319782fc |
| SHA256 | 0f790c77c7f7890ae53eeea63c8a47c13d2a6d587a02e3640b2edc5bb0b764d3 |
| SHA512 | 64d5f70cb5ec45f9ab35f582181daef743243c9d8a27e768cd4a04698b797e8cc073ec5e3ff8df903aa2edb42918564609caaedefbb516cd3b4c8eade818a732 |
C:\bonzi\netscape\softokn3.dll
| MD5 | b6c61aaa6e5c6d6cdb3c07256892f2ff |
| SHA1 | ba402ebf4ba6268c9ae1c0b39374fb9249acc622 |
| SHA256 | d2703017505c96bfe815404702184d95f6ad9455e9b74330613098826eeb168f |
| SHA512 | 92371f103177cc2af045a4fbc881f970b6b097953aca210bc0afa8de3f82b76d65264aad6b565fdf19ce71b783c6ec917bcaf06c53e7c53bf53b14f749d7e6d8 |
C:\bonzi\netscape\softokn3.chk
| MD5 | 724f2afa6d876ed8a87b55e9ac15dc37 |
| SHA1 | e72202c17cef74bafbdfb6ee4183bd689977cbc4 |
| SHA256 | 572e76e6777b45ff98959d289b2db566379f2d8b29b28feda3a08badcf707e9a |
| SHA512 | 28be634c15460c6a88c999c9dd6bfe092b4e6bf44b76e7624f3713cfc90ad15f1c2e7adad9175a60390c14c68b6f1455b06a9365e3aef05ab0df5ce193b20475 |
C:\bonzi\netscape\smime3.dll
| MD5 | 447dd189360d9ee712824adb05fceda4 |
| SHA1 | 9f03bef5e3753cd594752c3efb36ddd1f574f32e |
| SHA256 | 399bcb8b5ac08c9f7532ec0e4d34cf10e01849bef09a3a6119b43040801727d4 |
| SHA512 | 40ca426cf5f0e9d2193ed5a87569cfcae9129eb9da7b75a08154340afa5b03d8a29533471c1a69643732d9137f968b9a13b6bd9e626be245ee73eabaa9eb1260 |
C:\bonzi\netscape\searchplugins\yahoo.xml
| MD5 | 61662814f3c385a2e30e542a5df552cf |
| SHA1 | 679688b98d9f519f57effc5b8f3219e795348176 |
| SHA256 | 41053e273ae4ed16312661dde0ea1ca1e921c910ccb114856ce5578eae8723ac |
| SHA512 | cd73e83d510f14f933d756585d5e5f879b2a56ec366826fc8f038aae28256b0b0f87ab3b11199fb7391282b1cf946f9b9c477107db84cc7408c4353b98b77c80 |
C:\bonzi\netscape\searchplugins\netscape.xml
| MD5 | a47d2a2b97c46aa5bad962837a236ebf |
| SHA1 | 8da28ab63166d0644bdbbc5042a55aca25f71a14 |
| SHA256 | 020b6c9aa1a5b47afbfe2eac5f0ef6b8e626590935f8ac16260101aa6f8365f7 |
| SHA512 | 22c5912f449d6e256e443adda5e13fd87fe1150dc33df95aabd9477a6f8c9a3cfbd9da10d177795acc966737078fec26647676732f140d4f212bcdfd167f3b22 |
C:\bonzi\netscape\searchplugins\google.xml
| MD5 | 756f09a93fa87fdfa821f0d24142f77c |
| SHA1 | baeddf725b45dcf23c516eb1276ec80acfc8cee7 |
| SHA256 | b349b6339b22ad0660443ab915c6c82207926c2ae5b851ddc7d1fee4cb82254e |
| SHA512 | 16f3b15083ff1f4b75c7e7d809fa5f38adb5f4874142a8005be7ae53d50631de6bd2606f5d0456e5cede88f51621ee31b4093dad2bb8457ce2abe3471ffcda40 |
C:\bonzi\netscape\searchplugins\eBay.xml
| MD5 | f5a0ed69af100f6af39432d04dbd6ceb |
| SHA1 | cee1549850cc9c78c1201026a04721ac36b11c2f |
| SHA256 | 35d6b5d741d2363f7516dfbb9bb55b85545c5c634a5101a610d91eb235b84e61 |
| SHA512 | 0c052a4485d2df651b717069a17a8a702ceca3f536d05d40af2267ccb5cfbc25b47682afb79350b655839cc8bf5e50625c606ad57afb800e548468f11f08fcb2 |
C:\bonzi\netscape\searchplugins\ask.xml
| MD5 | 5f52fb5308a766979a68991b03a349e0 |
| SHA1 | e389e7257fc9d64df24929179c5efb0b1d3b4188 |
| SHA256 | a81b937d332ceeb0a3fe1c41b9cf5e4b1e435a9fcb99139a84ac3388bf39aa97 |
| SHA512 | 3b4b0a1135491d6ff00eb876502505aeef2a50a51d64d4842de4a9d9d400c16a2a9f77c785728375ab630ed28b51665306eb2d11f985c1593e614fc51d4553d9 |
C:\bonzi\netscape\searchplugins\aol.xml
| MD5 | 59e4aaeef0aeff0acd0627904e3cb605 |
| SHA1 | b44bde7b9a6b9cf50d89b5d5fe8b85832597473d |
| SHA256 | 86647de6df4adcb1f9e7ee44c4c0b7c7fd752f55b1ba090eb1a71612b46c78cd |
| SHA512 | 3199bedcac865e6402cc67dbd43ceb9028d7e1c2af0757cd283e298b9ee18435d439558ee7bc68189a14a73243e4a3a3afcd7511a4e7d62fefebafba62a2d8b5 |
C:\bonzi\netscape\searchplugins\amazondotcom.xml
| MD5 | e45a022f40fa6e85d387c5485d9cfe89 |
| SHA1 | 2feba71a6676c95708c9d2df3bf4bae316999dfc |
| SHA256 | 0a64d0a74c0198a1611e25612da1cba3cbaaf5729f990d4cfbe352d4439e1a26 |
| SHA512 | fe0cd33169058282c50db22ee2cc1f3ef200ddc1356e636c5bab4cefcb6d524f25780eefee024b46ac77b74f65925e28fd34fc080e3ef339a05a67b09156045f |
C:\bonzi\netscape\res\wincharset.properties
| MD5 | daf08d2c812f7185c4e2472febc6b8ec |
| SHA1 | f2e30f66a696051452e49245f1be3f72161ee5e7 |
| SHA256 | abeadbcac63ecceb67c2f692273f2de230adfce1b83322e6be1ce04ecaf69599 |
| SHA512 | b5a34f22737934e918289097463cfee97628ee1831f7e2496859d09329df8383cfbc8b8cec23b1035e1dc739772d717b67970740d9dff7aab426ba3f0518652c |
C:\bonzi\netscape\res\viewsource.css
| MD5 | e60552a13e4f1f44416eb9e53ce85143 |
| SHA1 | 01201cf3f5d05c34e31cfe66b69a3075490bf070 |
| SHA256 | 4c7068fe21e3e0d09757b66bba44f4c426e34cdc32d32e96722316f7b77fc6c1 |
| SHA512 | c4b8c2fb4e365e0ec0373d6abe565657d7eab9290e3d22631b450d0e4d0bd8987823f47f3cc703ef5d533fad27e8cca35289dbe45f4b9df0e6e0b55dde313dc9 |
C:\bonzi\netscape\res\ua.css
| MD5 | e95e78329871e4a902a97641c8b43e25 |
| SHA1 | f9cd536c535fe407f4f6c7f0a80ee65a91b0bc5c |
| SHA256 | eb98804cbe3bbb242a301049b0268278ca94bab7c15ac95ab969b87b3981332b |
| SHA512 | 4a030b0f32e13049c05a71edd2343c77b2b9c0b88334c97edfed9953b09047cb9e543352b6ad4dfad90dd9ea513f039992bfa2d59772fca3c0229b373e6a1cc1 |
C:\bonzi\nice.bat
| MD5 | 5a179439c6002128ec64a3d68aff9508 |
| SHA1 | 7ae90b60346cef19765a13080b77b4f32c30f3c3 |
| SHA256 | acd994492884677f79a440eddf52325feef9db71bc1c7ed7cbda03ea14cccf10 |
| SHA512 | f865f75e7037e6d26037ed082e6eb08f5aa62ec8d3ee9a5ba079b9c9f700c632a3278b6f42d79747e3787a2ab3b405a720b0668383d22929ba68b1fdf7f3735c |
C:\bonzi\netscape\xpistub.dll
| MD5 | 226fb967c562e5c04410d7c5180be1c9 |
| SHA1 | 97c3585d33d35c813438636522d9bc8ac30e43e8 |
| SHA256 | f197122f219f72566e949623119e8e384da03b7265b2876b9db3cc957bece071 |
| SHA512 | e9a99858d4d74d5b09063b0bcdf100390aed769b0e3cb533b165fb477c56da5b87901691e25e5200726e4f5393e7488c5bee27a97d292695c067d7b5b0f1328e |
C:\bonzi\netscape\xpicleanup.exe
| MD5 | b643add42d6f45f601eaeea2fa93f3a5 |
| SHA1 | 502ebcbf5f228a8819c12416e1468985871966ec |
| SHA256 | 3f9c5a116ecea24e2e8f83132edc74d44ce3746facb854fee6f2a81011f828c8 |
| SHA512 | ddbfb4f1057a21fea4805615ea65ad12681fb59879401a462493eea3e76dafd07c927d0d6820d72fba629693e60fe3f804e1998c9bd63704da0e3c33426a7ab6 |
C:\bonzi\nice.mp3
| MD5 | 2eda72c1e492d5fa19b16602a6764755 |
| SHA1 | e2ce911f448fca1d2affe25c2ef4cf619c31d049 |
| SHA256 | 6997c09f75a291acc7b1e4588b0de224918f3be06a33c8a1b43cc5f4633c3c25 |
| SHA512 | 89d183ded9a2e7ce423c6d4c926efc99b5c97ae0343388f98f1079b58cd1583799bee14a835b362986c1ee94cc1c2eeafaada548a75bbe9001ae3230675c14c2 |
C:\bonzi\org.wav
| MD5 | d3b1e5d03f566b68cfc2a757a7d2ff15 |
| SHA1 | 94e7ce06c0bbfec9953f8b7344640e57e86911dc |
| SHA256 | f6271ec6ec59083aad58987760b917804cb2dc94f81a405f3743b5917f3ef189 |
| SHA512 | 3187a8e4685db7dd44d4630f4979409faf7a4298793045e3e91155449bbbbc5d1532f70cde0e4f6a019c2a9172a2b863087e0f4ded21da7850e022679b14c378 |
C:\bonzi\optimize.exe
| MD5 | 5ffeadad118403d9496653dce94300cc |
| SHA1 | c96574ebffd8fc82bc6b4bf40bf306b5602b38e7 |
| SHA256 | 9bee3eb4c6544d6e69543440bec4f1f246fad1e17067bb6e8bfd6daac7ce475f |
| SHA512 | 76726b8a982c53cac62068a9b9531918b0230537e526f517634d14cf9459fde69303c83067cbee50b4005b9fe55108ace1a2eda980922c46925cfc8aabe59e3c |
C:\bonzi\pepsi.wav
| MD5 | 393f1e65b814e53290439d97526c43ec |
| SHA1 | e91e0da95024327c88937bd9104b92a8b397a4c6 |
| SHA256 | f4bdc036b03463ca06c755ecb9919dc1b71edb6fec874317536d1e04709fae90 |
| SHA512 | 71a98a4e189c9d67d68a619a3f098812e93bb8f81c8dba1997db41b08994281a5bad5c098ac5e4b59c010a07968082270738d40a90bd393a29bc733c72efa015 |
C:\bonzi\score.wav
| MD5 | 0fc239f9d28611bc635a410db3189331 |
| SHA1 | 07f2875aca2065499257a2b442ab37e54cdb5c33 |
| SHA256 | 92470fe92d39298b8a80dbf1fc91a96c64449787a00ba50f7e377c64fd15ab34 |
| SHA512 | 5c8d4eeac0e40678755b2f5c3accfccb271891c0a65bd180c6b6cb66bfc3aa896ea2f8f4a28be1d8af2b74d339bb0ef0bf267124c264e97906f27412f4ecc3ab |
C:\bonzi\paint.mp3
| MD5 | 1c111738ee0d15359fd01970e0bec752 |
| SHA1 | 4259b0943c02d363868fa226daf312bbf1d285a1 |
| SHA256 | 6843957ccdaf90e02cc7883acc848dd7d2bc65a87ecd300bc00bd267b026833c |
| SHA512 | f11293c1b1b122ee7775671171ffa06d555c9a3b6652557ce0ac6b00b8c86a487f79dc6a31ed715036fffae9c50a0b77aa60de6bc0f98e3ca5968efc56406a82 |
C:\bonzi\StartBlueScreen.exe
| MD5 | b01ee228c4a61a5c06b01160790f9f7c |
| SHA1 | e7cc238b6767401f6e3018d3f0acfe6d207450f8 |
| SHA256 | 14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160 |
| SHA512 | c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140 |
C:\bonzi\start.bat
| MD5 | 76c6bb82f14dd70654068aef25870133 |
| SHA1 | d53fa079e0024e75eb1fe30d18d66f67f7faebe9 |
| SHA256 | 83cf30717ac40183d3df880f523d533e47f50c62537157322c0026a1318c8409 |
| SHA512 | 0c5dce308439217b25362e7ae7bf61dff3339b73d49c8d649b1efa2921ddcde02698cab8d3441e6d41df78f3cf66a523256b929d5c85209e137e9947e29d3448 |
C:\bonzi\smash.mp3
| MD5 | 2e41251102ae85617f735767e9ad8cf6 |
| SHA1 | a9da821edb3c7fbca686be6b5113c383361d184b |
| SHA256 | 049b0eb93ecd684a980394f491cddb57654aaeeb2d30325cad5481217b6c8e6b |
| SHA512 | b69bf793132070e5396b012604fe67348682efba3abfaa87d37fad4a157129ec352c4c1fff06300454e36cc459e2b281fd49a58d4e8bbfd3c81879319f9e6996 |
C:\Windows\msagent\agentanm.dll
| MD5 | c08f348afc0ecb15e248135a246521f9 |
| SHA1 | 30ccf959611ca0b1f131beae65299b7129230d39 |
| SHA256 | 6b187a95242a821ce1e800dd80cc7a91fdbee498900b2b7fa6225a273a43496c |
| SHA512 | 0392b7159ddb651a43fe0070a1ac243a86d941ee3b82c939009653c301e6d6f2ef86f16d2f2b092c488e002ca5fe02ea9a6a4f5db298ea74fd1a19c54976377f |
C:\bonzi\wave.jpg
| MD5 | 14c088fedfa49e01cbfa06905844f8d3 |
| SHA1 | 6fe39be58db72f9ef29d642b220e7a861a96daa8 |
| SHA256 | 5f79fad755940f442f968dd06fc1dd3dec3d2b480b4b26a0151be0781eb7328d |
| SHA512 | 37c89f145e90338eb23f5eb6e1f7ac83a7d10ac3e9ca860db13c47fe46a69bb9d8fb38c87f13e4c14b8e1c620a4236f08f723a01f3ba80b023b0300505d09597 |
C:\bonzi\vape.wav
| MD5 | 9fb155c34929da2bd9f5514058de197e |
| SHA1 | c850508a7e2f9edd9efc6abbe8909af618d5d62c |
| SHA256 | aa962bc3b0e4070f5c664063ffbf7241087e435e3b51a8e47c28a241d67c50ae |
| SHA512 | 1b0ac3d24e2a98643f583bf0da83caccae6b29fb3593f779659111f7297bb68192269222c12c901f2fd425fd5415237898e9058964b0980e17d107cfc6c41b5c |
C:\Windows\msagent\agentctl.dll
| MD5 | 7ac2e4204766364617db08f2b3b13f32 |
| SHA1 | ebfa3608b0ccf6f169bacbc3d8cf574a84c07bb8 |
| SHA256 | 6fcff6c942593c732c5acd0c56f5c4b686c2d8fb8247734693c4a8f9c63c2636 |
| SHA512 | 6f3a015c77bfbb13ba1a1d7535fefe683604833db391a73510d97760b198195c0e577d8da40b33e51a7c50ef1e6fd501c6aa11169b29b82b19664b8a294c0bd7 |
C:\Windows\msagent\agentdp2.dll
| MD5 | 44f0f16bf6eb8e1443ae788ca4eab04d |
| SHA1 | 0c80f7345466fdf0d69565cfb07cd7b60fd7726e |
| SHA256 | 5f6cee0baf6b35b36edf3f2eda0b720173e3d30c945b734749bd0dac861bc856 |
| SHA512 | 192b9b198b248a2c1b33d7d47e3444d4645e9f657c90229974a2254a538e9f9dd8f36b814385db0c01c4aca67fcb3d7bf64baf6219a35270c426ac6755fdc92f |
C:\Windows\msagent\agentsr.dll
| MD5 | b161767acba91b2ad503524165fff9b8 |
| SHA1 | d3c39c5820b34eb2eddbc92cced7ea60aa28dd27 |
| SHA256 | 6276ac775e6b1fa9f428cddc459a61ffff545b33705cb3e7e059771da942ae2d |
| SHA512 | eb74f76db115f5fd8b1eac358494526eb8cc9a184e234c737f2ffb61953a8d8e69083887d6605667b5a8e5e1ed0c8c50bf596ccf7b73ac52ecc9150b76420403 |
C:\Windows\msagent\agtintl.dll
| MD5 | 4877da173bad63f3dc43c4be4a05b781 |
| SHA1 | 5733cc438f4f83f4634369320ea6f2d8f1d0c5d8 |
| SHA256 | e800ab10b828225c9135b810c1fff8fcef6ab332f48395efc3a4d4ece8049d50 |
| SHA512 | 990bc3af324ab424af96841ec38ebeda2760c1ffa3fe15d8c48720284445d573c718d928475b0fb54d750cbcc352fdadbb767b88b1b0e737fc5bbd5d824d37a0 |
C:\Windows\msagent\agtctl15.tlb
| MD5 | 1968971f3fda39bda6239badf0234b8e |
| SHA1 | 02ba4512136d20202fd0d395e7ba13ecf535f460 |
| SHA256 | 7bdbbe55f8f84cdec639e53a427229f73d507cee22a0c65a8bb2009e3807b4a2 |
| SHA512 | ecf7cae871bdd2d1dfd1cf9f28ca6f5a8598b8d6bce7e01a17451ec48af38c76c1e3e25316739e0197baaea7c7be7708ffb5ccaf879ac0de1617102decfbd26d |
C:\Windows\msagent\agentsvr.exe
| MD5 | f209365e10daeda9a084dc30a8096487 |
| SHA1 | 7bfe1b5c9771ea232e96981fd79cb9d97c1e9203 |
| SHA256 | 7a8fa00e694d713a128802221815fcb114999a392851c72c02a73564f1d95844 |
| SHA512 | d68b440b721df12b6586f246878311c2b89001515c6b71f1f6eaa351256b6148084de0259ec2c4e03aabb00dd6f5caf27be14b6b9f6b08911c6b99f3332865fb |
C:\Windows\msagent\agentpsh.dll
| MD5 | 909db998f06e949c59558f1d420a169b |
| SHA1 | d113a11c32951b094ba4322c607b76515f5c9a29 |
| SHA256 | 9f3e5be482329e337a7f2516723bfb8886de89d75f551543b3832bbc6a06f987 |
| SHA512 | 7ad570f1b9b76b3270a69c3783c961561ec8d025975dd2820972a5c3af2206c990c5d04be10963aa0f2bcf91b155d50fa22e459ba6198f621667503a6a3422ae |
C:\Windows\msagent\agentmpx.dll
| MD5 | 4e91700e7bdcfb69946b078b3174031b |
| SHA1 | f20c61a08a1d0186449ef4cfbff0a72e6b603cfd |
| SHA256 | 6aaab6093d5a2390b9a3ec83a820508bbb041c07e50b874c736228900db50bbc |
| SHA512 | aa02128092e42c5cf27832bfc52dba7046a93cb528dbf1b07dd1ed90ca25738ba4106a8b6bb4f07c4581b402735b8741b10f14d27594e360238b82130177b125 |
C:\Windows\msagent\agentdpv.dll
| MD5 | 677e9dac87b67494de9a0e7bdbf77890 |
| SHA1 | 5dd20234aaed92f8db592b4efbb6b9e40f4c3b39 |
| SHA256 | 3f7b82d4031c4fd14ccd00bff04cf4be7f9fab842083106ac795957c50857108 |
| SHA512 | 7d7403fad4c13f8c6799b7433f76c8e6ff1ea4cd25fac800b570a429e4a7a9204c94f428c83eb359c5a84dbb6baa00a9353ad5a7729e8d9a8bbf3f92371aea7e |
C:\Windows\msagent\chars\Genie.acs
| MD5 | 22bdce2c97e773a7614b34d7c1720232 |
| SHA1 | ce5c3c484a9fa32f403e4f2fd2360fd6e38b8320 |
| SHA256 | 87887195179efe07ad6ee7a44fafbc0fa6b96d0990ec604f5651951c647f8f9e |
| SHA512 | 83ad39d3f83754452d557061f0792fd8af85d358ee4d279b27f2dc3a3866193b88df4d21a645baa3ebcf2b81a348af461114c61aedad554e665fadc3cb26d07d |
C:\Windows\msagent\intl\agt0413.dll
| MD5 | aeb8d95e0d925f8bd0c55083500b196b |
| SHA1 | 9450a8500b1d7ec98cbed8e4d86de359d359a645 |
| SHA256 | dfab04ac82a040e94f5ff005120f79d1357e9af7544b862c7f8c126175f85054 |
| SHA512 | 286e31dbd0fc5ffa779df4c5c5fc2a427cf3c56a1d512634e000d4564d7be404fa59da5deda9ddcbd6b6b9da1a3aa22b98312eb07769f4b7cf21d44feef49037 |
C:\Windows\msagent\mslwvtts.dll
| MD5 | e7b6aabcee0108d851c4da46ef088138 |
| SHA1 | eedfcc7f11145906df7955c9328bd8e2693eb53d |
| SHA256 | e4eea18ab949eb224892f6dcb6b5cd73a32b981486860376eba82fa54171d467 |
| SHA512 | 3a7f852eda6e9294a4a8921077164197c1e4e532eed0c3e918a3b781f7404fc9a166c2dd15796f5df19d368a249219306fb573ab2bec1e2dc1800c59c360dee8 |
C:\Windows\msagent\intl\agt0c0a.dll
| MD5 | 6849587b7169db2a475430386466190b |
| SHA1 | 3862fa0162c0be7f1e950ff8973ccc253ed16e87 |
| SHA256 | 333c07819883197e1461c603ad880266bff18d937ef41cfbd72067599f69f5ea |
| SHA512 | 6313cb16b7948946426f84231796301afa883d7bc6de0dcfd755638220a7f5f75c5a1b229083400277e158f9df770bb0312af22ab53031bc57b7830da69a726d |
C:\Windows\msagent\intl\agt0816.dll
| MD5 | 5992c3da611917348c1cb313cd3508dc |
| SHA1 | 8711081cd4b0beb0e6c0ffc3dd6a542b23746f3d |
| SHA256 | 07498bdc34970b7e88fb1e7e09bd4e68d33cd76da02a1d937aef62bc463cc099 |
| SHA512 | ae9c00be3a53c2740f44c0a73c8c0ffc3043af5e440761e84e7160fdf676acb533acef1ee8cc5b7755d06ac34643704db312176a2d2cf92b2c6048450c999d0c |
C:\Windows\msagent\intl\agt041f.dll
| MD5 | cd2f542e2bc4da9f5939aaabd1537834 |
| SHA1 | 5c4e4bbbebc07bef9eb83c507f6add63cb01dc6c |
| SHA256 | bbbe538006290415c830fe38be6b84d964ca2c24f44efc3ca527976e6c92b599 |
| SHA512 | 47c60b1ccc423d35cf1efe417f5b8f2163b082be311a9e04f75a54a515fb323e02cdc56171a4d2d41a2e4020bac8328befc2d273a97d007e0630eb914761d75f |
C:\Windows\msagent\intl\agt041d.dll
| MD5 | 18d2c5dfe7b9200911d691b5b0d0c890 |
| SHA1 | 79c4a8a9daee813ed6ce1791247a2e88f9161641 |
| SHA256 | e661e253655aa88ba6c63eb1e44ca29fb31a9d1aa0880aa4bee9e373a51ed227 |
| SHA512 | d9545d6f3c87f5bcfa8f00df125326d0999b3c81252707b34af6b2c7b9f08de592ddce4007315cf3401fe24222c16de6ba099f961db232686476a78151cd7002 |
C:\Windows\msagent\intl\agt0419.dll
| MD5 | 9b3c6cd206aaf590c6c0d1d06070c5c2 |
| SHA1 | bb5a1a8fb839fcdcec85f8c3ddb05dde699f15e4 |
| SHA256 | 58a7ae2732360cd29d4d1c95886680291a9d24750f90c64f94b5e984e23dd6ac |
| SHA512 | f74a00cb4740fe73ab5a1781f0eb351b2f9bce742f0c0e14aa3205f0c5f915fb191571793b9af94d417bbc3f40dcf918c60474d95a6254f6f9e887f8e82490c2 |
C:\Windows\msagent\intl\agt0416.dll
| MD5 | 882a86b6f624e309cda6eca01f6e1989 |
| SHA1 | e7c4bf0738faedd0e57a06ffa3b4b7a3d14693ff |
| SHA256 | 26f2ffce49c383e238748d13bd545ab114d7aacbb08cb072179d67dc5fa4cf28 |
| SHA512 | a2d2794c895ec1203c5cee2c34a6013d8fa90e31c582dfe892650379bf4b4a8bc6bb932e0c0369457844b972968b0a136f1f444dc47169e5cf3e18696df0e009 |
C:\Windows\msagent\intl\agt0415.dll
| MD5 | 7d7a60f32f725d1f73fa915e233d4059 |
| SHA1 | 05909dfe82dce482ece07cab96ebdf90b881b51c |
| SHA256 | 9f9d3fb470ebcc885931d87decf3c865009c754e1d553281d2cb8d329f3f73f2 |
| SHA512 | 126b37d5845bf682f69d0bc9aa3d68f94b336eed6e625bac2f78ff90fbcb5dfe4f23b748af640f65de05ee5bfd8d827f36c804e837de16e8d6aa77eea3ea02b7 |
C:\Windows\msagent\intl\agt0414.dll
| MD5 | e362a1629838769704a5ba4e48cd47ae |
| SHA1 | b6084b43a997a8a81c29204e8b71f43fbbbdcdb6 |
| SHA256 | 84f09d3d6e874cb02b882ba070dcfa36683eb61cad6515e2bfb35e990f06ed6b |
| SHA512 | 331850dbe0532f262f8b36bff63ced16867e0151934f66fdf56bb24814d93d8148ab7c6317002e9e0d118e77dcc5a6cfa88098b6a669a49f456f8ece05c263c3 |
C:\Windows\msagent\intl\agt0412.dll
| MD5 | 673af99b34393b6d62d527a1d8684b9d |
| SHA1 | 85da09b0a7258343ab03bacbcd81f6dae52767f5 |
| SHA256 | 71b5f3377351adf9908d564dc3d38373b43fb826a6e3a7f425b9bb3d79fdf819 |
| SHA512 | 3f97869555c5277291d73b9054a7505f7bc0dff8032ededc088074e100b5b358114205be63e4e2089f60057c5770549b37ddd891e8b8ff0a08342ebcb6be2834 |
C:\Windows\msagent\intl\agt0410.dll
| MD5 | 176a0d87bd7b87bcdde7e5435a8d0882 |
| SHA1 | 522eeee0a0bd8bf3633bd7d65746371e9ec30724 |
| SHA256 | 5092f7295fec2ee5618b981965552476d5e22d21f6e610a9475fd31cfb3833c0 |
| SHA512 | e2f80f06a1f5a01a5990a50392b8828aa92c1d392637580e9f2ee00a0c1a892dae83425f724319240ac1267db67353370462ee5be3a88fea38db2d259b9a622f |
C:\Windows\msagent\intl\agt040e.dll
| MD5 | 79c7aa68a9e906bdc999c953b0baa9ac |
| SHA1 | e30711f4cb785fdb98c162680189452c471875de |
| SHA256 | c06432219d3769a5dc58b41e3f2a594f46ba3748f1d2753a71b83ccaa1936a54 |
| SHA512 | 480e3a091659958c92101a34f17ed18600139e97ffdc57e692a95f3b9d1cdb7ba2b99543faf4d45d628a140dc4b96cfb98bff8cdf54bda90bc3c4676c4c5cf1f |
C:\Windows\msagent\intl\agt040c.dll
| MD5 | 6e2aa1fd86a44ddc19636d6655568399 |
| SHA1 | 542ec2ef24096a619cb393189dcecfb94ef5a256 |
| SHA256 | 65e5feb47b79ab353d0fd8a7ac9739b37699f5e008171e2241fd0ee07868e677 |
| SHA512 | 9ba66b4220f58aabca908a25a16f95c416255f1ac7d823ab5f52fdc32a1f52f127ce80f425e9af2767c707c41c1ffea62ae9ebbed77b5371e2dacf726cd3b55f |
C:\Windows\msagent\intl\agt040b.dll
| MD5 | 8d5054977b8adef4b3588d428e0ac4b3 |
| SHA1 | f31482db2a480ffc74bc7a060fa5179354d6917b |
| SHA256 | c8e364f9d295a4a6f9c5bdf0f468aea71491f3f94842ff412fa5e84c67217a63 |
| SHA512 | 1b49f5c87ce52a073f60a9fe15ca9115b4eee606aaf194b1269ef1fb2e42416a064c8dad1c2eb780fddcb7894097f622c5cfb1f7b5a67e6d1b5f6093d6adaeab |
C:\Windows\msagent\intl\agt0409.dll
| MD5 | c537ade8e61db55bf89a84e682bbc6ab |
| SHA1 | 8180ce84f2228cf62609f30fff32a631932f82ee |
| SHA256 | fb0dcabdb076b8f81a5416c107e5ced3222cce4a1c2135f0068e3410be15ad88 |
| SHA512 | c26c5a1b40270189184e83f7689f07b355939de227a3ce775e74c49f422ca5de97c508f004ed2cc7f828bffa27a953ff6a3fd38ddb112f9ebcd941675f122359 |
C:\Windows\msagent\intl\agt0408.dll
| MD5 | fd67c2f652986c2f217ac83eeab6268b |
| SHA1 | 83a1fd6514d7a49263c9f13e24a82b127c9135d5 |
| SHA256 | 21c21e6dc4a0ddcfd48f92c7b47d8139758b06f55884f6da8cf51fd85386853e |
| SHA512 | 86778418fe8d06dabccec5d47c8789074134ae712ffda2c013e997bdf066bf391e3e6a59c086ceb935aaed95fb9ab68f0e8604c32cf95cfd829dcd5853278cb7 |
C:\Windows\msagent\intl\agt0407.dll
| MD5 | 864652be39f3ab4b6ecd47aff9430e91 |
| SHA1 | 966830119d427129f208781427fcea0384aa50d4 |
| SHA256 | 4e2503e1281f9530c0d83d3692d867a4c4c794003e69e8121fc6676d2e320010 |
| SHA512 | 1291c74c99615a63b2b5902491209585b5c3e9b21296f7914e80698ca7ef238a529945acca6c5f23ab36fe36e1aa791a0b4789a6913e86d2671190a90e18bdb1 |
C:\Windows\msagent\intl\agt0406.dll
| MD5 | 9a2185b7ab725324cfac5c31e641ceb3 |
| SHA1 | 7c8c91264ac5ec5430aeaeeae37c98aec0a30c55 |
| SHA256 | b2ac9edf8f9d1d7ee3f9def30af93a2a59ddb7ca20d31e8fb240e10bfc4daa5a |
| SHA512 | fac3b7efc9934e974ddceecf217cf7a7af1b652e8b185c94683871ed8c22e2debbb494a1e3214f4f511cf19e6e2a8786966050d09ba479c12b8ca203cce93cf7 |
C:\Windows\msagent\intl\agt0405.dll
| MD5 | 7b8fb679427871afb2466d08204e728a |
| SHA1 | ed0b79e6d11245fa08d90f0a81986de9028c0349 |
| SHA256 | 727f6575436540350f7ca0201b025ec713d33440eb7c1bcdf1fd64fd5e45e6f1 |
| SHA512 | 1ce95c0a2d62cd79f442a56d6db8ccf196a943cf0fdac4f8696915bb7c49a717853683ccf50a68e8a5ebdc014411135923b70a6fb35c40c58b9ceda317981fff |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
memory/6036-2703-0x0000000000400000-0x000000000046F000-memory.dmp
memory/1808-3195-0x0000000000400000-0x000000000046F000-memory.dmp
memory/1808-3208-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5220-3712-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5972-4216-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5492-4720-0x0000000000400000-0x000000000046F000-memory.dmp
memory/3308-5604-0x0000000000400000-0x000000000046F000-memory.dmp
memory/3312-6197-0x0000000000400000-0x000000000046F000-memory.dmp
memory/3312-6209-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c84d8f819d55f37c8f7dbaac6c4e2dc1 |
| SHA1 | a21b5024b4b7b1aa4140f333d1c949a1bc2cdb19 |
| SHA256 | 455f8de912f94b6bc77deda036fd3353a6efc39ca44b2d070599995dc97ccf5c |
| SHA512 | c278b50029f997348d884f99b11508fea46077a9ac56f3f18f110109f2cf6a5631640c57e5f2a3118acae668dc9688ffd448b8591173d727bd6c94ba2da9547a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e63d6d5ee93e452c528b63dd69c1e0c6 |
| SHA1 | 5c06c0c69b4915c8f42562295a19b7b2dd19e1db |
| SHA256 | 9a56082fdc81266ae3bbb83f1f56f4a6bd833ff228fcff86d9f17517ecfadbf8 |
| SHA512 | ca31d262e52ef4cd961aa7eaae56464aa5845b886777573fe5622c2d4f1386a876e00bc099a3042a7d974956a5fee980c9bfd04eb959e7b88dfd1b71097cdc96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 472ec32677a453af2c74692a60147dad |
| SHA1 | d88b5e900d82c9bdac5cecdc1104ae46888f9e89 |
| SHA256 | 28f495a706bbb9a09ca286ecba0123bde6bb8e1e0aece749eeea7c8d62fd52f7 |
| SHA512 | 4140bdd439121c889e8ca3824b2aa6783318d0ed28557ad18ec8469df1cbcfa4b492f37b27124f3ec12300e3e32247bc1bd3aa9e89936228e6fba84e975beea0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | aac57f6f587f163486628b8860aa3637 |
| SHA1 | b1b51e14672caae2361f0e2c54b72d1107cfce54 |
| SHA256 | 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486 |
| SHA512 | 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | be529a907c265364aea60b32d2a6b43f |
| SHA1 | 4e36681dc58aaaa130238083d0aa43d4604019e8 |
| SHA256 | 1790bffabda47de3ac63c09728874fec01d03bd240361e81dbef964f8ed179bd |
| SHA512 | 37e65201a514127811d0f92dce4ca096401af92b4c90441d1e0673c1829cdf5d47f513a63f8ee1593987ac3dd542f197654423b0fe24d50aea4794001356004b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d023f7c1f31144d6718259d26c3347e7 |
| SHA1 | e555fa6585605520b9a7ca18f80392eca429e438 |
| SHA256 | 612a6f4f3ce33101a2622918b083ab7976f7e12af7910949d0e327ab28f882b2 |
| SHA512 | cb5a074938101219bf3a3a89d24fea03b2c977134cb2a861e58b380a0137a22dda9ec18e539118f554138fdc51d159fb8ee0f5127b74e0331d680df69a02906e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e2b8413f78dc1e2ca18304281ad7993 |
| SHA1 | 2b913a5e1deb2956597db42f30e93b1c2319bf50 |
| SHA256 | 998a56b7201fa41d1d1cb4caff8d658206a692eb845419f9fddcd49d00f28caf |
| SHA512 | 0e7a5e68c5e8b1cb48ee88c188b2c996aa5b52c903cf94dd0a745aeab1452580a4c34ce4e2cc731c932cc4d36bff4f00c943022e7ede2f8541fe873ff7450a0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 54a5ca74a6d9c531ec2c366edd7be658 |
| SHA1 | c4d01c1cfd3c190fd9ac918eb5a3bebaf41b29d6 |
| SHA256 | 9f3cb2edebc4754956da013e3e4fa9735d5d5cdbd5f02a7c9869a8ada5bf190d |
| SHA512 | b8670bb7a6496e8e6a09dbcb974ace55451be9c937f178803891129bd33f9545119924dffffa84f13dc87a753df0e9d66e104e5df72f9d6911c619c835d78e2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | ec52a780fb628756883539d1daf3f68f |
| SHA1 | cbfa20c69acbb5b75a16c81d12127be1ebcd47ae |
| SHA256 | 4db0f4e2991abbcf13c1fa0094672e2b3f453797e271a846a0eb3b4ffd6ebfce |
| SHA512 | 5191b287f7d15d882ced2bba912a327c351a29dfc4b457172f3f5886b60eb6d7683c6ca51c9734cc0385da9514d271d674313c049db5b0adec1b05a1a1ca29fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 8852cfc3d33f08671c7df96fdadcc54a |
| SHA1 | 53a286b6ff6e215c90fb9d0a9a3078ffe1d364ed |
| SHA256 | 2b907730278b227f45035e1f5fc78cf47c018a97145d8728efe190546481fa83 |
| SHA512 | 20ceb5526d323a609348bd7d9ae6ad0d9416eb637ff55e5f7bb9cf73a2be92c5f0ee7aab1da7cf43835552034a97a49c3d7076b4d4d00c376ec902b4dc50df97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 675c3cc9eeb511d43db6635bf1b515f9 |
| SHA1 | b5a3bc916093bf35af9cb26f45f79c229db4d70b |
| SHA256 | 827caf07904c9ca524acf5d97bcaf1f11c84ffdb1fc2e7f683e1dc80648ed58c |
| SHA512 | 6e82a416ca6d79ed2402382326d8621d9828b420daad5ff0a93f2de13598213b52ed7fc9f6a59dc6bb71bfb6a1bb13be3d54581e2d26ecb0dbf0bb2ecc894197 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | 7739350f11f36ec3a07b82584b42ab38 |
| SHA1 | d97e0e76a362e5fce9c47b7b01dab53db50963d8 |
| SHA256 | d84e9971e8c344b9ff5a5968e7252270757f211f0d408e26c12693729068ed75 |
| SHA512 | 2cb436985e382ec17390a1f8a7c112bdf18206c66d845934a14f9c84781200828e05c57cef5d4128a9d9b96778042ecb7ba2c031563c78ee9b8ec41accf8a537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | b06fa3dfc52a8b8307d2b0cbc039a5bb |
| SHA1 | 26588a72932890663c6316230f630e52f5038fc9 |
| SHA256 | 2ceb1cfc5718d43f62baa9b802554f79e4029384a625c01eada3c508a3c518ec |
| SHA512 | 271e62ea541a0b17c1e52dd79bfdfc35641abe1750013daa237441e2751839edfccde0e42f6f67235989d608dc27094c86c442c7c584248d0b9ad251edf57837 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 9a21c78c3cfb129f395919dfb35bd678 |
| SHA1 | 65e66cd7c7dbae0fa6f5346a1413414bae531d06 |
| SHA256 | f336b0f4882f58bcc4ffcea8aeb064c3f2999836ccb269eecc140bb401bbdf23 |
| SHA512 | 8005c6594dd227e5dcd0e1a9dca2757c1e94ac1ee01f23f01130900f67382b5123b265ecd7f79ec01914ad8d8f743318fa2ba6fa70fa18a5597a9f492ccde04c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 12b3b06a215a92b61047d4d676009d5c |
| SHA1 | bfaffa1420406892f96c14563413c12b22d5578d |
| SHA256 | ebddde1fdfe55665db44af96d9a914ea833d5c74b510150b0aafcc6598c8ec72 |
| SHA512 | 5f597b93c1bd9e9be7d7aa42ec1a69d1183d164096046af276546f907c7796cd5d1ea80d152ac8cab76f1ddf3a6e3d51ed74c6dc97d467a4f5519dbad8d42ea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9542a9daf5efd4763f339ef742e7aa5d |
| SHA1 | bb76ceef3329c85bb2fa1b62c697ea7a3bd74562 |
| SHA256 | bd523941f7ffd6611f770b97622bee6f4e68432d6d93e775ac488babb9f38f89 |
| SHA512 | e9e1bee51ae2c6a639d120ad1700b2a3e133fd9dec2b488647de2af68b20223ab94b4019e94855dfee14f62f2d1e90b7d1234f320fa881c16d4e5ae93b3d879f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a474ed60a0205e1b5dc0ed18939da3a2 |
| SHA1 | 5f755d880347eaf19fa454b8d0b0f7f2189d5804 |
| SHA256 | 908559c9bd35cbfdd3a7d8a3b3f37176884b8781f21e54f561f6e062912e67d1 |
| SHA512 | 3ed5756ef42269c1a46dd21bd16cce2fd43dcbc5952bee447efff03fd428431e6deb96c315a5b5d7a958d5c7502f777a608a3b57e453480086c8f9cf34d61514 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e0a6047f190455a51e7347ec9edd534 |
| SHA1 | 0eb5387af0ce4192dc54c8b741f2ba45502ac9a0 |
| SHA256 | b9ae1d075f652740138709f4cdc2c27efa39d93a9a889ebc1ab118ad48753f21 |
| SHA512 | d822661bc0a4f9b10540f436ef85b39462e0210f42eeb1f9ebb702073df5544a7893215e4192435e20015a1993e5e60b3aade482dc746bdea308ba78c3a5af48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2911c2d300c827729bc5c14229ca18db |
| SHA1 | 8633c0898be1c9dac6e018979e1dee99cd609a8d |
| SHA256 | b9f2b25dd5cb8a30f129b912c13070a5db3a115f644c639f1deb8733963f4ab7 |
| SHA512 | eb4cb95a7d0d22958538d4784be47f1be87d038e5ba7808a8f2f7f6a8013de23851438e6e00183155de9584302b464fce064dc3eabf46e06a8240f1fe262c10b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 595940c1808f885f50ee14fd1eb3d484 |
| SHA1 | a8b6ce47c9407796e45451ebcee444c1de84bda4 |
| SHA256 | 076d898736fa34258cd3f91e52bcc4e43d3958f4e9ef74da86618068f201b6f6 |
| SHA512 | 1b53aafbdf9d97e1a9fcdd6af87ff7f2eb281832233252872085ab893bfadb1b96a697a2f3209247dc331eb17af973a6dea7720746cb2819e6b551c691df0c13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | bbc7e5859c0d0757b3b1b15e1b11929d |
| SHA1 | 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d |
| SHA256 | 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2 |
| SHA512 | f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2ebcfbb69f044bc6327f527c09febf65 |
| SHA1 | 231843073f05199f8d6261f1351086557974b4dd |
| SHA256 | 856267c30ca443bb01161c124dffe600dcfb13ce86266c7c59489bb1eb489925 |
| SHA512 | cde787b11b2d4f814c4fc20605ec1cceb3689ab12006d018809c4efde5d35055f0150bae75358eceb8150625994aa575d6f75894230007b78f91d26c9524e746 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b6d4b22ac763bbf05ef0900ae675cdd |
| SHA1 | ce54f798ba444f2fcc2c889b581ee169c4dcd29a |
| SHA256 | d267bb4a5cd58b9b6a02e90642ed6fcf7e23afe08e8e0fd5bc5d7ec08d096d59 |
| SHA512 | 42fcff7d4ea38edb6020651b56ce13ba3e779528d0812f35ffffe4e4634cce618461f73cadd30c24531e0351f35c601edc1960ea6719c628fcd0f5ce1b3fbc70 |
C:\Users\Admin\Downloads\BonziRogue-1.zip
| MD5 | 911722d67f234eb299b8fc3e834573d8 |
| SHA1 | cca1cd0426545a385afcf6983cb8ab3479e235a1 |
| SHA256 | 1d1cbdbd3a72178b36bc9a68e4b5c8f2d849c5698f65d2220033d3417fff2827 |
| SHA512 | 63e411a4374a05ae5f07961ae302e66035f2fc8f5087710ad7012eca92bc1c723bdc02be04baf5ba2f792288438623da21800c6e980721a08f250bbcc18de092 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b84645607719e24a99efcff0d343e894 |
| SHA1 | 5b32be82032ee1346473cbff53a0339561634809 |
| SHA256 | 5beb1ec96d1aabcb1bb676c29d061a741976b1234e7667c91686b748642e865a |
| SHA512 | 4bde5c5724e17da0d5f750ac68fea330a13b59e167bc3327f672fb2175f509cb8b0c7ebe3ca0e9833e9ba378f65f9abb501b1d54f50e17996f5f325938abd3d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 59ed7fb7d6e513a2d6e276b825af99fd |
| SHA1 | 48d65e043ff52365c55998d907853da3511bb24a |
| SHA256 | 4f4e351795db65c82eeefb3ebb7543fb58468f7db5a9653c5184ad8681827671 |
| SHA512 | 1b87ce8c935fe6e04821e376ce4a781364737416a128c56e64468419e0031489d892e5b66212aaa1caa5abab90dde713ea03cd3f4fcbda8b72a5bd5891a5c5e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1597fd87cdbc396cae9a090cb550a789 |
| SHA1 | cbcca5b5e3fce3d954b732b1c93502cb6b3edda9 |
| SHA256 | f4ac4c29b29bcfe02154fc80b98ce06171f3b2c5ff7fddad61200b9468753034 |
| SHA512 | 9bcbd8e951a85c493aba5b7a8d4283d1ef2eceaea72284eb91bde483649a3bcc895fab3b75059e44ce19c12156ed85ee61cba17fa141cbfbbacbd39fce76d598 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6f2ff8e391458fcdc99c010560414e3d |
| SHA1 | b528718a84018725720c22ead4b684aaf997d24b |
| SHA256 | c5834b2743e5355417ad772da49419ab65989abefb4f1c696c0eb05056ae3d77 |
| SHA512 | 16d6677dbc82a04cf1ae1929b926aa2aaf2fd8995f643a89c5c30e595d8077cbb816aa8cb2f2937d5037f4e33471b3e3d0f14630eb70758ecbb7ce2b3ccf6e55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f89e73c64a08cc954719eb8c116d1602 |
| SHA1 | da007f4bd2d0d9ab406fb19ca136a31c73680edb |
| SHA256 | b7942e338f7116f75bf470c91c8d2ef788672cc33213d5507370fb05177b9f1c |
| SHA512 | d999a82edae52f1e575cc751ca227734b683a4bd774729d37bdf147f969b81e3a7e1346eccb89af781e14126aec87b37ff1c167a875b1c5ed9ed44fd9e709671 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c4dff2cfe8264a27ad2c1afbc37933ee |
| SHA1 | 98e5b64644bc775ff02e744782e8bc62c009ce05 |
| SHA256 | 2706da0ccd7a2fb7cdb15f270876677c17c07e9536936af45046573a4e7a8d59 |
| SHA512 | 789dd56eb0bb8c37d9f983ccb11d28475633f15feb7e003a3c767f04a0c3ba07dd414ee6dcf28091713afee9f82fb34f0a7cfd1964e124619c16ffc5bf5410b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097
| MD5 | 53436aca8627a49f4deaaa44dc9e3c05 |
| SHA1 | 0bc0c675480d94ec7e8609dda6227f88c5d08d2c |
| SHA256 | 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1 |
| SHA512 | 6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b
| MD5 | fba47837a4f1869cece43900ea928039 |
| SHA1 | 58a94b50fdcdf1b65972f37781f28c2225c10e5d |
| SHA256 | 858f19c7c56b26332a91c653c5ca46dcde48424af28a37f6a1da74e68be4ebbf |
| SHA512 | b1f32081bd582e825232bcfd2cd81b0d7699471b42c447539965721f27acd7d49d0153a5a3b458c2f305c09da0f345eafa2572f9acd42bbddae3f5e255eab3d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1
| MD5 | 77a7756774746386ef9ead66068e5e5c |
| SHA1 | 55692345ecefd7eefe4b8b78b377c23d27281ad5 |
| SHA256 | e2519bf5591b6053295770da0709fd923a5c679c543776bf35a12412d17add91 |
| SHA512 | 33222b2b55bb28e340545fd123806dc0dc3177d8e5f7e8bf209128a34680c8af6210906f2170433d4b9cd1066b88b74eeec400aab89654024359907c6e0fbbd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b988b2d40faac5f86db146e26f76aa3 |
| SHA1 | 3c1a335910dd888b9c7fdd7bbeb8d717da81799b |
| SHA256 | 89184578978b32dd1856df6beaa60d65fbbe40e2a1a23348bd8b8a1e0795e02a |
| SHA512 | b54241cadc966fd16540dfdf2bd9d7ea9cb0b6a32b86a01b35a5fc202487f74b4a296467aa3bdd0435e8da6b34abaecb4ba140191baca33bfb217cd1405a0f82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c1aaa07bf28fd067ff378211e76634c8 |
| SHA1 | f75d6308453e4507e1866734a69b4dc792cc009c |
| SHA256 | 86bfb36c06f9899c25f510231ad0e9aa807933c1df290b782816fcac69b61a0a |
| SHA512 | e6d7debe24d610fa7c9c90cb10955b761ff09cc17425a3a70c99138ace2f094c61c38cd4066b06d1196e955fb2e6d24ec9e35cd09cabf5f2aeec0d6e1ce78330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14390c00720f6d4c73e823fe882a7e18 |
| SHA1 | 0f2f4a7b4acebdc2a728f559ed71d828e3cc0eda |
| SHA256 | 4d7f082689ed064b3d48da53314f1e90181af22693c3f06af2463f052f3015b6 |
| SHA512 | cdd8217f8e691697407454b7518610067c8b913816de7a51937f0e00a9b66c29be08a8bfba5419a30b6fe8db7e0c4decf0a5a447f8b210ebfcec769a15128ee4 |
C:\Users\Admin\Downloads\Unconfirmed 350908.crdownload
| MD5 | 3266fdc29df011b6d957fb55515a39c0 |
| SHA1 | 86a667801cc4c08c52ecb916ed6c1cfe227e1e5c |
| SHA256 | 134160a327410388a2aa8c9edfc20a49fa40d55db41e4cf6d8852372d88795d9 |
| SHA512 | 4479fbb2d9e4fc62549473aa3a76760a9b9afdce37cc0d3d809cc5194273e8477d80d58c3f4dfc5b52452efee353178f5e93cfacc9ef9fdfbd76016d835719a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094
| MD5 | ea025098c35e6761a82cb4306a3e0104 |
| SHA1 | 6301f5facc6a82d2d455ef6dcf296c1967a517b5 |
| SHA256 | 4207641e54e9cb2e066682ddc7a7e2aa0e5aa794156fb5c2020a81361e67ab94 |
| SHA512 | 56ec932dad87294e4d1df229a524b869c2c3e4d8777385e0b98b18f1e41fb2f330b3a919c2a67884f6a4bb0435e53a546f9139961af85d2a01eb181fb25341ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095
| MD5 | 643fc418e76d7330a3165e1e238ce081 |
| SHA1 | a81edeb988d1ffc505951594a0651d759f161ac3 |
| SHA256 | 21d067403e18244f44d612f8e2210be087390e1fcaa47c02b63debbae2e1ffa9 |
| SHA512 | 21b9aae7232544158e2a7add33d50018219734786172fc0a2c3bf737c1e153cb8b53566c95fc4ae911768a5263ac2b794c0317a069dcd8d796f1021f1694827e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cfe10a711817c78b_0
| MD5 | e6ea9033e20ad76ba3ac200bf97cb651 |
| SHA1 | 37b217b68a60bea3eb4590bff0600b64ffb1980e |
| SHA256 | 73f6efc16bac62b3285e2de01dba0ee15e04031df2d12b7eb7573681622e718c |
| SHA512 | 73f4dde658f7c95fe399036400fa3ba8dafbf57d0de29a8e2e424a5935c508fc5def1414bbf0348c9e4bb1af869e1e1b80f049e75865ad51ad059630e6c58d62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1b8ae0e28ebcee83a97406efd54cbda |
| SHA1 | 61072110ef3390000f68d49adee4ce250993b82a |
| SHA256 | 9f44ed3d68ec0ae0e5094d07493b169bd13d0de610ad35cf444d861ef4d998ac |
| SHA512 | bf2fb8938141ea983aebf47152e28afbaf952b44957beae50ac47989d4b1d36ed883756b189476712aeb17ab8a3ce4a44aed5b3cb62bc72ffe034e8a4caa1c5e |
memory/416-7544-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9522dd92b4d97c4ac1bc1e114e936edd |
| SHA1 | 8ae44352a9531e2f3c40931c2f158c2ac8f50b96 |
| SHA256 | b0d30a4a3ad03fd071c7b08e42b285b44ca296a89a36eb2c7000370199d86b8a |
| SHA512 | dc0df10339eef7ca3ec6a5ce4e3e5e48c23bdb650ee5c3f691f94b38de633bd70d7bb3612fd40a88d08cb9f4eca964985c0e09996ad6c9972e220bff5d79458c |
C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe
| MD5 | a01e6daa64e1408a0da357c9520fe23f |
| SHA1 | 8ce8943df98d7892d135747ea8fc1e9361d3558f |
| SHA256 | bfb5038b834416ddccfb6dc94d42daba460b96b664135b830a99a68a252186b7 |
| SHA512 | 4a6a1fabca4db87883af2576a71295f7a8a7eaf66e29a3a22c0c57a23f67414efbab4eacb3c311a2b4394c77cc9a83399ea5a6603789eda4951876449527383e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.INF
| MD5 | 8275c5f0d81e4bdaecaff93426f37ee1 |
| SHA1 | 8b96c3b0eb9fe86a2ef8c6bde9095c4af26f6c40 |
| SHA256 | a8b41751f021ec02a909a7eef1d2a99a22bb583c525f4d2c91631f999faa5887 |
| SHA512 | 53e8bca5dbe83551fd61d7f5819763bb013aca9b5952a7cfc8e5d5efe33ee6448749352e004616f2ba28c8383e3907663147208b2a1ff5d235cbb0f117646d2d |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.CPL
| MD5 | 5b6a9e6737531dfe95dcb29208d4b639 |
| SHA1 | cc812359c46383d4c489a76825af8c6d01964463 |
| SHA256 | 9f58d16004d0b59392908cacab9e41a638af4a05026af17127ed9792840390a2 |
| SHA512 | 84b82dcd51bb4db6b5b4bc907182350125ef1accf9b5167f133025ceed8ebddea563b17e749fa9105fe0b89765907ed297071a183f3e8b8ec31ef4a4672796cc |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPCHCPL.HLP
| MD5 | 4add01eaf6d9fa8c21bc2ec6e473a878 |
| SHA1 | 3b72793b1d34aa2292025fa94f59546fc030a8e9 |
| SHA256 | e04674b406f2ac0acb4080ddf2aa131251cec70cbafbc9b4796d5ee180597a48 |
| SHA512 | 8304244576ead82539c3a0660dd66b8c3d0e5cb9a2a1c32a6a9df8e3c8e6b359d0ab5210c86813aee838ae26e3661d0f3e494b8ab45343c1f9a9141da7ca2b1e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 1233b28631b64f0b2fe25e340d2c7646 |
| SHA1 | e785e3efbd6805af5a6c6c9192854d5b4250825c |
| SHA256 | 9ca0974c15e7f554ebea658aea15fa9739f801137e96348deecb53132effd812 |
| SHA512 | beca42ff5da8c4a07fcd4304166dd1f6d815a6ef3a3e51948c2566c2653d20fa3d669701e040ce38e0ceb89860394f82f205ed88de7fbe50c359dc3869f7a19f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPCHAPI.INF
| MD5 | b00f1393bf87560945b6b38425998a79 |
| SHA1 | 2fe00a212f952f7e4a53d53880ac90ef8d8c32e5 |
| SHA256 | 9e7e55b61d3619729829b263e0af2320223c7eda74eadb2644c63d728405c86b |
| SHA512 | 854222c8d68ac0d556fe0fb4e1bbcdccde963bf1fe82c1689dd86439a519d8afb5c9db7bca4939fbde011dd4c84c09610b779adc64a18f0caaa57783ce29c7ef |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.DLL
| MD5 | 898fc91bf6424f629e933273b6e46ffd |
| SHA1 | 2c777a8cb7f6e9a469f6d6486c98e70414949acd |
| SHA256 | 171d545ca7d10188875fcf103b664be2195996bbed2bd4dacfa8cfe827f1a441 |
| SHA512 | de7815a04cbddcff2c2ebef4c6d441936314924f6bdce3b3fb4a8bd4b62b761c7dbb3b99a12deb45b23b186f42a431d67b43fb9950f3d447ee9f721bf6cf6ffc |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCAUTO.TLB
| MD5 | 695b08aa62b0dd9031fafcc1bb2a16d6 |
| SHA1 | 1b151114b4f1fff8b3ddac92f4e8b3de2cc02ff3 |
| SHA256 | 0e74c1dcbcb38daeb9d505b94f74b32ad8d37e8a26ef4022d46999eb3727720d |
| SHA512 | f0a816783fe19a740c50cef76f5747ba19f86fbb41ee95d53c234f0bdb1e28e7d9badf55fef6e7e8e1b9d1d656ef5c4f5d59baa418fe6968e42a083963b3f128 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCMD.EXE
| MD5 | 367351856db877b6c659dc42dbc89df0 |
| SHA1 | 6725fba6e42487929f75c59fddf44c8d090a50e5 |
| SHA256 | 6b2c21142bbb3050101606f05956a60dbe04f971bd8034d918731f8e9450cd35 |
| SHA512 | 2c5ea481d64203751fa059bbf54e17a826df8a89d73d923dc4c5a68a0c25687cc3d74e511cd740eb801c6210c18a51bf268d3dfb9648a83eed137bd384640634 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPCHTEL.DLL
| MD5 | c546b50be180b4f7810fd78c7fe8433f |
| SHA1 | d7b071eaff8d0498724c1e779731db51e41c900c |
| SHA256 | ea6b0454ac40794ce46a6fd8fd244179cfe76293b18cdb52f02b372dc0f64d1d |
| SHA512 | 34ef3830a489510b42dbe0b084d3e688f7558ad2f806e344b760d5e25744763792ca52a664c312a47417cf629a74ddec302f47eed813e76316ae2e5aaaf6612d |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VTXTAUTO.TLB
| MD5 | 283c7d582752fc0c025421fca7b7e1d0 |
| SHA1 | ee6149b8023ec61b18b098ec3e37648c610c51a3 |
| SHA256 | 544b33cf240a425cccc910269c68b99b411b2374571ab8af51a490f9cc277f77 |
| SHA512 | 844a6689000afc5fa724e1e1fbd4e4efc6ba6f67a4c5d2ef88c0c963feb5f9cbc62779affc11c318bef4b049a77d6818b0b2f8fd0c85cd14e6ae7414885b482f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XVOICE.DLL
| MD5 | 06201e3ce75755e5eb4138a0a3e1925b |
| SHA1 | 05296f4e2774b9c3270365bf19304bf28e13fd51 |
| SHA256 | 2bb50939fa7068791eea58c1fe6b112bcf5bb423ca55b9698411957a6f82d1b8 |
| SHA512 | 0bdd01a7f42a3b6de0ca094d55d79437897e2f329751735097d2b7c4ed07792ba81c07544ec9a1f8c89a9472b57b3067dc204bd773721ab8398637949ae74d77 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XLISTEN.DLL
| MD5 | ce7367a398dd2d0f77041316906114fb |
| SHA1 | 128bbde9b589b94f88ae9799043b3c05fdc73990 |
| SHA256 | 287fec5f90f973a5aa4100bdbca1c9cbb0e242f908d218b975b9623ea25f9393 |
| SHA512 | a5151b5ff83ed72288e76e9f7637ea83746e61a2d9b13476cec6ddbb072c36b4c5929c40dd0c39a600338a9d8c4a5bebad304b0d29d9f4050a67ec2e894b8519 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.CNT
| MD5 | 4653630ff6f8405f6d26000802e638ac |
| SHA1 | 3e6978815d5e0465c7ec557a2da4c253fe89427d |
| SHA256 | 51d0efea836528cb137914a6dd77f049cf0457245fdfd608c3936605adb11c57 |
| SHA512 | 961db65e440dd831f2b490d4c80f306047e65cc0ef6f1c921a732b89a11b289b84e8556d4711ab9af0821cb01f4cb84f8ceccd51865448f93a28f5a02678805d |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.HLP
| MD5 | a7db03e26dd567b3ec5804d5064c738c |
| SHA1 | 37abaf849e1cbc0eacd545c19e7ad81d947c113a |
| SHA256 | 56dbafcfa4a628fcd20e49bf169115bafe596104f8dd51d2aac8d7cabb452c3a |
| SHA512 | d7f033695ac098a07f6d7cd00f0bee86bd581d3ab9b8f4b5073337fcb1277b5a49a99ea7d65819587ce2d807e0652c7ea0d98524f1cc934be64776c25d2daee5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XCOMMAND.DLL
| MD5 | 198c46362e9e7742f7efafd936624bed |
| SHA1 | 87b628c2a14a1c5897fd0281a682e9bdcb32bfcc |
| SHA256 | 0bd009b376f9ee2c2cea181adc0014c6c9ba91a4eaf7a3b98441a1696d302e89 |
| SHA512 | 8c747cb697294df0daf092c8f139ffd18c92a098b1b709359739644029b5523d6b5d9ac80d11e1a4fe885ad13fe8a810222d6d609997b722ae0908421f9168a5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCMSHL.DLL
| MD5 | 2f8c18e8e067f6b84bf8c6c482862a70 |
| SHA1 | 1c350c5a4674115cb8ba5620ec61fbebcd8fe974 |
| SHA256 | 437ae2139661f2fb5fd97b34ee751521db477ee8c3454c920c5480020aaf94f8 |
| SHA512 | 1a5a4d6064cfa35106c865661249d1023ab777b1c216c34dc0e86df435338cf1f8d8589fb567d34956e71a607db4aa8ce43039f42d5fa3ddd0c68506064588e5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XTEL.DLL
| MD5 | 69c2b85b9db59f7ad8d04e6dbfbde511 |
| SHA1 | 4547a87c80b3ff9e2a148f7c0822c2495240aa5c |
| SHA256 | c32846fab920f5da84005aa169ff259c54a3b9504faabc52f2f53d240ed2418e |
| SHA512 | e677a28a20b4b481d87cd2007dfc3d6f8b88dcd0cdf25df988a43b8480458a37c145ecb8a9ff48ae41586fb571230e79208ba7baf74dd27b78d93412fbe1ea11 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VTEXT.DLL
| MD5 | c0a7306a302dd35145a37286dcfe6e04 |
| SHA1 | beba434997c5f60e988bd98928c13273996cb516 |
| SHA256 | b7a0114e8bd9875e98fa6c98215d3b4582e0d1eae9b799b912145e88095ee815 |
| SHA512 | ada43188cbf3d877ed055fc4a7395482a7a0adff6268880685b450f2f79c081aa8499f4770cd70c70c146002ac7fd516421202e275a71568872b879d0696d80a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VDICT.DLL
| MD5 | 6dc843c473b68ea93202a32b6445c765 |
| SHA1 | 3616292d1b84b9273471af195927d422d7fb9394 |
| SHA256 | 08b35a07bf0dd5b231f7b25aa48476a7f78c9fca7a76c047103025d1a95952fd |
| SHA512 | 77623c61303b1f5fafb5d5af3e1d409af37ed3bd8c8c8bdf83206f2b5ba248553758696cf16835299f2267265689ce0fcb8564cf6823074257ce6964ac0bd517 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WRAPSAPI.DLL
| MD5 | 8ccb0967e7371d64933fca913065789f |
| SHA1 | 63173da8984611aca496a253dba336af23aeb558 |
| SHA256 | 8e0a80b885a73c8b62e87ab7f2a4b06a556b4db37a1fba9b37db2629f4c36a49 |
| SHA512 | 9064f27f70b7a4e48dd9fac1954060fbdb5d5b35355f7be5c8a1221cc931ef20df7e4543b28e4416f86ed0c56b6a2a204d78db4c70e298bd29db5ccab2349d3a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\MSVCRT.DLL
| MD5 | 63da4613383ec70e047b4cd5c48f0b05 |
| SHA1 | 578dd3ee844678c24c0831b6cc61a7dfae410bdc |
| SHA256 | d4287ab5e4988dfe99bd54243d50dbe8744094f11fe5f9809a1a6fb9728c2124 |
| SHA512 | 0fe7226cba7984f22367d03dafe568e8c0e44956a831fda93d4bd8ad9cbc9ee87dc03e4a56696c0bb0e5f8ec27a304c06cdb56c52d87263362359523f0a220a6 |
memory/624-8390-0x0000000000400000-0x00000000004B5000-memory.dmp
memory/416-8389-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 343b3138fda38001941fb97f7d4b4b41 |
| SHA1 | 47a7eb620389015ebefe69224cd6f19e804455e3 |
| SHA256 | 9db6ea1d873d68c1c38893007bd54b1889aaf8b0c69ec81456440eadefc43aed |
| SHA512 | 35bb172197c84a031b5aa3e56b61d957e0def2dca53e091ccfc189b0e98fd0955c4157f9cb28c8fc9f4d8a7665a18abb05be1bdd53acffbcbcefe358ac5bf04b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9bc3ce42bbde4b6c0bd0e1645a0f462 |
| SHA1 | 0eb038ebb32414d882740660cba60cd54065a885 |
| SHA256 | 758bb7fb28948ee59f3831f8292371077206ba37351df30bec7b63bbeea61fde |
| SHA512 | 6fec494470b56a9c53f9426af66adc224f69fc42334418a7324d66c84bee7cb188e08262b62f4e9e54e9dda6c87b7aae002435f74290c3a05651c0801f4ef7cd |
memory/624-8551-0x0000000000400000-0x00000000004B5000-memory.dmp
memory/416-8552-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e638051f2d77259fb0fea9e357aa83f8 |
| SHA1 | cd07c03175866fafae6217558475e9fcd848b845 |
| SHA256 | 8b4aae9c677a07ab1dc9e1ac398e0cde8733473e4caa05ea55bfe9e35b9ee99d |
| SHA512 | 99c28e12dd7780399fbd600b717170701241f48ab20cb70b975ae14ca5c9981d6b46cbd32c4b0a8de0d5b533d3391564113e3852780671069b022f1f1ed6b7ef |
C:\Users\Admin\Downloads\Unconfirmed 469161.crdownload
| MD5 | 5bec3cd56f47e42391ef4e792bcb0b67 |
| SHA1 | fde0e960134152341e10e7a3e709a39c69aba6f4 |
| SHA256 | 40b04901da62acce98e9797f7f1d8ad3e4b78fc715633b591b1c10e3804d56c3 |
| SHA512 | 23e55927d582c9bcb0e93725f70699bf30171b1c9c84cc140dbbcf69bcf01ade390b96d4c1d7cf428a47455f62ae4c5041a696afd827793166cdcbb91c582b56 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a0a0faafcd7ffda2aa6c963fb1b1f252 |
| SHA1 | 7cf28cf84c788abb4bd6df2e70391fdd006a00f0 |
| SHA256 | 1920f58aa60432fdf1405c59557f97c6dab6e7938b4a4e02aa8f3e811def48fe |
| SHA512 | 27b6d7962e8cb6a8390e433a2d547be7db7f14268a58f5f9aa3e73fd3388539670ab57d1d5db259880d5564f2eb8e42ee19b661532dd5ca17732d4d5b67b82c9 |
C:\Users\Admin\Downloads\Unconfirmed 469161.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ecba20e4c2d9989bd3399bd0275d59a3 |
| SHA1 | 7866971cf5d01d158cba648a3720c10e3f44002f |
| SHA256 | 7e52ec40a9ee14993ee9270fdaa208b6ba493795c70af3e5d204eb6e427e416d |
| SHA512 | bc9ff8ad4f37b1502023de45442b7bac2b6dd70f768e31736c0936c3a779e353760e09350af9cbead276a9d93ac6bdcbbae2a0783284b75537fc6cc64d4ae97f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6397891a59c90612d51aa534e8a5d06a |
| SHA1 | 050518038d213841a3855ae47f5d57a083e2c64e |
| SHA256 | 400bb4870f5c27c1a2bbd553e3f46ec7cb38473f73a65f2ee962366777953e29 |
| SHA512 | c9b5ab320a222b0284fa5584a14f3771285e5370dd0e3037719b811d7c5cb3f79ea63f78e4a1a0f445eaf9b456343ac9ffec0a127c185bb5907f2a55a432310d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e42893258dfe1346216ebd952e75502 |
| SHA1 | c5de0a9873e7cb7d74a798a582398cd3835320e3 |
| SHA256 | 54ec7bd4384fbe402453a25e4abc7bc047438eb00ada0c9f55c3f39fec41d124 |
| SHA512 | f6ac68f0352a00534cfd7d5a70bcce11e1d2388d035597325ccc71b80ce6d42881299754bf99aeadb7fe23489a0041c5bc4a1e043429a66ad8fb084c3df72bb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2d6ac254ed327de35e40d370a2310f31 |
| SHA1 | 670993abf110eb56344467ae81d787bb00da9571 |
| SHA256 | d2ecfa45a8c0abc6e347f356448cadb5006e43a86110681a0431624cf62f8b91 |
| SHA512 | 40cb965db5a1db3a88b80d58ffa807272f780ec293b1dede094bc46f9282901d104469d0c70218990cb3e6de167715f4fff9e09dfdfbaed96787ea6b5dd5c485 |
memory/4072-8682-0x0000000000400000-0x000000000046F000-memory.dmp
memory/4072-8684-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21c5bd4932fae646ea186d4350fdb561 |
| SHA1 | 295a9dc3a51f8cc2c0273077be8065d3d349ed37 |
| SHA256 | 9ea320143dfc53317cf473cf5f45151213918b2fd6613e4b883fb8e31b51ba58 |
| SHA512 | 8c78d5a8c64aab38441ee4169c2d818e777204252c8b9410849785fae1d50d13a5d82137e8e96817dcceb76c01c941279eb8a8b516a3905fe814ab69a2349c0c |
memory/4544-8751-0x000002297C030000-0x000002297C04E000-memory.dmp
memory/4544-8754-0x000002297C050000-0x000002297C06E000-memory.dmp
memory/4544-8757-0x000002297C070000-0x000002297C090000-memory.dmp
memory/4544-8760-0x000002297C0C0000-0x000002297C0E2000-memory.dmp
memory/4544-8763-0x000002297C020000-0x000002297C02E000-memory.dmp
memory/4544-8766-0x000002297C090000-0x000002297C09E000-memory.dmp
C:\Program Files (x86)\Double Agent\DaServer.exe
| MD5 | 1edf89beaf7c0026c43d31a8ffeb490b |
| SHA1 | 43f6b4648819069caee32fe350b41bb5b193a53d |
| SHA256 | 4b636958d62e114768c155a019b75af645308ea6819e37139adb7688e71e0db1 |
| SHA512 | 8b1d705d49137dee49f9fc5dc2ac76f7f071e94a2dbb9d56a1773a7f9c54b5bee20777543ca467c651c36ba4c9efbe35d53fff8a891530e5657f71aa4d825714 |
memory/1800-8775-0x0000000002F50000-0x000000000308E000-memory.dmp
C:\Config.Msi\e624eb8.rbs
| MD5 | 1bdcb7236237fca5c7b77337dd43327e |
| SHA1 | 2b94d7084cfaa875b655a20d2732c35bec8a5a37 |
| SHA256 | d131fc362738d7ff3862587add781ac07819d7e128b304663c8cd1b390cd0133 |
| SHA512 | ecb934b98f7e4ef995c2eba3c315869e1061fa0dd9389c6f75a03f6ba48d3641c44738be218a39a0dbbb655c22e93d8911c8287404fcd5bfaf8f075e99cc1f9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d8e5884e44c4c8f7120dd496cccc5a9 |
| SHA1 | e4865fe4f078897d7d0047867b64b610684cd4e8 |
| SHA256 | a6dfdbfc2843f28903b3bad9ac66522f5941422cd492b070a7d9b2f8c026606d |
| SHA512 | 2896b6bc26650b17a7853de127f7f5467b256ce57090210f5d089bbd0d40a9cc7e6d9ea5270d46b430d09ec5d6f06de5a57db1cc7897a42ed43923698e12e15a |
memory/5340-8825-0x0000000000400000-0x0000000000619000-memory.dmp
memory/5340-8824-0x0000000000400000-0x0000000000619000-memory.dmp
memory/5340-8826-0x0000000000400000-0x0000000000619000-memory.dmp
memory/4072-8830-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5340-8843-0x0000000000400000-0x0000000000619000-memory.dmp
memory/1360-8844-0x0000000000400000-0x000000000046F000-memory.dmp
memory/1360-8906-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5160-8907-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5704-8908-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5704-8910-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5704-8909-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9856dc9c45df594149ee4283ed6e7a8f |
| SHA1 | 7b05c2218655bf907a14f68ba38205e5791628ed |
| SHA256 | 5685fdfc1fa718161c4b77a9f520ee7971a6bdd01e6c931102fb8be8e23eac78 |
| SHA512 | 1ee7efdaa066b9c2a65565e83306fed421846086b7a8e6bda680fcd345e29ab3bb9ce4fba57d22846bf85e8e7f8826e3203243538632cc7ef719e506cc8e08b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ddefd4be84bf906de2d9f081a3504eb7 |
| SHA1 | dd9e47c17d9edc517ea72f7371f0d91cc0cb80a2 |
| SHA256 | 799e3985789aa9a61e174f9b434b1f7226d9b0413ff937e0d4a700a830091cff |
| SHA512 | d523d241604ea8dc662de2a1e96d601d11dd081ddf18355611629837df12973a433757de8e0c1be85334f0534c16bf239045d7aba9f9fc5edebf41c4e3bd7a07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da8e19c9c1c29ccb5c59bc29391d216e |
| SHA1 | c05431666a46f59c850b34a67bf1b982f3ca8d2b |
| SHA256 | 00a179e9190081ec0391d1d69a20cdc244443f14cd8da8930154a44a4515c90e |
| SHA512 | 0e1f02d64a9713eb5b3d01c75f01683c537dff2ae38118c1458ac0c06a8a57942faf3d796f9149963b8806eb63784035689e892b4202242c1f4c85e8966ed8d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02b1a637dfc4493e_0
| MD5 | 51fc4c1eacad4b345fa196f1ee4b3d8c |
| SHA1 | bddebd5b43a362760287d115d708ec3f059dfd7d |
| SHA256 | c537da4169c780789cdefa04668f8a2c5b13c3bd97f1a6c9389a38fd9c08781d |
| SHA512 | 4dda25bb725d9642f1c8ab5a75772a2f21cbd177fa689f3fe0bd7c86cfd27d658b27f38a6d2dc5996bcd75aff2af7835bb7de34390718e73adce94e573cd9026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | 53102625cf02319729f83ecd4dc9de76 |
| SHA1 | 6b0dc88df887a974ac4f72d961ddf6d488f6dd53 |
| SHA256 | 146f12a2ef5cf956f4e012b837e38cb992546a14c3755cf45cfcf16eaaa4e6c7 |
| SHA512 | 192e90ce4b006930f7f027a6c4ee55e7fab3899714da0e212260741a7b85e5e0f29234e8daceef3ee60615a9406310cff509e2f56af5fc73aba2dddf1eae6f87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | 7ef7f89f81aa509c771b772ac6773e6c |
| SHA1 | df6514f17dadef26d327114a69c6e6a16180e695 |
| SHA256 | 55610166115dfa358b264368922418b7a45e7e04c83bff138a9953dad7a04906 |
| SHA512 | 0f14baf48f12bb5addf5091ce3b19f813dcaf3142aff2293e81d731f2732fe9252a388577008385f5fdd057f5f25e0d509154be83cc8be61a9fe2fd8f04411a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 8dbcd86d498caf4b73f9debf2fcf6a83 |
| SHA1 | c6ce7d6c76082ddcdd8179ebc587494c81a8ec21 |
| SHA256 | bec49939cbb59861d1cc6f3d6997a23193b6f631842801ed7b01f7f5e29cb43f |
| SHA512 | be155dc41aa8cd9e525e786ef3cb42adb2581fe5ee92d82557d35a3e987d86f4aa5123cb3bc8de4b89e0edd795fa7083e018ba9c0c5d9c9c66ab5fa53d8f6970 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0
| MD5 | bd59ab22c18fcf3edd3ed83321989b3c |
| SHA1 | 2a9bef41c4d4ebd1541123dfef2b61e5867366e6 |
| SHA256 | 32235d46f7ef00fe7e5977751ddded8c0969c46a471deb8ccdca1c2c14ca2454 |
| SHA512 | 13cd12fe9fd2699d4dfd0cc1a9c2c9c4ca99c61467df97a89c287ba53a2fafbd3515e983133b27b2d8c7668ba6c73c5f7770bd0a5fb458abeb696aaeae1f7331 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | 3df2d62ed2a24fa0cd3b160bfa27ba57 |
| SHA1 | 142481c845887744b969b397d5c2cc6e08067c56 |
| SHA256 | 58ada50e1e895b13b7176c28d64f967db8ca63451a4e046b99c83ac8fa123b7f |
| SHA512 | 4811a609c94714f5ea70531b751bc4dcb0d459f20a6336ac565633722319f7193e8aa62ea3a67f87e6eda62722665fb50b9ea990e2e324899580813dfcd6724d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | 1034a984a8f8f9893d14da3367fd2c41 |
| SHA1 | 418d061437370860e0b1f21de2d18382f293a2f1 |
| SHA256 | 0743256202007df719e3aba836a5dee634e76ed1b18ee4a3cfb4407b504b1e6e |
| SHA512 | d33430da8b475f3395b9b6d1d7995c9d8f34d8771a9857f6796b5148328e190a6d1b823c800db09195d42bcde4082ff90ec918eb4731676ba04e94bd44502658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0
| MD5 | fc67b987839da711113290659fbf269f |
| SHA1 | bdbf8e673aca590e797db09ac2550db953e69c9e |
| SHA256 | 48779325525283d27aaec0158b4b03e6b6c8c194f99cce371bb8cb424ea0fa76 |
| SHA512 | 2df0e3c92ba7b072c028eb01bbb859c224766529f3422731b79c78862b89f988d3bd4abd909bc380e4cd94158876c66196d78a2899fe36d224e52a4fc2054e14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0
| MD5 | 8df5df36a705216ba1429aae723724cc |
| SHA1 | deb5a7971fda210453d79f94068d5a3e22265d05 |
| SHA256 | fdaf90d759608095b0c02cf3ab0768061904bc36d06f7e04e08b614c34a806df |
| SHA512 | 8a3e5dabc385634917ed94e4dc2269080acca4dfd655c5e5863425baf5805635bbf370df25aa887e2ca6651525cfb3ebda7e7b2b58c9039077d3988105ad1a2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | e3e4c11e43cb39a1361a4ac6739f3fb0 |
| SHA1 | 03b4353875c68f9c4e8cc6f61249982442b0931e |
| SHA256 | 9931eb9ceca483ee066c79cdc1c38b4765580b5b3a93a8448b6418100e317911 |
| SHA512 | 7c132d92aa9419aee5273f464d56fcd2c9567938228c8bb7d8320688b2e6b28c574bb8232bd1232748fc0237941c528b1619f31bd93eb8924896731e8a376b85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0
| MD5 | bf465d7995d6aa10b2e3805fc29f325c |
| SHA1 | 0bc09054edeac7971c3511ea69b4ae37e6ba88f0 |
| SHA256 | b967cf1cf854539eec8f65d6efa83a8e16361f62101ff9938999374b9eba22db |
| SHA512 | 74e8104b07794c7c2742fdf5ded5152073aacc6b9cb3880a13ea1dee3a0c1c8531214fd61769c8ef8bac5dac01d7525a1101b73f143c24c209772f1fc714e6cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5000633baf134b9cb138eef2f51feb41 |
| SHA1 | 2a6423b5324fd147ce1f22b7f353e5a7db25ae7f |
| SHA256 | a0b984b8c4349e139a54ca6f44a1258bf31198370e48ee6f36d74f7549d60dc8 |
| SHA512 | 44e17cf9b55b9d96a6019316a72a02deeafff161efa6f57eec17485aba1fa9cbd8d55532ac2c5e8de7388420a09ae66df757bb6d2d05932d333482a5f37005e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 164130f59eca9d35b51119d44a370127 |
| SHA1 | 8a08c388c9dbe1b05e11df8aa1a76e34a41883dd |
| SHA256 | 489072e9a37e4302bd94dae0551278961d52ec0ad090d79951bd42818ca8cf8d |
| SHA512 | 9d8037935d7a9ad972cca4747db55670fbd94b3b88e80606fd49f201fbb0da5aa0ac6373f0187f7540deb1369bca34240bfc883cf82a927c6e9404a692e39cfe |
memory/4596-9206-0x0000000001070000-0x0000000001091000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5ac23f41e1c7e8f8089c9f7b76aabd79 |
| SHA1 | 25e41479e90201fab6799cf47735b5123fde2879 |
| SHA256 | aad6cfbb6cecabb76177fa4b1ed1e610e1df2d5444028cc3fbe90f8cc9a25c21 |
| SHA512 | 7c05f21c7738e1ca2120363e3fadfd1c4eeb7784218b8dadb60e781f74bc736917a3a29665f28e51d6e038b5d3ba9d360949b3c5d86e86c4c11026c954f459e8 |
memory/4596-9217-0x0000000001130000-0x0000000001175000-memory.dmp
memory/4596-9209-0x0000000001100000-0x0000000001114000-memory.dmp
memory/5348-9236-0x0000000000DA0000-0x0000000000DB4000-memory.dmp
memory/5348-9234-0x0000000000F70000-0x0000000000FCD000-memory.dmp
memory/5348-9232-0x0000000000F40000-0x0000000000F61000-memory.dmp
memory/5348-9230-0x0000000000D10000-0x0000000000D2A000-memory.dmp
memory/5348-9228-0x0000000000D70000-0x0000000000D98000-memory.dmp
memory/5348-9226-0x0000000000ED0000-0x0000000000F36000-memory.dmp
memory/4596-9224-0x00000000012A0000-0x00000000012AB000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/4596-9207-0x00000000010A0000-0x00000000010FD000-memory.dmp
memory/4596-9203-0x0000000001050000-0x000000000106A000-memory.dmp
memory/4596-9201-0x0000000000D60000-0x0000000000D88000-memory.dmp
memory/4596-9199-0x0000000000FE0000-0x0000000001046000-memory.dmp
C:\Users\Admin\AppData\Roaming\Netscape\Navigator\Profiles\qwo276uw.default\xpti.dat
| MD5 | 32ec167f2fa3f058e397bfd282052605 |
| SHA1 | f2d353cc55e5886a4b25cbaaa394b4e31e61ae46 |
| SHA256 | 0bace31bdcb264d133fec70ed0be092c40c225a4621f9242545c7dafd992423b |
| SHA512 | 52fe825d07b8f6134e27038be5614bf904afa35731dabd9096b13d91673c018a9e8b85daa7e04cac4f9b8ac539121c1ea4d97f8ea05398783614f9756a0fea7e |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | bd83200a0dd2a307d1374a44647d8f5e |
| SHA1 | bc03e61fd848a242b60db80663621b7874c19174 |
| SHA256 | d042c39b6545a7440362e940e4137f581fbd0aada95b9775a48a00d35724f3b6 |
| SHA512 | f9edca80673417c284c2b95b607abece009847adadd404da58aefd4d91e7a5377dfb975b921a5fc28e288486c19ec63041cbe0837d8e6a7ec9dd8500c2a0d711 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6556ab9105706ab_0
| MD5 | 55c36fe4329800bf98feacdba6ac3a77 |
| SHA1 | 559656d0e83c177db749802581c00494d1945012 |
| SHA256 | b2784ae158e71cb668727fe6f8ce03d1e7f95e1d6e6c07e8e5f2a1a1a4a92936 |
| SHA512 | adc0df6bcb356d0083aecf580bee505c46b3f21fb728146eca6bc54c9ad3d0bf65a65295f736207a571f3908c0b3dfc228dabd9298afdd3b47ab003bed144a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0
| MD5 | 2a4942316c8b8895a730fbe532a71187 |
| SHA1 | 676d3187eb858ddb2ace53819cf17376931c229c |
| SHA256 | fa79fd44c3156f25ec6b1a9a762aa76bc176cb4387f03dccc61edaa1dbd8f9c2 |
| SHA512 | c194de8b3092dc9ea9fb5e78c59091a111ede3febf657e0ce5efb17d7270e49692ddd965b598a162a63fcdfecca152721ad9feca12e006ec3b7c50855c9ce82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0
| MD5 | ac51010e30b1d9614b8d78c203a13335 |
| SHA1 | 2ebd7fb224b47dafcdfd52782d0ba974387edda2 |
| SHA256 | f97c09ffdffd94e4cc2ee4f253f27ab440716869daa0d6275f2c996bf9e06414 |
| SHA512 | b85e79641fa9a37f28a6695dbad89844cc2057c36711bcffa08340d669a458d3fa8c9a358f9003c32e3f1ab40cb54a15f928b6d3c814448029613cb697cc92ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0
| MD5 | c4e654dde5632a2e06bb1511a520ac44 |
| SHA1 | 736046cfedc2bdd18c0f3a62c9585e7f5e1567ee |
| SHA256 | 2844deece3eee494ba5a1a8e059bf815295ea02f2c0225027b46b7f1ac931492 |
| SHA512 | bb4aa115217b9ad846797ba90c39804f276883ca5c2a2438b5a51044583932cc13712dee0acbee071abf6a1d9cc251dda8120801bc4e586827102990425b140f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0
| MD5 | a5cb3a1ac0b3ccea77d3ccd1e442315a |
| SHA1 | 5d4c4a329845ed151db8f6658f05e28c41529722 |
| SHA256 | 51c58de6b31b19b82ae8c6fda6a2d7f1995924c228ceeb8a746639489a7df657 |
| SHA512 | 7e6b8056e2ff216818a7416b432a97e61506ed45fb2d53106d119926688756e1085e533a776b99f7eb7937a397751009cf2b1cd6c0e8f785605bd7d7c5043048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0
| MD5 | fb9472e315f71efc96b4b11fc440ccfb |
| SHA1 | 5eb4a0e2d34b8f0045ad57e0596dd49ea93377ca |
| SHA256 | 845f6e34267e670a0fe42ed7092e244633286582fb4a24031b36d0a3451c9bb5 |
| SHA512 | 85c196e9e604c8636c0e2407f0883e1e443badd5e95b2846e27731e3077a03af52e2dd050f129965a4e95d5d40d1a79af9b7646165cda856ab229d28134957b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77ee4c5425c24861_0
| MD5 | c129b9326250cbf6afedbe088902f864 |
| SHA1 | 3c437396b0b4e166b991d3c5b24c0dd7aa23a95a |
| SHA256 | 7ca5a7eaee01a076903434e468caa448649b24821e8decddcddf84dcb740bf3a |
| SHA512 | 8c8927f88814e05f483c6e410c32172df487c5c7ff8ab797f91605db31afbd97013536e1384506e232e4e56aab94002664e8c24198128b64bde6c0dcea348f86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | e565f5b993b490f8a89bd197a5daa1c4 |
| SHA1 | 5be8f27c964ce008282462a904f3b91484a54903 |
| SHA256 | 9343474b3e04093312d915099604df75a8a2b5bd3a7105378e6848a3af075060 |
| SHA512 | 52e0ac658a9d8e22a143b830225b6c25adb4526d601aa2c7ca2027124d6cc169a2873c293b82647530b2242bc38611ca4441646d9e6c7be969f05277f5b68dea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0
| MD5 | f741b2f97bfef652e0ebe7a37cd0ad58 |
| SHA1 | ccf3a90a7463fa4686f92dd45efa91667be0acfa |
| SHA256 | 567013a37af1f5f63652ccad90bfa7a53b81f548547c8ac0c26a6d2c76e53eac |
| SHA512 | 6857a1510ad1c867be374c96c3dcd490ebc56dde5382fb0518a6a046b8b26aba11e43e47d0946c3fa0e943503d98cc0121f6b98a34e9b5afc7f8e3db8f289ea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf0c3222b48cb44a_0
| MD5 | a0603aa2767285cec55ad71c1b5d3f7c |
| SHA1 | f06969a59d0f85d0a4562d2214931e22f53634c6 |
| SHA256 | 39a5c2b805501002444946a3a872ff5ac65c544d1e4ccf8a85d8f9430b0c5c58 |
| SHA512 | 8060676d7e07e4e061c5537fcb84a9c8c7a28cd3f834a742e3da1e044774241ad48f420e650845f80c4191df0a38d741b080b47c17d1f240f67d6419d9db4a2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e073ce7d38347c1e_0
| MD5 | 9fd7d1f7aed1a7c884144f5405cb5101 |
| SHA1 | 6a710a13f9da906d3ac4aaae4efea83ff7d3eb15 |
| SHA256 | e534029a1c5d38b1ac1955fd1d079e0628fa5e36090e23d22eccc0fd759ac6de |
| SHA512 | fb8299151716396fffa4c0f8f04ebc44b70ac2377d2d0b5fc7622419a74b96348327261ee11d24d9065acd375a11939e7d0b0d926ead5a90035ad1f92574b986 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | c6b09a2fd45804468a5372ff0d058042 |
| SHA1 | cfa1a4519c9ead4df80fd2410528be68badef16d |
| SHA256 | 46f3ba7978507d5dd1ae27aba317e748cec04863cd934548ab9b50d929cb5b3c |
| SHA512 | 06e40ecc8acce122808105b3a95faa2b1d45ee9baf97c5f2ba7e4648d931b81000e75da83350673a5e91d94c54a4a14d198f5308a5a10b2e868ff90e24e4539e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | f2db870b49da16cfedd3ffe379bb29cd |
| SHA1 | cb35ed1df036a31825f140b17529a758b53f2347 |
| SHA256 | 3ee7c8bf6ebf4796bf9a526682800ce9246be4f4ee6cda3c262575d28a5daeae |
| SHA512 | 4a444837252793d7251f0ccb639157002c1238dec2822894dc470835932061694fdb77225a299650911d9f7c3f99e6234c615c47acfcce78f0dde5d9365ff79f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | ee1172654caa30104e50e45ac23f3a56 |
| SHA1 | 63bd0bfb5ca3126aac0ad160837db91e9bd757e0 |
| SHA256 | 28a34cc336147db68c95eab6212a784f8767b70d29d3cf5488946020b0e186f3 |
| SHA512 | 824e8773606d8538f4c7b9281fcba196cf83ac5826944a56256dc43bb1f8a41973b01eb3dcb4c758b14c87d28d03a158b7705501b71a4ec131412b50af14ec54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ed26cd2dcd561670_0
| MD5 | 06b0be65d622d4c27e8c593a2ba8d6d8 |
| SHA1 | d3ba4b4c3cbb41c5b49f35f24920ce6557729f0e |
| SHA256 | 700420635097ad76d97b42b87ca76f7fde68ff0dfc5cf57ef0e1663ba646ca87 |
| SHA512 | 7bff4b0ffe3ea2de7a920d276f2c6a5d580260bc35ac4ab9c0c233976b7c0ef5c106f17c04b9ce96b209968e1a7a3d946fc789ac53051242bbbe1b76f689478e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
| MD5 | fa22cb528d4ed35ed01ce2b91e9414b0 |
| SHA1 | d554030c201e08c52ae7d21f3694495d16399659 |
| SHA256 | c881b1bc4968d9dadc55852f62b5d26948da9ec0929a84fb00b47f409e4b9024 |
| SHA512 | b2a56002f792f7cf55ffd6829d1ebe7c64ba143e1515346bdfb8f73f638d7d34c6ea0b44781f34b045d72a7155b067ecb1f215e11654fb80f283ce1c1fe0c44e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0
| MD5 | 251db538b39309c60b4cc7dbfb69f421 |
| SHA1 | 08c3ba20fdf99488906ff6f3e086f4f152005dc2 |
| SHA256 | 83ac9f4e2e7f17df024b1be79596e98ffd8f73df194aae813eab954a77e8cea3 |
| SHA512 | 234ff134d67822476f5b4ed5118a73560d8292275ea65353257c2a9adf8d2612d9880ae20983f030ca450dc2fd3e81a8dc94fb31be5592e8f906477b7aa0cdbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e24d820479cdab2_0
| MD5 | c4f0cc65035f8b83d20202fb570af279 |
| SHA1 | 40877b94c09b3c38ba90b868195ab3141440c0cb |
| SHA256 | 81192752aee109c84375b0e8e7960753f3ecb42b68a5ff21d89457433ef7e2b8 |
| SHA512 | 3b5c0efdc292fd9982d8e1b9ed4317370bdf7feed9f72a9dad6f5f5d789dd20e0f2e24e2b6347df35f36d932dd761dc4d5c5ff33f2f6c8cfed949a91e7bd8274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | 0b2bb203ac544088640e6da95f946c8c |
| SHA1 | 2acc556b1538fe1a688982215568b88c7905b682 |
| SHA256 | 2ba30acb853d14cf460f15c1232b62f49dc6d8bbb4cf7f0ce25ce33210bfe744 |
| SHA512 | bc3c8d15d7bc4d42074d0f4dec4523c0cd79e19d4cd4d46397c0e5ea8aa8440b7dd2835cbe66dece64c3bc3a8f98f44c6171b6a3b7031cdae966d4109d49cdbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | 8dc27d59d52f78f4bf6d47adfa1adb26 |
| SHA1 | 91118751d3b5cea3fe8a930fa415fb6ffdac4904 |
| SHA256 | 9dd5abda1191f39649fc4934ed91622a4c47c92be649e7325754b5e83a0104d8 |
| SHA512 | 4dedd164d3e50e1c64ec051bed38f545e7e0c8d576a90e837f08ed7a6b4614cf51af0ab5bdd00e0cb43bcf68b34a66402b7dfae705516a7101f4448e40b23077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0
| MD5 | 96c57b950da58fc656a2947b68d32a7e |
| SHA1 | cd1d5c7ef5348f8b2d0ff8b7de4e2feb766c0c14 |
| SHA256 | dbc2704b82cd9bb0f72f704d7f8048cb98222891160a4988e4058006f1843f1e |
| SHA512 | 1e5bf6f60df9cb33860be97fd790593b03bda055f5f090ae45a388899c68d9022a40f517b932c7819f2c01b55941162c9d8907a067f9909067a5cdb7e8718ff7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b0285107134e229d_0
| MD5 | a6f8171abd95d084104c622735cd38b6 |
| SHA1 | 7a9f8d9aead267cb736fa1b2c9aea7d9aa73e2fe |
| SHA256 | c2ab7e3ffcf38eefe5df6502bdb847406d24d653223c6519979c5cc6833f677e |
| SHA512 | 56f4abb2e282f7dfa25bfe85cb8455f5dd2513445dc6287c21baddfd3af591296d2d6ce25e6bdeccd7746c788dc72885fe49ec2b31a213e92b233cbacf518b25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a474456156bbb663_0
| MD5 | 9ddddb4e2d78b427a83c366ac45345fa |
| SHA1 | 40dacc0642b50b8db8e606b672761f5d5d14bcb4 |
| SHA256 | d78811527092bb9c2409bd48f23738bba4f23d1e42c8abea5e10ed5f4f4e7dd4 |
| SHA512 | 84c95f5f035ca83fd67a09a96f2857f5da5138a797778dbe7f3b25982956985013d86edf7635bff7a5a96705d495627dc6ef822ad6be8198ca07310c1e51ae8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9991a61b9f108bc8_0
| MD5 | a7aeeb6f86264e61ae434263e420cf89 |
| SHA1 | f035db7da0bddfbfd53858aaec913864fe208423 |
| SHA256 | 304c187042fb42834925f918781da2500c169f26b83f6227ddeb28a48b99343c |
| SHA512 | b30c6bd3fc6f957f4b5de2fcd058e4ffb0c78d23955a67f1c3ddb6050737d9bd3c00875b934b446827a7f8e95b1bc00f8e8a3facca2846018b69c3c003d16ca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29c15def1c7dc7d6_0
| MD5 | 0d6141da0ba28af5640e09ae3ea20f66 |
| SHA1 | ded484d19fd94aca0f9bf7a519657632ef71e653 |
| SHA256 | ad56de7510da6a820d7e81b5a1321d37885df44449f7da70a5e7eb2d017d4fb8 |
| SHA512 | f0495ae4f04c5df4fb67ac0fc03cd4f986ac1febd5301e048fbb8c2129cb687d9e93b9162d63e1feecfa41aa50afaaa1a8984cbaad939adbea131f054b87d07d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0
| MD5 | 7afa813c3f8d8c9d54783f144a6d9713 |
| SHA1 | edfe4e384b8e35e0e75ce45f14a2798cdc803248 |
| SHA256 | b6ee5a6a53debbd480ff74383b911e5cf248914f97c25423241b0dd8c9319a09 |
| SHA512 | e30da744e7fe16f5ff8ece4b787a524db9422fc649edc5d59d99ef5a99b50cb8deebe055429ea63afc887f2894a9959968cf9524296654e1d2cd9ee6dc1ce3ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adf3dd026475986d_0
| MD5 | 04bd7b3eb0ec44eb6cc5e16c79a81e31 |
| SHA1 | dbc975f55a46fb0a54eb230283d81d947f8bd3fc |
| SHA256 | 6c9a58b18238386d2dd2fda6ca32e83cc67ec0975896961f6a1a5c7f913e12b1 |
| SHA512 | 02b213f8f209d1350f9ef401178e65bf5150662ddfada29f956dc73d3ec07d4b679d217937cad9a19e63510ac6977bf0c075e9794d98e4cf2ce6754ca3208e73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0
| MD5 | 7903fcd42390ab9e486f0b8f888a3a6f |
| SHA1 | fd22414e45e3264f76229c785c6862476b13fb1a |
| SHA256 | 6e75f24004bd024339983bfc57873f328df083f97a3347649757ece270264745 |
| SHA512 | cc2a7342121f6792ac57580c6c4b2057f3ed0bfba8824f56072a6ba7db70395c9b7090ba8b062a1a8c81060b499b814c9cede05530f0e56a64ea7226abea7809 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1765dee279e736c2_0
| MD5 | baf36ef9b81618b7885e063ad39befc5 |
| SHA1 | af6ed0e3f56116ad282aecf4dfe1de2ec3b527b9 |
| SHA256 | 4e8a5265b4f366909843018118bfd95121164dbcca786ab26f696e832fb0951b |
| SHA512 | fd56626c3b6c9aedf47f3a8852785d4fbe7d9a753640b018e945667de09f6ed7e7f0c0c24cccbe5d44924a2588df3dcb876e15653d66fc67ec5a02a233e61343 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c758ec769cf7f3e4_0
| MD5 | abdd8b3e8aa4bcd1d92357afd9406880 |
| SHA1 | c5693a3b7e94362298b7f0df2d58db31551646f0 |
| SHA256 | 2a092b7d29b6d2b94f90b452d24465c2f6806235cfafe855bde084559536b64d |
| SHA512 | ad3de26a0db7d8f0890a6aa233c6d02f257997e11299bdbe0c4faa4c0016aa7a96641487805a34a951cf238741198fc4397771132b889ee32b48c6a0fdfb0caa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14de625fe39027b4_0
| MD5 | 079b3aa8c8b21e439ca9f9682d4922b6 |
| SHA1 | 8a2145d49eff14a27e5a26f849ffde7f745fa7db |
| SHA256 | d1ca1e48ad5b5e3582af093fa812b93912360cf572808bd3bf8ce3940af60b08 |
| SHA512 | c2fecc4a0b7781706982388f4dae6e2ecd12bcb995f5bfcedc6094eb951da58e9aff22f48a39a395e5ac317baa241d7e185ba1576031735d17a62383e924fc2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0
| MD5 | 84996a3941ba7a2d58448c68336ea47b |
| SHA1 | 215da0734cefc7e1281fe63f5646e26d94476536 |
| SHA256 | 44972d3bba449ab34e202b321776f7038debe9064ca1fe6f93c94f0a051d99fc |
| SHA512 | 4ea5e3a5e5c2cf68c587c812cfa9915352d73eb60b4d9750614dfb6555e96488b7f6fef9b510c339cf74bd34657bc01b717d11b8c451b8e0be45e5e1fa22e272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\587e815a173350d0_0
| MD5 | 468cdbe5658292c484f0de1303d69d31 |
| SHA1 | 8439f8c46c7689fe87ae147a0c3aaf8fe687e169 |
| SHA256 | 9a5a485e384f3d5f40549e2ead0d8a6a79a4cf4a4b9b3d49cbc786ff6367e4a6 |
| SHA512 | 0bc7f751b14e432ab564ecd1596ffff4a36babb8c0a1402dfbccda8abe8b2e96c4c12b9ed90863b1af43f33d41969d37e5ec97495d7831a05c61704bb62b2820 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0
| MD5 | 829e4c9689cead3cb7322f8ebd24ea1a |
| SHA1 | 51e1e0845ccf7888825bd8738841e987c2569980 |
| SHA256 | 434647134ce28db73552bec2021cc566b923453d6fdc681c064a3cc61f924c73 |
| SHA512 | eae45fb1d9756fe7cf36264f144a18792c8fa796eac50a6c41cd7460dcd89dd96dd1e3a8348869885f7d97096c5a99289c202dc3c18991de2ece3b75859d9800 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0
| MD5 | c214db66719046a664a0aedc465edf25 |
| SHA1 | 1c943b79d6515e68e2eff95fdfb66cab54cb63eb |
| SHA256 | 9143f5fcf987642cb3d5bfb9ed94429f7f525d885ab3b25be22064fe0c3cfc9a |
| SHA512 | 1a1427b0336f4b84389aba1579ca85f4ee13711a94685de4124ab27b12820fdf5d8384abef79bac23e6d5093aa24c2f4e6c14e4ffc47c6f7704966792464362d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0
| MD5 | c4b13de47b41df65e0381d810f9d8b83 |
| SHA1 | f7e23ef519ac634079e3d8b731e88436ccd1b0d7 |
| SHA256 | 8e07d307c8cf965d4dd08e94291beade39462d5e315006673bfb7031377cb528 |
| SHA512 | 475e70ab784de5ef6161bd61079ec5f64bc3425a97586996c0702f3fd0b151b4aa5a96525f167f71e51c8102cfa67d398513756b38e3cff81f8cc0d98bfbfd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
| MD5 | 24a6c7205fc9ffc410e4907c7e27e2ea |
| SHA1 | 221be9bacfb83f0eaff33ae27dede8bef1ffbbfb |
| SHA256 | f6aea120cab8ae73434238c891df5dcf70656f8782ad10a7e3d185e2718e7ace |
| SHA512 | d1e86b9d58b53db3ced4d3a523bee6148a7ed0f5e084d67b86113890e728f8d0278ef9158e898a7f6006b05226473ba547d55cee4b16007082461e53f72ee029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | 12ad1e38474aa8e67ed74467f3b54e13 |
| SHA1 | da3942863a2a83caa0cc96a3d00ef6857d5b3302 |
| SHA256 | 2e2ec11b8896593bf752a38b7aa167b2db9a2646694b144674503b7416dc8bc5 |
| SHA512 | 4ef8c086ea27654fe325d67d4614f392865c5ef5836c45d3ba7c2b4b4769b8213fa001785cf91422671383c4cf640ad2053debaeb7ed9f384b2e35d16210ec74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | ba1ed9e31e3dee557313bda9047b628d |
| SHA1 | 40ec17098288a98144ddacb133ee31a98443560d |
| SHA256 | 4f557df7223fbb3c6974e5a8ef73ff853dc39064af8a8baa585351bd658ccfbe |
| SHA512 | 0b3581f56d4a9823b581af752218c3a36592d3834a93c3b2396a2c4628df218b5e91446b87aea30fc70670af26e1e3d7a59f527ab35fb3712ade5a59c28ae533 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0
| MD5 | 23685beae696552199b2b3c64ff334a2 |
| SHA1 | 741b6ab09c548ee39d66cc958eb84fb07140dd37 |
| SHA256 | 41dc61ed8e50ef10a9899f61232793fe9d728824a9c0432eb5d9c3f70c24aa75 |
| SHA512 | dcbbcdde07470a327cc743593a5ab26f89087da3e00c338b33d6809df42a83ec6e6af2ca5a1e867add66a8e3c4da6ad4b895c802493e9b0fc232644a023702b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0
| MD5 | e126c4d9ad7d503032a5e3d00537df04 |
| SHA1 | f2cb0bfab609f12a44fbb7a7069be72cb62a0b30 |
| SHA256 | 64e824ba991189f710e61f362b1f1724d6cb27d39dd7098ec56d0b08575c89b6 |
| SHA512 | b8e15955634cb27f97edd2442ee1215aa91d6378b28738275cdf4e843ef89469d0c9d7c1fc70991ddb1adc604516b2b23b9a6f867750fb7152b88d25640e8bb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | 1d71986d90850b536163d10eec341131 |
| SHA1 | 90b2e3815e814e20692c4cebbf255414ee507266 |
| SHA256 | c52f73a9e7cd8ae5f61dcb4e73245bcba07bde2ebdda6d71aaa5ed99f4babd6c |
| SHA512 | 93c115babfb36620aa4c3f8c5d1c53fe6710652e6a459801b33ae6560c2f9ef2863a854d8b6c2cb6381f532fbfd20c8dbe64b1cb27e1d6a26dc5fc5d546dd65b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da3d92cc343f4ba1_0
| MD5 | 2e3e42096d14ced011c04a4672ca2cb3 |
| SHA1 | b70e7c70129f117bdd437e0dd38645f5a9db3462 |
| SHA256 | 4fcc5ba5a49a24129a550134e0c7321624024d58177e2b5ef557f968545c4389 |
| SHA512 | 8ef9a3ae4ba160f643f146dcc25a641799d74f9d384b7421198792aa5715ba7dba335b3bf40b0524188d9cf2e5a544de5b1d04805e24e3168d374d5aca93d919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0
| MD5 | 068f8a25e8874efc16d12858c119af3e |
| SHA1 | 771cfffa8b1baaa6425a9c26f4ba22f5d6c3da3c |
| SHA256 | 31f5283eaf6a4a207a02cefc7d7f3f70664649b00ff81dd53dae3543efb0b752 |
| SHA512 | 34be58443f511c99f430c785e0dac30bcfc8cf7b141d6a4ce48e937cd28514ab340c217b46dfd55df348ddd970b989f5d5689866c60dad030abd6fa32ebb308a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0
| MD5 | 774de9f172a816651a5e859421d339f4 |
| SHA1 | 811e7d7e728e09963f09a192b5cb074599e5370c |
| SHA256 | 55225df261fa43e411e8a828c3b9c300dd3151abb899acbf6c97c22e644f2565 |
| SHA512 | a606b8eb7357104b0de66bcefa1f8993eb4171ab98a4f9fb439a1397f922937db5f67d1bc89ba4fe35f2cc9029b3c5aebff9cfd48d574f146ab5d3e65bb1cb56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c35434d25be2b3ba_0
| MD5 | 9f37d7220602495a05f95fd0791f46c3 |
| SHA1 | 1ab31b383a98437f5ae578d0ef6c2e091626e2da |
| SHA256 | 358611a08e8aae88c4f3264140808c90197269178753c51845722e8b3b5f3839 |
| SHA512 | fa310e213de6afaf6aefdae7b7127901e951cb63188b5e7b4b9e9c55fed38d02c208a7827bdf65c0383ef0590fbd0bd2d97b6b0643dfdff89cbde2536a67bde6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68d07aabfc3db202_0
| MD5 | 5088080e48117a55e6be307b8436e04d |
| SHA1 | 192d2534df3945cf9f876a0050d1b58c9a55d4e2 |
| SHA256 | c84fc8661aa343dedaa4014676b3050176aad1020d58c615fbd94b8ec4817a53 |
| SHA512 | 9a99d51710e40b726c93dd46897247f2ce766f192332524df26e313d67596b96e2abb3a461d37a81c2ccc545b81e955585e65a76fe47851632963c340adc3e0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0
| MD5 | 22a2f6c532fde0810d5fc6281f6039af |
| SHA1 | 0b9bbfbf0f1e2c5cb2aee91a508b461e04be084c |
| SHA256 | a4b530033b2f81019192592cd5f974cd96cd0b013b8e2e9f7430a73b7c4646ec |
| SHA512 | a49bee40ca4d0337bd84cc857bfa690d0a69903ac2d23e5b71a17c4d5700f68f1cb28bb03c8feece7f13d38547d13046b2a3952d1ec1576e83da4f555651dccf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0503effc8bf0d7f8_0
| MD5 | 626eb868a8b8c50c2b53b759526ea34a |
| SHA1 | 9ebf835f4c9585bb9f15e1c96d8379efad23e646 |
| SHA256 | d059f84d9634bacf1c2b84b134fa5529982c5e95519bbc4a9e8b30b8fa2f9344 |
| SHA512 | c7d2fbdf7905cd993cacd7f9cd22c509650e06b21c1144c571b10b06a539f9965a82833702a8a8353b6297887793f31aac31ad00b108f52134d0406c12d93753 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0
| MD5 | 0ee74856ab3691f0946482879a4d70a9 |
| SHA1 | 7216e3e3e52dade72952f75c81770ff63eabef94 |
| SHA256 | eadfa72752c09a080fe669f149d1cd14fa8af97b5ecaad68d337a95e156dd874 |
| SHA512 | f5959a7dccd473ad0afd3585e65ed52f1ba39808c617384a78d32a72ee2401c48926e6c8939ea75e3e7d8aad189380bb59b595a0fb45d6a4d97172a20959bdba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | bdf334e1e71ec8ef9b5f96f062eb056a |
| SHA1 | 50427f3c24ef1c6208ed99a226b730c94396579e |
| SHA256 | 1548ef5c64e671d464e8a593bfca822ad0d0d12e2ffae95cccb4b83e96b85da7 |
| SHA512 | 67dd2fb4387f68046193e1537bb19aebae4981ebe17bd0db1c9da954a4c491caf6df9f1389dbf4307d8a6f9728d288a755fdcea4733c2182dca60824b883da0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
| MD5 | 9c51ff06a6acc5d960b1977d72e3e044 |
| SHA1 | 078e4abfb98027d6485ba94d8076003b067a9197 |
| SHA256 | d95248c7ab046aeafd9aaa75841f16525d66ef23980e93b9928cbf4310665f0d |
| SHA512 | 83ddf1078b359f2ae09638ce887bde204f03f58fe691a5ac7161eb0d0d2bb5f4d0a72d29968c612c3954899397d66bcc01f157ce2e3c17ff74ee1089690b7753 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | 54fea4a909d204d9e260aa3bd0f7c39c |
| SHA1 | 4411b9db553358240082ec8285492849f5e76001 |
| SHA256 | ea2aa6f796e2415fa9d3785c036273497b08da14c60a23a063b4e67d8e2632ce |
| SHA512 | 3960084de600a94f449c45e548ed97e124e9a5b921badee27fc75e974caf9c515bd9950c7c57682f138baa8e457a559b62d39a9888474ac16ee7763b6145563a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3c1f5603f6f9e4925535750a1ac05df |
| SHA1 | dfe9613474dd0c5d0543152ba5ed1ec5037fd4b5 |
| SHA256 | 004572e26d4cbbb388f5735c06781748c926b4d7a752a61728fdbe816cebb787 |
| SHA512 | c59ea94137a2f3469e24e9d921b4462542d504a4a1528ac5d6fed4f9155beabc820d84e2fdb5e7dbe3745a306c819492ae43950c8dfee2bf626c86681cfc56b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 628f3bfded3eb2aea59f88aba1ab952c |
| SHA1 | 1f2205814c53eb91dc8a6dad42ed6204ec548757 |
| SHA256 | 98fd30b3b95a8059b696f5fa77f55f8e12ff14b4a9ee8094f465c02ca6f7b037 |
| SHA512 | 793439d2bc9ca5338bbc2c75b79f020062b171b66563507e0c0d5b1ba8d5848ccdf8774a0c6dadf72b1d9ba094f3443b87fe6ca8a90dd6b3faf106b7f5714b46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4970415a1d46fcc1219ceb7c80af1f98 |
| SHA1 | 92bc3ab413f3787553bf1be67b1489d27604a363 |
| SHA256 | 6e1749495f7591310ab7ad2a94788fd0c156e7eb29fabe57898e22c5a615fb5d |
| SHA512 | 5ec3c62a5737c2e57ba2002328a6afc6247eeac19946b38e46ff3f947b41f1c4b4da5d12489b6fa296e99926d1031f29948fd4552da83a99f8b6285eaf283892 |
memory/5704-9489-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fd8eaac209737be576c98073161c87b5 |
| SHA1 | 41c542642537d96b1d27e752917f9e28053c0080 |
| SHA256 | 7ba93e6a07097c9dda2b2428fec5fb5aff320d8be1069b8419adf670d7e57843 |
| SHA512 | 86cc1959128fffe85aeb939f1520c7372ab56b1159497d910faa8449dad66ecb242cc0a12f0c3eea1fc27d08023ed1cc7e6e1ffd95eed0e457a330c60bd85fd9 |
memory/5640-9751-0x0000000002150000-0x0000000002151000-memory.dmp
memory/5640-9750-0x0000000002150000-0x0000000002151000-memory.dmp
C:\Users\Admin\AppData\Roaming\Netscape\Navigator\Profiles\qwo276uw.default\extensions.ini
| MD5 | fe9214c0bd60437e884f1305795b6452 |
| SHA1 | b7f87af3331f031d75f5759b693ce23e5a1a6fff |
| SHA256 | 7ab9226d99dc3304b76ab12dc33f6b81a71fbc7498ab7df3f9c60f0837137d14 |
| SHA512 | f732b13bba748d39ae516a56a3a0a3efb2a6df3a38e45110eb98b6c9cc3a89646b934f89e3e3f1d6122d3cfbc6e9e9ef50daa6cbe4710a852668a94b0e62a629 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bad0c96450bf2d3_0
| MD5 | 9064b7150e0980afeb76c9f9c6306610 |
| SHA1 | 5d3abc9ba6bb883ef91437a4d3bf6028e8506e68 |
| SHA256 | a119a51b6c4ebf784a1c7cea12575936016a33e312d45535e231a10455343294 |
| SHA512 | 0305231c33826711e3e26702009715bf96508c1ce259b7889e47529355eae04aa8272f93f24c06c8281e17e3f719436394b3ae85912edbbedd00ea3daf91e960 |
memory/64-9946-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP
| MD5 | d45fffdeabda99f9e4013000427729c3 |
| SHA1 | ae1d44182df93fef21b177a3b29d95043557db11 |
| SHA256 | 1afa525f7d7bfc80164bb733f41587804f180b4f54b81dfa72c7cc1a5debe9dd |
| SHA512 | a85ff282e31ac0af26ebc0bfee4c00d0daa4f3b5548400ca2c65c2eca1f4dd2dbd0160a8ceff20ac61336b0295668c993e00b4b0163cd2b72e0ed3e32b49b9e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a32ee6e262be3f48b12385d19d9db256 |
| SHA1 | d767e070381cac803459862f4d59d1b8883f5912 |
| SHA256 | 824d223557ff3fcd36e92d60bc499c8c9cd566fa354117f7e6ce3811980ce0ef |
| SHA512 | 2736514422a361ab99e7705b86e08a1ab52b2db1dfcc9439fdebd53e27914f4ac843a26da0054bdcdfd81aa9a33c6583e5f441b041e83b2e10fed4c79e5555e3 |
memory/7792-9978-0x0000000000400000-0x0000000000409000-memory.dmp
memory/64-9984-0x0000000000400000-0x000000000046F000-memory.dmp
memory/5704-9997-0x0000000000400000-0x000000000046F000-memory.dmp