Malware Analysis Report

2025-03-15 05:42

Sample ID 240509-sf4p7afh5w
Target https://arc.net
Tags
aspackv2 discovery persistence spyware stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://arc.net was found to be: Likely malicious.

Malicious Activity Summary

aspackv2 discovery persistence spyware stealer upx

Downloads MZ/PE file

Modifies Installed Components in the registry

Sets service image path in registry

Drops file in Drivers directory

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

ASPack v2.12-2.42

UPX packed file

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Blocklisted process makes network request

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Runs regedit.exe

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Runs ping.exe

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Enumerates system info in registry

Modifies Control Panel

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 15:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 15:04

Reported

2024-05-09 15:26

Platform

win10v2004-20240508-en

Max time kernel

1286s

Max time network

1266s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://arc.net

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\NirSoftBlueScreenDriver.sys C:\bonzi\StartBlueScreen.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NirSoftBlueScreenDriver\ImagePath = "\\??\\C:\\Windows\\system32\\drivers\\NirSoftBlueScreenDriver.sys" C:\bonzi\StartBlueScreen.exe N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\BonziKill (1).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\BonziKill (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\BonziKill (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\BonziKill (1).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\BonziKill (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\BonziKill (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\BonziKill (1).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziKill (1).exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziKill (2).exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziKill (2).exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziKill (1).exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziKill (2).exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziKill (2).exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziKill (1).exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\mash_full_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\bonzi\clippy.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\optimize.exe N/A
N/A N/A C:\bonzi\bob.exe N/A
N/A N/A C:\bonzi\LimePro.exe N/A
N/A N/A C:\bonzi\LimePro.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\blue.exe N/A
N/A N/A C:\bonzi\StartBlueScreen.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\unregmp2.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\certmgr.msc C:\Windows\system32\mmc.exe N/A
File created C:\Windows\SysWOW64\is-7I7C5.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Windows\SysWOW64\SET691E.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\SET6A23.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe N/A
File opened for modification C:\Windows\SysWOW64\speech.cpl C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe N/A
File created C:\Windows\SysWOW64\is-N1STO.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Windows\SysWOW64\is-IEAQD.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File opened for modification C:\Windows\SysWOW64\SET691E.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SET6A23.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\BellCraft.com\MASH\is-EAVE2.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-TKAOK.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\Double Agent\DaShell.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\program files (x86)\bellcraft.com\mash\mash.ico C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-71LJO.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-R5JVC.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-3O14B.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-5KAFN.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-KEHJL.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-OGS15.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-HGJEA.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-SOGSG.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-7SJ2N.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-H37KR.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-0BT8E.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-518Q1.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-N8091.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File opened for modification C:\Program Files (x86)\Double Agent\Setup\DoubleAgent_x86.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-SKQ4O.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-FLI5I.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\Double Agent\DaServer.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Double Agent\DaCore.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Double Agent\License.htm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-RBIG5.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-6JDN0.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-M4288.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\Templates\is-9O2UF.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\Double Agent\Dev\DaServer.tlb C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\BellCraft.com\MASH\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\Double Agent\DaControl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Double Agent\DaHandler.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-GNMHC.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\BellCraft.com\MASH\is-QCGON.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File created C:\Program Files (x86)\Double Agent\Setup\DoubleAgent_x86.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Double Agent\License.lesser.htm C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\intl\SET6608.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File created C:\Windows\msagent\SET65BE.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File created C:\Windows\speech\SET6AC6.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\assembly\tmp\5V4YN91U\DoubleAgent.AxControl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\Y9ES0CZ4\DoubleAgent.AxControl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\speech\~TMP4352~.TMP C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\msagent\SET65E4.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\speech\speech.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\SET6B59.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\msagent\SET65E2.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File opened for modification C:\Windows\speech\SET6AA1.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\SET6B58.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\msagent\SET65BE.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\speech\SET6B57.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\SET6AA0.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\help\SET6607.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\msagent\SET65E3.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\msagent\SET65D2.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\speech\SET6AA2.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\msagent\SET65D0.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File created C:\Windows\speech\SET6AA1.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\vcauto.tlb C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\XTel.Dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\msagent\SET65F6.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\help\SET6A34.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe N/A
File opened for modification C:\Windows\speech\Xlisten.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\speech\SET6B79.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\lhsp\help\SET691B.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File opened for modification C:\Windows\speech\speech.hlp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\speech\SET6B59.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\INF\spchapi.inf C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\Installer\e624eb7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File opened for modification C:\Windows\speech\SET6AC5.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\speech\SET6B27.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\fonts\SET691C.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe N/A
File opened for modification C:\Windows\INF\SET65E5.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File created C:\Windows\speech\SET6B58.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\msagent\SET6609.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\speech\spchtel.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\speech\SET6AA2.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\SET6AA3.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\speech\SET6AA3.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\speech\SET6AC5.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\vcmshl.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\speech\SET6B57.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\assembly\GACLock.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\WINDOWS\SysWOW64\mspaint.exe N/A
File created C:\Windows\help\SET6607.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File opened for modification C:\Windows\speech\SET6AC3.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File opened for modification C:\Windows\speech\Xvoice.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\msagent\intl\SET6608.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File created C:\Windows\Installer\e624ebc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\speech\VText.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\msagent\SET65D2.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File created C:\Windows\msagent\SET65E3.tmp C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe N/A
File created C:\Windows\MSAGENT\CHARS\is-T7KVK.tmp C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
File opened for modification C:\Windows\speech\WrapSAPI.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
File created C:\Windows\assembly\tmp\VVATG60Z\DoubleAgent.Server.dll C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000c9712a8ab103c3e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000c9712a8a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900c9712a8a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dc9712a8a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000c9712a8a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Colors C:\Users\Admin\Downloads\ArcInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1147E530-A208-11DE-ABF2-002421116FB2} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1147E530-A208-11DE-ABF2-002421116FB2}\Compatibility Flags = "2228676" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2}\AppName = "DaServer.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2}\AppPath = "C:\\Program Files (x86)\\Double Agent\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1147E500-A208-11DE-ABF2-002421116FB2}\Policy = "3" C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\dwm.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F440FB8-CE01-11cf-B234-00AA00A215ED}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A05-459B-11d1-BE77-006008317CE8}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E505-A208-11DE-ABF2-002421116FB2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\ = "Microsoft Rich Textbox Control 6.0 (SP6)" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BellCraft.MASHScript\ = "MASH Script" C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4E3D9D1F-0C63-11D1-8BFB-0060081841DE}\ProgId\ = "DirectSR.DirectSR.1" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E549-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E550-A208-11DE-ABF2-002421116FB2}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9F11A95-90E3-11d0-8D77-00A0C9034A7E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A9-DA1A-11CD-B3CA-00AA0047BA4F} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E547-A208-11DE-ABF2-002421116FB2}\TypeLib\Version = "1.1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68A33AA0-44CD-101B-90A8-00AA003E4B50}\ = "ISRAttributesW" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66523042-35FE-11D1-8C4D-0060081841DE}\Insertable\ C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{1147E537-A208-11DE-ABF2-002421116FB2}\Implemented Categories\{1147E500-A208-11DE-ABF2-002421116FB2} C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip.2\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF2C7A52-78F9-11ce-B762-00AA004CD65C}\ProgID\ = "Speech.VoiceText.1" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E55A-A208-11DE-ABF2-002421116FB2}\ = "IDaCtlBalloon2" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1147E552-A208-11DE-ABF2-002421116FB2}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\FLAGS\ = "4" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89F70C30-8636-11ce-B763-00AA004CD65C}\LocalServer32\ = "C:\\Windows\\speech\\vcmd.exe" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A26D7621-6FA0-11ce-A166-00AA004CD65C}\1.0\409 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2C840E0-E092-11cd-A166-00AA004CD65C}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6469210-E095-11cd-A166-00AA004CD65C}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEE78591-FE22-11D0-8BEF-0060081841DE} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1147E561-A208-11DE-ABF2-002421116FB2} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1147E533-A208-11DE-ABF2-002421116FB2} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E506-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E501-A208-11DE-ABF2-002421116FB2}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E543-A208-11DE-ABF2-002421116FB2} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\ = "Common Dialog Print Property Page Object" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWow64\\MSCOMCTL.OCX" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\ProgID\ = "RICHTEXT.RichtextCtrl.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\TreatAs\ = "{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A5-DA1A-11CD-B3CA-00AA0047BA4F} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E526-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E501-A208-11DE-ABF2-002421116FB2}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A8D6140-E095-11cd-A166-00AA004CD65C}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1147E53B-A208-11DE-ABF2-002421116FB2}\InprocServer32\InprocServer32 = 33002d005d0073005400750051004b004c0041005e0071002c00300036006b004500720062002c0043006f006e00740072006f006c005f007800380036003e005a007100630028007a0027004e0051006b003f00550054002900270061007b0039002b002a006b0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E50B-A208-11DE-ABF2-002421116FB2}\TypeLib C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1147E527-A208-11DE-ABF2-002421116FB2}\TypeLib\ = "{1147E501-A208-11DE-ABF2-002421116FB2}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1147E516-A208-11DE-ABF2-002421116FB2} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}\ProgId C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E503-A208-11DE-ABF2-002421116FB2}\TypeLib\Version = "1.1" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1147E516-A208-11DE-ABF2-002421116FB2}\TypeLib\Version = "1.1" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EDF1AB81583E1F4CADD2783223EE1E1\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 709482.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 435251.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 967646.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 350908.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 469161.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\WINDOWS\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\WINDOWS\SysWOW64\mspaint.exe N/A
N/A N/A C:\WINDOWS\SysWOW64\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\bonzi\StartBlueScreen.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\bonzi\BonziBuddy_original.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonzVir.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\optimize.exe N/A
N/A N/A C:\bonzi\optimize.exe N/A
N/A N/A C:\bonzi\optimize.exe N/A
N/A N/A C:\bonzi\optimize.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\WINDOWS\SysWOW64\mspaint.exe N/A
N/A N/A C:\WINDOWS\SysWOW64\mspaint.exe N/A
N/A N/A C:\WINDOWS\SysWOW64\mspaint.exe N/A
N/A N/A C:\WINDOWS\SysWOW64\mspaint.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\netscape\navigator.exe N/A
N/A N/A C:\bonzi\blue.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 916 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://arc.net

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\ArcInstaller.exe

"C:\Users\Admin\Downloads\ArcInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://browserco.typeform.com/to/k37wtsev

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 /prefetch:8

C:\Users\Admin\Desktop\BonziKill (1).exe

"C:\Users\Admin\Desktop\BonziKill (1).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Users\Admin\Desktop\BonziKill (3).exe

"C:\Users\Admin\Desktop\BonziKill (3).exe"

C:\Users\Admin\Desktop\BonziKill (2).exe

"C:\Users\Admin\Desktop\BonziKill (2).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Users\Admin\Desktop\BonziKill (2).exe

"C:\Users\Admin\Desktop\BonziKill (2).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Users\Admin\Desktop\BonziKill (3).exe

"C:\Users\Admin\Desktop\BonziKill (3).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Users\Admin\Desktop\BonziKill (1).exe

"C:\Users\Admin\Desktop\BonziKill (1).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Users\Admin\Desktop\BonziKill (2).exe

"C:\Users\Admin\Desktop\BonziKill (2).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Users\Admin\Desktop\BonziKill (2).exe

"C:\Users\Admin\Desktop\BonziKill (2).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Users\Admin\Desktop\BonziKill (3).exe

"C:\Users\Admin\Desktop\BonziKill (3).exe"

C:\Users\Admin\Desktop\BonziKill (1).exe

"C:\Users\Admin\Desktop\BonziKill (1).exe"

C:\bonzi\BonziBuddy_original.exe

"C:\bonzi\BonziBuddy_original.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7668 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\BonziRogue-1\README.md

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8

C:\Users\Admin\Downloads\mash_full_setup.exe

"C:\Users\Admin\Downloads\mash_full_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp

"C:\Users\Admin\AppData\Local\Temp\is-AAIFS.tmp\mash_full_setup.exe.tmp" /SL5="$F02EE,6008127,53248,C:\Users\Admin\Downloads\mash_full_setup.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\COMDLG32.OCX"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSCOMCTL.OCX"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSVBVM60.dll"

C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe

"C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\msagent.exe" /Q:A

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AgentSvr.exe

"AgentSvr" /REGSERVER

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe

"C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\tv_enua.exe" /Q:A

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe

"C:\Users\Admin\AppData\Local\Temp\is-CRS0H.tmp\spchcpl.exe" /Q:A

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe /q:a

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\DoubleAgent_x86.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe

"C:\Program Files (x86)\BellCraft.com\MASH\MASHPlay.exe" "C:\Users\Admin\Desktop\BonziRogue-1\BonzVir.msh"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x504 0x4ec

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding ADED4DC073ABACB2B777A96D453C73AE M Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Double Agent\DaShell.dll"

C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe

"C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe"

C:\Users\Admin\Desktop\BonzVir.exe

"C:\Users\Admin\Desktop\BonzVir.exe"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Users\Admin\Desktop\BonzVir.exe

"C:\Users\Admin\Desktop\BonzVir.exe"

C:\Users\Admin\Desktop\BonzVir.exe

"C:\Users\Admin\Desktop\BonzVir.exe"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5208667827915839266,17864265116933073886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\bonzi\midi.bat

C:\bonzi\clippy.exe

C:\bonzi\clippy.exe

C:\bonzi\netscape\navigator.exe

C:\bonzi\netscape\navigator.exe

C:\Program Files\Windows Media Player\wmplayer.exe

"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\smash.mp3"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\smash.mp3"

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\bonzi\netscape\navigator.exe

"C:\bonzi\netscape\navigator.exe"

C:\WINDOWS\SysWOW64\regedit.exe

C:\WINDOWS\regedit.exe

C:\bonzi\optimize.exe

C:\bonzi\optimize.exe

C:\bonzi\bob.exe

C:\bonzi\bob.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\bonzi\start.bat

C:\Windows\SysWOW64\notepad.exe

notepad.exe

C:\Windows\SysWOW64\calc.exe

calc.exe

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\certmgr.msc"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\system32\mmc.exe

"C:\Windows\System32\certmgr.msc" "C:\Windows\System32\certmgr.msc"

C:\Windows\SysWOW64\charmap.exe

charmap.exe

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\d21ed9dbe24c439c97da58a2a37535e0 /t 512 /p 880

C:\WINDOWS\SysWOW64\mspaint.exe

C:\WINDOWS\system32\mspaint.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\bonzi\LimePro.exe

C:\bonzi\LimePro.exe

C:\bonzi\LimePro.exe

"C:\Program Files (x86)\LimePro\LimePro.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5640 -ip 5640

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 660

C:\bonzi\netscape\navigator.exe

"C:\bonzi\netscape\navigator.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\bonzi\nice.bat

C:\Program Files\Windows Media Player\wmplayer.exe

"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\nice.mp3"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" "C:\bonzi\nice.mp3"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\bonzi\end.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 15.3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\bonzi\boi.bat

C:\bonzi\blue.exe

C:\bonzi\blue.exe

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\bonzi\StartBlueScreen.exe

C:\bonzi\StartBlueScreen.exe 0x12 0 0 0 0

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=54984174387200 --process=176 /prefetch:7 --thread=12148

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 13352 -s 372

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 696 -p 13800 -ip 13800

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 6148 -s 328

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 700 -p 13748 -ip 13748

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K C:\bonzi\boi.bat

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 3

Network

Country Destination Domain Proto
US 8.8.8.8:53 arc.net udp
US 104.18.30.160:443 arc.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 160.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 releases.arc.net udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.201:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 201.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 o298668.ingest.us.sentry.io udp
US 34.120.195.249:443 o298668.ingest.us.sentry.io tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 browserco.typeform.com udp
US 107.21.208.191:443 browserco.typeform.com tcp
US 107.21.208.191:443 browserco.typeform.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 3.166.122.92.in-addr.arpa udp
US 107.21.208.191:443 browserco.typeform.com tcp
US 8.8.8.8:53 renderer-assets.typeform.com udp
GB 216.137.44.64:443 renderer-assets.typeform.com tcp
GB 216.137.44.64:443 renderer-assets.typeform.com tcp
US 8.8.8.8:53 191.208.21.107.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 64.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 images.typeform.com udp
GB 18.244.140.48:443 images.typeform.com tcp
GB 18.244.140.48:443 images.typeform.com tcp
US 8.8.8.8:53 public-assets.typeform.com udp
US 8.8.8.8:53 cdn.rudderlabs.com udp
GB 18.245.162.128:443 cdn.rudderlabs.com tcp
GB 13.224.245.80:443 public-assets.typeform.com tcp
GB 13.224.245.80:443 public-assets.typeform.com tcp
US 8.8.8.8:53 48.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 128.162.245.18.in-addr.arpa udp
US 8.8.8.8:53 rudderstack-control-plane.cdp.prod.data.typeform.com udp
US 52.73.117.31:443 rudderstack-control-plane.cdp.prod.data.typeform.com tcp
US 8.8.8.8:53 rudderstack.cdp.prod.data.typeform.com udp
US 3.91.108.210:443 rudderstack.cdp.prod.data.typeform.com tcp
US 8.8.8.8:53 80.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 31.117.73.52.in-addr.arpa udp
US 8.8.8.8:53 210.108.91.3.in-addr.arpa udp
US 8.8.8.8:53 logs.browser-intake-datadoghq.com udp
US 3.233.152.251:443 logs.browser-intake-datadoghq.com tcp
US 8.8.8.8:53 251.152.233.3.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
BE 88.221.83.200:443 www.bing.com tcp
US 8.8.8.8:53 200.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.224:443 r.bing.com tcp
BE 88.221.83.224:443 r.bing.com tcp
BE 2.17.107.105:443 th.bing.com tcp
BE 2.17.107.105:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.138:443 login.microsoftonline.com tcp
US 8.8.8.8:53 224.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 polyfill.archive.org udp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 dn720005.ca.archive.org udp
US 184.105.214.249:443 dn720005.ca.archive.org tcp
US 8.8.8.8:53 249.214.105.184.in-addr.arpa udp
US 8.8.8.8:53 bonzikill.software.informer.com udp
US 172.67.43.115:443 bonzikill.software.informer.com tcp
US 172.67.43.115:443 bonzikill.software.informer.com tcp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 hits.informer.com udp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 i.informer.com udp
US 8.8.8.8:53 115.43.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 109.159.155.204.in-addr.arpa udp
US 8.8.8.8:53 70.179.117.74.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 104.22.17.194:443 i.informer.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 194.17.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 software.informer.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 r15stv.itch.io udp
US 173.255.250.29:443 r15stv.itch.io tcp
US 173.255.250.29:443 r15stv.itch.io tcp
US 8.8.8.8:53 static.itch.io udp
US 104.26.9.198:443 static.itch.io tcp
US 104.26.9.198:443 static.itch.io tcp
US 104.26.9.198:443 static.itch.io tcp
US 104.26.9.198:443 static.itch.io tcp
US 104.26.9.198:443 static.itch.io tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 img.itch.zone udp
US 2.18.190.83:443 img.itch.zone tcp
US 2.18.190.83:443 img.itch.zone tcp
US 2.18.190.83:443 img.itch.zone tcp
US 2.18.190.83:443 img.itch.zone tcp
US 2.18.190.83:443 img.itch.zone tcp
US 104.26.9.198:443 static.itch.io tcp
US 2.18.190.83:443 img.itch.zone tcp
US 173.255.250.29:443 r15stv.itch.io tcp
US 8.8.8.8:53 29.250.255.173.in-addr.arpa udp
US 8.8.8.8:53 198.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 83.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com udp
US 104.18.9.90:443 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 itch.io udp
US 173.255.250.29:443 itch.io tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 90.9.18.104.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
GB 142.250.178.4:443 www.google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.186:443 r.bing.com tcp
BE 88.221.83.186:443 r.bing.com tcp
US 8.8.8.8:53 186.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 r.bing.com udp
BE 2.17.196.75:443 r.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
BE 2.17.196.107:443 th.bing.com tcp
US 8.8.8.8:53 75.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 107.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
BE 2.17.196.75:443 r.bing.com tcp
BE 2.17.196.107:443 th.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
BE 2.17.196.82:443 r.bing.com tcp
BE 2.17.196.106:443 th.bing.com tcp
US 8.8.8.8:53 82.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 106.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.239.241:443 polyfill.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 184.105.214.249:443 dn720005.ca.archive.org tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 2.17.196.104:443 r.bing.com tcp
BE 2.17.196.145:443 r.bing.com tcp
US 8.8.8.8:53 145.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 104.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 bellcraft.com udp
US 192.185.6.41:80 bellcraft.com tcp
US 192.185.6.41:80 bellcraft.com tcp
US 192.185.6.41:80 bellcraft.com tcp
US 8.8.8.8:53 www.msagentring.org udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.bellcraft.com udp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 validator.w3.org udp
US 8.8.8.8:53 msagentring.org udp
US 8.8.8.8:53 jigsaw.w3.org udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.6.185.192.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 192.185.6.41:80 msagentring.org tcp
US 192.185.6.41:80 msagentring.org tcp
US 192.185.6.41:80 msagentring.org tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 192.185.6.41:80 msagentring.org tcp
US 192.185.6.41:80 msagentring.org tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 142.250.179.238:80 www.google-analytics.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 github.com udp
US 104.18.13.149:443 sourceforge.net tcp
US 104.18.13.149:443 sourceforge.net tcp
US 8.8.8.8:53 a.fsdn.com udp
US 8.8.8.8:53 149.13.18.104.in-addr.arpa udp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.18.5.227:443 c.sf-syn.com tcp
US 104.18.5.227:443 c.sf-syn.com tcp
US 8.8.8.8:53 56.16.18.104.in-addr.arpa udp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 227.5.18.104.in-addr.arpa udp
US 104.18.5.227:443 c.sf-syn.com tcp
GB 89.187.167.7:443 cdn.consentmanager.net tcp
GB 89.187.167.7:443 cdn.consentmanager.net tcp
GB 89.187.167.7:443 cdn.consentmanager.net tcp
GB 89.187.167.7:443 cdn.consentmanager.net tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 7.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 ml314.com udp
US 34.117.77.79:443 ml314.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 104.22.74.216:443 btloader.com tcp
US 34.117.77.79:443 ml314.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 18.200.225.135:443 dpm.demdex.net tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
DE 3.124.210.90:443 ps.eyeota.net tcp
IE 54.77.42.245:443 sync.crwdcntrl.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 c73834f0981008229054973d27682d7a.safeframe.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.180.1:443 c73834f0981008229054973d27682d7a.safeframe.googlesyndication.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 79.77.117.34.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 9.38.105.216.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 135.225.200.18.in-addr.arpa udp
US 8.8.8.8:53 245.42.77.54.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 104.18.5.227:443 c.sf-syn.com tcp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 netix.dl.sourceforge.net udp
BG 87.121.121.2:443 netix.dl.sourceforge.net tcp
BG 87.121.121.2:443 netix.dl.sourceforge.net tcp
US 8.8.8.8:53 105.111.68.204.in-addr.arpa udp
US 8.8.8.8:53 2.121.121.87.in-addr.arpa udp
US 8.8.8.8:53 crl.usertrust.com udp
US 172.64.149.23:80 crl.usertrust.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
BE 2.17.196.176:443 www.bing.com tcp
US 8.8.8.8:53 176.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
BE 2.17.196.82:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
BE 2.17.196.115:443 th.bing.com tcp
BE 2.17.196.130:443 th.bing.com tcp
BE 2.17.196.130:443 th.bing.com tcp
BE 2.17.196.115:443 th.bing.com tcp
US 8.8.8.8:53 115.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 130.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
BE 2.17.196.115:443 th.bing.com tcp
US 8.8.8.8:53 wmploc.dll udp
N/A 127.0.0.1:50251 tcp
N/A 127.0.0.1:58314 tcp
US 8.8.8.8:53 www.pcoptimizerpro.com udp
US 50.63.8.124:80 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 124.8.63.50.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 oss.maxcdn.com udp
US 13.107.246.64:443 www.clarity.ms tcp
N/A 127.0.0.1:443 tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
N/A 127.0.0.1:58342 tcp
US 8.8.8.8:53 browser.netscape.com udp
US 13.248.158.7:80 browser.netscape.com tcp
US 8.8.8.8:53 www.netscape.com udp
US 13.248.158.7:80 www.netscape.com tcp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 geo.yahoo.com udp
US 8.8.8.8:53 bcn.fp.yahoo.com udp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
IE 188.125.72.139:80 geo.yahoo.com tcp
IE 52.50.88.82:80 bcn.fp.yahoo.com tcp
US 8.8.8.8:53 www.aol.com udp
GB 87.248.114.11:443 www.aol.com tcp
US 8.8.8.8:53 www.aol.co.uk udp
GB 87.248.114.11:443 www.aol.co.uk tcp
US 8.8.8.8:53 139.72.125.188.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
N/A 127.0.0.1:52491 tcp
US 8.8.8.8:53 sb.google.com udp
GB 142.250.200.14:80 sb.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_916_GMTFSGHVPHCWRQYQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9344cedbf844e89cf30e0555684430de
SHA1 82352f1629aa38c79433d3c589e26233a5fe39c5
SHA256 8554219092f778895b2239a4e01ff23968b7dd8708b3ed91110c12ee36342b03
SHA512 a4756681525bdcd5313cff97408626cfc2365f61e373882e2158641a85828d59efc53c28045761e3c0842218f371e819965a833e9c32660b05d43bdcdf160ec6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 709482.crdownload

MD5 327394a452bc590a8dcc35499ec21060
SHA1 799eaa40f88bb3a2a5b385e6fb51675c0da69981
SHA256 20fe34797b5d870900402aaf927136076111bec331d6bfc443b86d66c551243e
SHA512 325529f6fc4421e299c9e23139b43647301c90d7c2d6524f8aa64e52b5308bb9d67125e90847f740494da06140dc5753ec73269b117c3687d788983bfeb4e02d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 edab959325d16593b0a827e8fbf5bc82
SHA1 3ce260ed1281e6669eb044affa8531e54094a167
SHA256 60f7609f5adb0888342c67a178e15e612ab35e22b99a1d5723dd9b72e3bce177
SHA512 e84bf2bd9d5c78f9deebbe14a898e96b600e114c91948d0639fb2604ccf0230051d318617bdd9d47c73c6c58a772e8723128e7046a3bb236828d3ab2425fa6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 279c9f093fc88644b541bff5d6fee887
SHA1 80bf314483ac1687c4e45ca58ec857c389c37ac4
SHA256 473a4d34a13fc734d6a558f95770150c1635507c4ecc43649f6f3c3102da38ff
SHA512 4cc71ce8f02c93ab54ee21586056fdb8a6e9abb7472f93cba84a0273374312972928f976caffeefe179efffa69338f2e320c4a315abaf977c960ebe30ecb93ff

memory/5084-150-0x000002BF0CEF0000-0x000002BF0D0A8000-memory.dmp

memory/5084-151-0x000002BF0D490000-0x000002BF0D49A000-memory.dmp

memory/5084-152-0x000002BF0ED60000-0x000002BF0ED68000-memory.dmp

memory/5084-153-0x000002BF27950000-0x000002BF279FE000-memory.dmp

memory/5084-154-0x000002BF27A00000-0x000002BF27A82000-memory.dmp

memory/5084-155-0x000002BF0ED80000-0x000002BF0ED88000-memory.dmp

memory/5084-156-0x000002BF27AD0000-0x000002BF27AF6000-memory.dmp

memory/5084-157-0x000002BF0EE30000-0x000002BF0EE38000-memory.dmp

memory/5084-159-0x000002BF27B80000-0x000002BF27B88000-memory.dmp

memory/5084-160-0x000002BF27B20000-0x000002BF27B2A000-memory.dmp

memory/5084-161-0x000002BF27B10000-0x000002BF27B1A000-memory.dmp

memory/5084-162-0x000002BF27B40000-0x000002BF27B56000-memory.dmp

memory/5084-163-0x000002BF2A900000-0x000002BF2A90A000-memory.dmp

memory/5084-164-0x000002BF2A9C0000-0x000002BF2A9FE000-memory.dmp

memory/5084-165-0x000002BF2B490000-0x000002BF2B4B6000-memory.dmp

memory/5084-166-0x000002BF2A980000-0x000002BF2A988000-memory.dmp

memory/5084-167-0x000002BF2B4F0000-0x000002BF2B512000-memory.dmp

memory/5084-168-0x000002BF2C370000-0x000002BF2C42A000-memory.dmp

memory/5084-171-0x000002BF2C810000-0x000002BF2C886000-memory.dmp

memory/5084-172-0x000002BF2B800000-0x000002BF2B832000-memory.dmp

memory/5084-173-0x000002BF2D1D0000-0x000002BF2D1D8000-memory.dmp

memory/5084-174-0x000002BF2D320000-0x000002BF2D358000-memory.dmp

memory/5084-175-0x000002BF2D2F0000-0x000002BF2D2FE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 115480ef2ef53122f4d35bf7aacb21fd
SHA1 84d1b3692f30a03bfcec9100c3bee4336aa80849
SHA256 7a8ac77c3403fbb3250320fe02351f95cfc4a2a17ce538f16cbac43617b09ede
SHA512 01998c97eb15bf94cb9eaf50c821d666ad338cab023015f418c28a8e678ce2e82969134681dcfe04175870fc942b5ba47ea9c6be0ecce1556aa76640e61e1439

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f537220b9afc76b90a797281f7d0eb6
SHA1 025c0ead5428649701c2e148f5e9bf086c88a17c
SHA256 455336c4beb1604881d811525a0e4b32fc71b903e8b5346528d854aac7972da1
SHA512 6c43902114f3ffc62ee89bb36d9ce5777be12d3d6c6ceabb818de8f7738554b3062ec7652283b0232334d1029253a4c23c198692c61997d27fe88a7e8482d251

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec25be551ed0c2448da0ac529ac81840
SHA1 e6c180b4e00a04d21c9ceb99d9763961cad87c39
SHA256 34d8dde18cb69877cf85f644a8ca6a633c5108cfeaf9e84fd58af0a8fe5e75a8
SHA512 2d0cb4279f0da70140f028d36df7fad9c59cd3009138e32bbfc1d8ee3578de4cf1d4d058b8f8a57d3a5f9c27fe2e9b5d01d1cb22d2bfd578d682291bfe9992c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b09923d7527e2e4a29c95491c162c8bf
SHA1 3849a05cbd9f82f7a4b74efe20d6ae0c772e05a2
SHA256 e794882e264426dacc0b85e937bb7bbc7e17e69df62f75d93bff3c18a0720784
SHA512 fc6567aa9c6633186ad856068c074ccdadb7b6682b460265cb259b0fb5e8ec99f263269019d78eed7cf7a33a6d2b0af406193edcf6510ce03b375ef9b2bb0046

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 78d31e069d3559fa2b016ee372d707b6
SHA1 bc9e63f52b9ba88423c593d29da2a32849764066
SHA256 d511c9ed523aba2f6c5019bae9b9929d4aa4a0d46b2bef431d075257d8b5eec4
SHA512 fecbee11ea625db0493f686ef20dfe4c3d7343e66642931b985f31b3f8896cef97ddd491e998045e1076b5fb82e9e81fcf3cb2f3189dfa325a6aa336605f3b0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fc61.TMP

MD5 eaf6b3df896b948477ced4b2b234556e
SHA1 9ef989621f26f04f463aa8c15b9fb5569e02332e
SHA256 5dda1f0e010a01d002b4e680858acb7ba0dfba71a3ffe4f59a7063b1e7225366
SHA512 c7e3a75eef6e1f419826f0c3e21df86240ef2e25b0c74c3981c81a996db6cbbb339ff973e9459e675ead6129a540a2e3195fa810669c87b821a39adb0cccd53e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f47739de7cf47eeb376213c463009546
SHA1 2b6095704150ab7ecd7087dba599090802ed0b95
SHA256 a0c789d07583c4b753089a4ffd604d1f4232e3db3ba56e63b6bfc5846339f711
SHA512 7c4b9f9f4fad5821f32864e95602d02c9aacb525f472f7241a0da737c02da851c94323ab19521ca2e17d92048cc9c58bd6ab65223ecf6b7c241e7e2a0f75430d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 052ae879d0606ca7b51dd5d60bf168f9
SHA1 51ed4981134ded98cc76007a97a6eb6f5a604594
SHA256 d5bb278f2281df3e9b58e0b0f7123c216040b0d9ed5ad5b5cf8f9c08469014d7
SHA512 dc6dc227c98127f08854916e07d75853ba185892c98a830ed604886db68b939bb609d61d6fbf9a4b915437c09aef8494e5abc18c3929f3bd88116a68785b99dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a76e36dd41854f43689ff81a74a229e
SHA1 d0127ecbb88ead2e7e2b625a7cee5611db3d9d93
SHA256 6a847edbcd624571c6c09f39098ed26c79577cb9496cee8ec237abd6a751c36c
SHA512 d9646317156412281618a491b7e951e282f395d953a92784b3ad50fdaea631921d1d3894f64b29df84993db6932e7fdd69c4005414d29b5a5798e649ef89ba04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1bdb69aea136285322aaaef5043f3c82
SHA1 a3b14af40521c55f9366e2d4a5a4d4273d953be8
SHA256 d3a1c41bfa99cb9d4682c2da34c98063d272958ab22c8d877365b8117be8a355
SHA512 c42dad8ee04beb4b7dd12fff9e54a2469b640b4f58364c70704858589dcd41e3685320064596ad7565064f8b184f0f824aa7ea33e65ec0571c32eb6774af8edf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7cc0f5af4fb44880a15243ddf69921a3
SHA1 93bf0fd72ab1b2f958e2e2a73a8876655c51cc40
SHA256 94b44f0538061be7e39108a5f2f73600dd8491102362a50c63f9f5e1cb0137a8
SHA512 612bf5def37c44395b8346564ea79412f4e87dec551e87b1d37de8ca5b8e7ddf1aa74bced931ec9dc5a7554a235a1595213f7cc70b41d2192f25fad8c556144d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ea121d2de319462042f3c50d088562a
SHA1 ed4e6e89b41545e2353ea04989acd075df2c1261
SHA256 707ce8e1c7aa5a79bffb319755ab6dd171d540a9615f021e664f981d09e17a25
SHA512 676eca3f2981a34929e592441ad01aa0997bf2ce42db883b63b7ae7b9d549883e4e553d66e114ab5b1c729ffde9c0242747da293874830b64158df857ef1047c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3f3f684eb83ff1664c429038a832ba5b
SHA1 7830d821cb405a42a72a40bbee53a5d3dccbae68
SHA256 8541ba265babe4a1313f05e9b5e8bae449081016dfed8377372bad7a50285d24
SHA512 b1b6cc7d0f9c2559d84a061b05e83c027bcaa7d6144e27844903cf9e2099be0847efea81d35026221048f281bb4b771ac1009e87792228c34ba2a4f7736ff78e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bbf2a22e5135f8472fa147b9489a0f66
SHA1 ec30fd835537c29d4a6e9c324c582f8123cfe623
SHA256 5a681b93f9dcc552fca656519a9638b9907bac87990806b9a216ae79e12f2ee2
SHA512 e7dd2d75d6e0c8bec3d888ff1952b696de8230e18f2b8b998092928f4c48e8a033a275f1bb20b1b6bf3fb7e662e5fa6b5578d528faafdfd760ca63e93d586782

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e43410727b314bdca0f044d79fbdb85f
SHA1 162e1f35ea7c3e780fa4876b430805e327a3daf9
SHA256 fb48106c3630cbebd5447f5147013ac5d817ffa1800245ddf6dd4414607ca1f4
SHA512 f34a9e66828823a26a62a17c4243d7cebaa952a7bda778e7c6c508c9ce5d4a9bb8a55c030d296ebbd6638b2f98df9e9ffd71712ec92dbbad8e28b13d3a515371

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 18950d0f7a371b6191cd217ab9c9c695
SHA1 7d7622fcc4431aa75fde9267dfb1d30d99466d5b
SHA256 96c2e8b99703a841b5c57c7d6427a3a060c9b11d554c2f642d3c6ba8814e18ec
SHA512 ac4a12eaf27b898eac0635c66f21a7da40416796da57af8b9984dad3378c6c1ebe70f984a7ccf72af6bf4675095da36bcea19b219de267befab2d32a09782cc2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 03046aa6936789d9c9c567249118ab91
SHA1 f60a367c22623bbd110243eb3c242d3235eafa0a
SHA256 8d06b156e8cb126da7eb2dbc29a3779aa53d061679b2e92acd4f9acd2bf443ae
SHA512 949f86a1d101a5d1d75af9a797ddd3d035d26dd0440abeaabcb731ce21e5c4f4afa7d80cb7ba610423c03ad832b7b2bed74bebe878cfcf0a2f8781aa3f96fb22

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 72475a0056d1eec277d4e6074ac10107
SHA1 5ca3aeed46db404707873f3eb159d0df9315090b
SHA256 25d621af3bc8da885c7501e51ac1edb5b643b98511c3901a29e73c21e829d837
SHA512 b230cb4b4824d8552aa90d0f8a346ba2f2eafff9db368e2e8ec3f865947f830ac1239a0e41d0611c39ec0359fb6a054cbb3e5a0d5eaac506cbcce0ff776bce15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1cf320ec136b1d1c65942f319c6e6172
SHA1 e78608e75f553f4a4a7266da120ad81392771a94
SHA256 b1d3d6205094c317e5085cea7454f4a42b4b4e44dc62d12fdf0d1818820b9f19
SHA512 e7f2cafc4d0d83d0bc1d16b25b5322bf75c81de303790e60b99a23b0837ba1daddba03525d8f80376d8ed28be28aac6e0e5e654820af75017fac5aacbd04d06c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0fbae5ab38f3073c438f7af3e84352d0
SHA1 8e16eaf4fd8a0e782dc7a0fe75dd520828a4808a
SHA256 90df00f401eb155a03aa84f2b01af552aa9e5fe24fbd8ae8091d2c7e3ac492a4
SHA512 4376a31303af56afe0162175feed87bcac0328e75fd10740b3f700545aa51466c4be38e6d02d71eb341791ea525d79b65da8161fd97e6bad83edc04500fcdaec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 474f58a1a88724994941cc82eddab363
SHA1 331382dd7357adc5848699cf55935421a4d7f4a8
SHA256 3f7fcb3ffd62ca50440d0ccf6884f81447d19d50e188dbe8bc195c46c2774f12
SHA512 fbb9f863c5cfa2bd09f3eb95e78d5f836b0737e4a687b49a8e11a2597807d13c9fa5e797ac3a8066a15b7c9f1441b60c5342a791926cc9be51a2b622e25b7808

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c40c3dcc62222db2ad2e1ac77309c1a
SHA1 d28d4779aff418c4833256f3ec4ab17f656d3ead
SHA256 8083675c684074c0d782465fbd8560564c93ef405fc304ec5d8bb6badbf6a755
SHA512 7ed89a38a55b7a9bb5d8869c3c55fa602d41f806091fda751c8c3483297adc51849271851175218e9c1f62a58378c8e3d62764df4d0aa05bb39591781660accb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c145366cafa58124c8446030dba8bd0
SHA1 d965a66cdec3c8d2d24362c5cdc7d6b00521d0bf
SHA256 380c584b0fcb0ccaba1fdb4e8c920fb1d4e946e8c7ab8971887774435f7b58d3
SHA512 e73aac9d9def60dd6ce596fb6417cbfc56c3105113ebf769959a9e0d676353ef72546b24aa5c7fce74d56c268645837be8401e9eedca39671fe0ab193507d2ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

MD5 475b50689dfe5ac600b3de04ace088ea
SHA1 fbb328c285b985d98e436e1a2025dc2ef814f08d
SHA256 bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1
SHA512 55bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fdb3e09dcc68d2e671f2aec2de5a7672
SHA1 f97d593067f91f1345d55367b317a44881b1037f
SHA256 8cc581c747f9d9868ec1586430d704a5eadc0a330222ee8f34f8ddf6dc9d5f8f
SHA512 4fe61c9735852befba019425889a3ed65b69056044e7cb9b54bf5d3cea1c1e037f480cc4e3c6e4358a28c0333991186d5bd64bf5e3b57774de56aeceff0c5ada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f916b87f691c094d972a34dcaf801e5b
SHA1 27f8a2dd8f05f12a82fe0cc05c529c2ae64620ae
SHA256 215b7e7b3133fee2806012cf73b3b09ceaf8bc8b5ccd9c72290f742ea4a6e95b
SHA512 64ed75a8b32340ee87d52a755618d2b45f19debd8bd511cd879c0a9485e2e479fb0453449350218619c7ae4b4c4e1d59d39362d820a127c6b0b258f6394c2f81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c87c46590ebec016653af8e015e18f12
SHA1 d4a7e1f26ccce28c2eeccdc6361e4b7ed36665ca
SHA256 14268c5a28d462b209bb74d01dae63cb76c91ac12cc24b82bb9790bb5cf87107
SHA512 9a7eee8678fe90145b38688227ab8fd31c8c54e51906c541aad4cf067371b846008d7815e903cefe354df5788dc5a54a2f4abb1f6a37924c0a09b6f5cb363fb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 330c1632fbac965ca4d469bf806ae4d8
SHA1 d3a13a64af228a0e499b2955ee234ce768baf27d
SHA256 b4ea8de58c6ba3865518a40e3c9ca32a0e40ad8628ede5e485e21071ba01a357
SHA512 18fe75377dbb315f64fb8d8fa009d584f7d5bfd65787ecca5a703ad6571e0a1798ccbeb30dc875b8d7e26a7952b3bc4d540cc3098c00cf4fce3d6de7666ce187

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cebd88a0a829c355d8287c325c1a922c
SHA1 3a7f6aef9b2c2f0b6566392b20ce962694251a91
SHA256 77e518009c99f7e2c33a1fa11c989079b3ebdfba2215d6256b6f2cab4d22d337
SHA512 144ddf1ea87665d650adbb444efbfc4e4057512185e2a5015cbcd504a0b930975cc29ce3c76d78dfa37eddc81cbadc84b233f2e595360343f8ff4b4fa44c0f33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 477ff323f8a264ceff74f6546bc62092
SHA1 14f203546d62f99a97eb8aefb35006269e6e56f6
SHA256 e181b5aa1a49f17e2e4740bfba517fd69b4079c1ede1b0d2e3efb4e5496a2a65
SHA512 55c648322161c82d77c79706494851647570196f8b71fd546c95229578a84e2546e431a4164d00eca337f3a78b68e62fc8b935ed3d7315e76c620740bf6ebd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 507ba44ae5c8e1c20e2d8c58c2a569e2
SHA1 07cf7aca3d268c8f4743b4c2837980dffbde2d47
SHA256 48bc244ce3034d63aa7f4ab5eff3423f372cfe120c769079cbe484efa62b4777
SHA512 bd28f26859e9778e5a10759cae53128126ae5571c0a8dc750718c58ed0be808f9f42d11439591296c7a2b1bcda648ccc11e159574107e5183fd26dca0534e32b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 665462684977bcb85b6ae5c0fdd588c7
SHA1 07be55c07f8361af80358d07e10bcf953eec78b2
SHA256 2b12fa1ce53295c186343da5de57ae7a0dc2c247d5b07367a613de79f452064a
SHA512 6a53d25aeeff539e71ae48310ed02804c07954927213af99dbcf78080fb7b424a8ce7c8f89e822ecfa73f49fc2667a3ba5a1b1585c8edf8e00d74c8c9cfd8c50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d51be804b86101a3d9d0fbec1335a948
SHA1 0a7b24e02dabbb8744e852f82bc4431c9af5fc18
SHA256 5e8d89b24334b34b3b40a190eca38080e1de357fe9fdbdbb1dc9a3a55fc8519a
SHA512 32caab9dbf248c9f41ac27fd8352bd0cc92f66d3f3ef5b2167984a9b768d71a3d13df3fdd6062d5546df6c12ecb8c8991d6f11f8dd336c26137cbc1fd14cfada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 677048f19c7230f3ae0cb72187874478
SHA1 6d4dbb0e2c33396a6176d033519915e0f88f4187
SHA256 87151a9cb0a65b1b54daf4f2d44f7cdd9bc1be1c3f845fdd95739c33f3e68946
SHA512 90bbaf01ebe209c4e6c4c3ee4f7176f639f2ba1ac0693eef896cb8aef891dc119265ee3b6ba52c290b86a6cda0cf6302950e07b43fc721e7bf006f5587067a60

C:\bonzi\BonziBuddy_original.exe

MD5 ff8e3bef2b1c444e59d21d5291c81d96
SHA1 a838dc974a49dc0fad824cedcf794c8c9651d410
SHA256 50a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512 b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927

memory/5560-1693-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5560-1695-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5560-1696-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP

MD5 7eccc259af24ba7a5a0638562536068d
SHA1 acd3e0fc2e10dfb2e57efa608a60297efb32e54e
SHA256 2e682f6b72fe7f464da31c01cb4769c8fcf556957405740140394282d4fe0db7
SHA512 7fc719c7c0499efc6eff2594e1e46390a421db4ae6c36c5f8822cccca52cedf6be4d9282e49db246a9533fcb929a70cd4e7a25e09984f69db2c922f6c4ba6f8e

C:\\bonzi\blue.exe

MD5 c3c1f4ff433df26b896deddacb5817f0
SHA1 45152ae046f3e2d5e274feb6a04fa6af59a68740
SHA256 bc8f7334495c673dd646d092afdabbfb84edb5282a25d9d8b1d3ceadc019478b
SHA512 faecab59d8ab00cead2037ee30435fffb25494b5889ac5dd003fec5f3a0244a2e450425838456ff5ef11b8c674eb85b21ca68c636cdec593bbef5ecf2aba0561

C:\\bonzi\bg.bat

MD5 74a195bcfa20e10e672d8681831cf280
SHA1 b6a75cbce94c208c6d7f13280788b0f4183b6b7f
SHA256 c40a459f38ec341892f062db191889353b039efc613ce1870da6591f27952e3a
SHA512 e800011130350a3df02d406bfd002f92eeb2575cc5d314ea08111ffb347c64a9e8e04dcbdcd217f8c7d176998d4b4b804437b221d5a945fa5e65942366c3e2b3

C:\\bonzi\bob.exe

MD5 a7bec276ba3a17576158a93d459b5949
SHA1 63d6d8bd7b09afe34147dff20791deac219d71f7
SHA256 407c9900fe5190df594a3ec97b17fdea941fe801e644013544b52a6b5afc6b4b
SHA512 f93da09998f257965ebed2e8d95f3f4728bbb61ee9eac5e1f428841a23f69eb122d0fc43700165d9a6dc6f3cb22c8cfa8f5953768366697bd00b63964addac1c

C:\\bonzi\boi.bat

MD5 e3fb07dba9803c1f174b725d2a05ea51
SHA1 98fa2129f93fd56493914d527f07f727c2b45ebe
SHA256 a7a14afe50ac26962f92bafbcadead48ca2e8fcb546cb259819bacd8156fae84
SHA512 ab3e817ad01e94ff8a6c58ca89d64a45077f0de49ea8a9e7059509cc7d694a005deb9043897caf060d0a78cfb8cce54ebdb9b3cb0653975771b23340d548dbfc

C:\\bonzi\BonzVir.msh

MD5 0cf59661f4b25d7bce496b51264cf6ef
SHA1 b55d3d5326f38f3f7d3ed6595754fa69113843cb
SHA256 14ed561155ef917214695a958392fe53295e1b972bd247da7672e7d38cc4eab2
SHA512 b0115fb134a145df36fae74791f30f4e43d24a049b0ad290e807a82574cc0d12ed5ccc1824e6a241fd0346b326493c359978071bf820d30bcb6bfe33f486902a

C:\\bonzi\china.wav

MD5 54c052f317d02d6129afd7c565b046a9
SHA1 5ab2014eb65fddb8a5f9c68a6b375dccc45916a2
SHA256 b1ed856b9ab097c8ec91778a241443a660a7e0ed5e3157a181a22dba1e31d55b
SHA512 200b66da2aeaf9c7502857e4e6d2d5d2294e3932f2fb7c3dacc9e161093c479028a3cead0dcbd9acefa46652406928f659b51e95d8bb2f0b0d93ce17eee6b2d7

C:\\bonzi\dicks.wav

MD5 fba01dbcd05f71566cae1e56928ee875
SHA1 0e387de1ad68776f610e8a352cdb4034420500c1
SHA256 af11d1bf70e77336bc59cfaeaa0ff6f916d3be3154185ac80df59861eb19a99e
SHA512 a6586e6fc7c765d77fdbdfb474408648df5f54707530614e097e06e23320eb610e38768415db3d3d1f6e19e48413d8993983b6fe48c445af5f0df26fb6714003

C:\\bonzi\clippy.exe

MD5 038bf1f54a35164fedb79e2319e1bc49
SHA1 e92cdbb5bab92ea3f2d6b0f8f40a5b5df199c6a9
SHA256 655a8c2bed8e2d85b24525aa426e5d647f15ddfa156967d64f144c497e8c9665
SHA512 5928082b8fef2a491eb84ed4ba01c8428cd96425c8c2d433dc6ef80d9c0d4866bb9c20871c6d1268824e435f42526e4e1eb468fe451f0ef02710edb35c08f1c6

memory/5560-1730-0x0000000000400000-0x000000000046F000-memory.dmp

C:\\bonzi\LimePro.exe

MD5 a6ba111c7ea638edac79ce34bb7a3de3
SHA1 903d1af04439189479bbaa8eee77f1503f1c54c2
SHA256 6c87657cfe2d7576333c2887d90f543c8fd4241e50f653b2c3a95efff2c4a268
SHA512 2b32ca91b42884cbd134d3471db74995321c1edcf1b2d579e1f0da4acbdf70ad08e05407bf93d711d966e2c3c5a0e25bc5338de5fd878a5bb0823010cdcdf9cf

C:\\bonzi\end.bat

MD5 83f1281124f33a31fa88e6ca1c7c503f
SHA1 35f7824bfa87a40083e57991f41abe01dbc6fd94
SHA256 e923637d148d84c9f99bf50e1b1ce8c262c3a40ee2a043d90650e7334cb862f6
SHA512 0d903d914b548969476f541794312febb72e56fb9a0dfc6e563d16ff2e8a74c6b13e184729d1f2254974e0625e032483470172b6cc270c416416fea93bac0906

C:\\bonzi\midi.bat

MD5 27d92ebfadfabce5ab3fa8f842e6a2e8
SHA1 2fbbe766c10820436a34ac47dcc49909a52228ca
SHA256 2acb21881a9c9625c653dcf43a79c6f5fb81d65bec36d290f12e1f2a6a7763c7
SHA512 703031215f5b282d9e4889cbfe69a80098a9663d2fe056e05ef58a9f431fd38afc12f6165b1417173856c9bcd263ff92ec985d1624044df2fe64316b2a18c021

C:\bonzi\netscape\res\html\gopher-audio.gif

MD5 0c428f6883c912e150ce42c954b1bd36
SHA1 bcfcdc2946c6e8113083d57538de5713aa033e9a
SHA256 39c501d97b098136e6d3ef487ebc2a04b00b367af8bf04a16ce183064656dc2e
SHA512 d809489178b96dafd4a0c95edd56fac21625aabb2b7dc8260345eb96b9c3c7ecb1b18505746bed15581ebfa1265cf96c8aff3953dbc6d69d56b31fcf54db228c

C:\bonzi\netscape\res\table-remove-column.gif

MD5 90ef7ea72f363d421c608e37141f0e29
SHA1 891c963cb3c26628dcb18db5653eaca5275b0f9e
SHA256 dd6549e0c43acaa44bba371928f96cb02f71440149f6ae4d2e9ad4706cbe2231
SHA512 6a05229fd5e33ccab5b5e4f185395fb77447384c83b2d0ca5379106e3a06296a6e372acf8c3be7b7d1e8046d5b3002ec5c4c4c22ea186fdff828acd2aa5702d5

C:\bonzi\netscape\res\table-remove-column-hover.gif

MD5 f6f8b831f31c8a4081e61403b258d944
SHA1 389daf6bcd0ba84a413dce4aff02ae9800eb1061
SHA256 f19d34969cef9b58e845f4f3630ec3df5a3cc054831f3880c1b68a34afa431d8
SHA512 01bb9b06927083d052b11a76ce147073bc25d7c95308d189dbc5598776f83ba26c22a260450f41c2d18e4c3ec86aa24719a90bdeae1417ebd4b1066b80c8fbab

C:\bonzi\netscape\res\table-remove-column-active.gif

MD5 cdeeb11aaefc565b7e2e6de6c5122adb
SHA1 67c0bbae8ac6dd12cb66621f3539fae6971d91e0
SHA256 1ba095a2abd0fd53efb16480111e199cb06cdc0f7205c73691ce83e302af1c03
SHA512 b123401eaf3d0407638c1e0f3a17d102987b769139d83f2af346d5f5c3a1f16a7aab17bd9c046583542d15fbdcf11d24206a4bdf62885bf87b2aca4ecacb77a9

C:\bonzi\netscape\chrome\classic.manifest

MD5 13089bf20fa0f5a0161947e2ea68ccf9
SHA1 7b118a78b1d2a6dc39e3bbc819e2fec1fa38d064
SHA256 edc130d9baed6516f1b1c268cdcc9fa7f604728da700f4ac73eec32800c5a8a1
SHA512 48e1ab07a1c90b478aa3b6b362f762464c0e002c2c3bff4322a369076539e29046ef9ef83ce8908239d970e5adacca22ea8ebc8a62735c218ded4937074475aa

C:\bonzi\netscape\components\browser.xpt

MD5 1ba3ad31f3c642ef5cefd10f72f8275e
SHA1 876ef9b6e990caa864d344f52d517f5d7c430747
SHA256 eab3322f9c4146cea91f06b25ca8713f087a4ddd0b2b39ad1739c974728c3750
SHA512 efb5489bf619c45ceedc37b98645bd420fa5f7f52a752801268d10c12b079e086ae091e70d8c4a38331fa5d322c8c2d7df49e4eb40b65dc8c9021a900efd58ca

C:\bonzi\netscape\components\FeedWriter.js

MD5 a7206d0b86a66f8d3818f8398a0a72a5
SHA1 fd8adef12b8f73fdde0662a028297244ed4ea9ad
SHA256 0fcae6b535f8af369989cdb3646f63245720d3ad8b10dd15d736b02ee3bfdd26
SHA512 31eab727e151c7ef14f006b78ba0b7b6dc02c55966a388577c55b1a897a2f997cc8870b54840d231cf44c4632420e9373bac9bea0a9458c45c14603af6400b2a

C:\bonzi\netscape\components\FeedProcessor.js

MD5 84d2257da1551d5ebd09fc7bb97d3134
SHA1 4ba59d1389710f004742f67ff154aa4c95294aaf
SHA256 fb879ce16c7382e3a562def28f46c240a86a942aff2cf29b8cdbc779e1644461
SHA512 071340c38074cf019f328476c6026db05e0ab0374a7f8f4122c8ceafda55e2667a7ee35abc41f35a88480890df674edf9add59dd40680efa10fc25c7c356fc24

C:\bonzi\netscape\components\FeedConverter.js

MD5 20f8a15b1e1021dffe52ce936399b849
SHA1 59f59c8d662e59cf960f12864e932b09d28e1f26
SHA256 b23290d66cd0b26375e032d2c6c7578b874e379c6ca8907cf1a7cf122b74efa5
SHA512 4a0f86f0ee4b33c9f6ecb88093f81143fea0f90ad767b06d1440743f22c8d7bbfcf5bf79160add79334f22b17b9a629db77d4983bb6f581ca5356dbfe3746c7d

C:\bonzi\netscape\components\compreg.dat

MD5 f7487c8a3abd34c22ccd8481d08d8199
SHA1 2da738409048fbd3159a4047e5ca272891e4182f
SHA256 213a117f2ee10391a28e75a4e3a9f9a1eb6430b86bb54a982ccb063c7f70ba9f
SHA512 cfaa363b6fb3255335192c43b2362d3b55c0dd3cc2db79f9804debd0ab8c911fb0df50981b5ba960f28fa8fa95eca54f18703e01b09da32c6d1538a15f504a96

C:\bonzi\netscape\components\cache-module.js

MD5 9389b62b97d5620aa4445635e96fdfe6
SHA1 781f260c6b74cc579c7f88029688c8a1728ef6fa
SHA256 1f9fca3df0162b0ebe0179210928f99b9db35bf13741760a56b34261d86d5d15
SHA512 62fbf011fa02674086ca2058f69eab8857f381c3c199e7f7b4045ffbe42374915bfeccabdc305b17b5a8b9539d7a01555d7cf34f978e201a2407aed913580137

C:\bonzi\netscape\chrome\toolkit.manifest

MD5 991394a770c6e55b97cba3cc51e53de2
SHA1 6de9da3b00576f99d746aedd8e5e13da41f174de
SHA256 7d3386c5ddc9ef60e780464f6431614072f12a0bef1a1081e21559daf3c7e503
SHA512 f41ff4eb874abf493833acd3558351529c1fe79acddb04f612d7ab808e92adc93033a2be0cf79cdaefc4708fe78345c2cac0bb7bb583e003fa9adbb6ffd689a6

C:\bonzi\netscape\chrome\toolkit.jar

MD5 0d87ef638abeced11511a63c5731e501
SHA1 4e238a4ccf5f6a349215a242cc1df1d2cf71c49a
SHA256 acd04082faebeaaf75956db33e8c57e4909e6f8822477268835d3bcece15d85b
SHA512 5ab5599c59bcbf9a7638dd3debd12f890776e843d9679a25742a183dd7ae663425a9ebf5e2de012183b2040949335d3ccdc99505fc79346ae7b1b6dd2e121511

C:\bonzi\netscape\chrome\reporter.manifest

MD5 5e0bf4f3dd0617b0b195312bcb7abb62
SHA1 acfb78064edc2999c06eac8b56cd31fd52bbe6d8
SHA256 e7e01f5a59a1e1e4d7c56f40395167d3b14890661b87f5129d57ae5c2b10114a
SHA512 c6e5ff17ed9861ea55d70cf89bd8385b91159c17313cb7fa807aa06b4836d9c12466c6a4d849ff588f745d522242af060575a8d0ed26985d4115297071d59af8

C:\bonzi\netscape\components\jar50.dll

MD5 eb78d8af60119fda6c2e15655e791ea6
SHA1 71dbac8bfc1e839c5dc7c70f84348efb6cc55838
SHA256 caab06ea40310d202a5a44c64221a2f920d4f3a12be6dbcc0a59362c2aca9364
SHA512 45c6e975e7366df1b8bb52e6bef820553f129e251c1a268c4e5014095000107680ddddc06aa0317d864b6c96f49550bb80a4d7fe99abe456f2da15b23841450c

C:\bonzi\netscape\chrome\reporter.jar

MD5 3e2d14577cd76484e53588a18e2376f4
SHA1 9c119cb9d64109a1a56b11ca0fa54e5331e891cb
SHA256 65905b0497281fd57dcda8eb5c47eb41dde577c2d2c40239e0c9d8d383963f33
SHA512 b8cd63fe2522763c3207d89f66a71b07fa8b2e568a3a9f7f55183c7d4aabfc6979aa6ee6e60c507ef1c2b720cc43e817d4dfe193f8df09b3e22f51c32956bb5d

C:\bonzi\netscape\components\nsHelperAppDlg.js

MD5 28493f44f1b16a11978b6a9d4bdecf00
SHA1 4dff589dcc0919b7b14b1acd893fb1f244e994f4
SHA256 9c658cf5f1ee304d441743dc541acbc45ac576e148d32857ea6ec6b43272cc93
SHA512 361c4214bca4bca7c92c9fa1fd6f19c3394bf019b604768c1fd51a3a94a07f9ee87a5c0ae49abce6d1138ee65c9d9d29cba860a617ae09a0b8c7a1c5acf40542

C:\bonzi\netscape\components\nsPostUpdateWin.js

MD5 065761b78f95648f3bef78586a4818a6
SHA1 8148c85d3b659a3b68908c5bc5f4d20a7e2403d2
SHA256 1da4e8e644c645145076e75bc15121761a7e02188cee019d99492e52fec84579
SHA512 9b5d917cd5f27546ebab377ec019a8387d72f1d399789b12fed605ab5d839e2a9fcd2aa7e137e9967c133e31727cbf24c694e87c92eef3cfead027a4316a64fd

C:\bonzi\netscape\components\nsMicrosummaryService.js

MD5 8ac38534b5938307aebb0216328f61a5
SHA1 6dfc0a3fe1cb01ea0efbfa945c6923d97d9c88e4
SHA256 210a3d95a2e83ebc159d968474d4bdf46c91a26353e5e26b735e49ad854debbb
SHA512 e59e6e86c74f3b5ab15c05a0fe9d8264fab3fd7b9b5d569e5f83aa613fdd4e1d29e6fcb6f79129471a869aa218a8d2000ef6a4496636faceafc8d03dfd069098

C:\bonzi\netscape\components\nsExtensionManager.js

MD5 64b4361af9504b0c370ff17478ae5a92
SHA1 a874649072bb1a86d622122a3f61d2d02edb7dc3
SHA256 5503b110f211e94a5c171e563641b77bcf12bc6643131fbc8b73fe08860bc7b1
SHA512 c9fcf51b5b19a8bf8b2e7f45eff02b6b79b8822b2745dcb9e11b86c91071c9f77e62a8fcf3d68a5298a21a763b888e163395394538132d8a82eb4891d8ac8360

C:\bonzi\netscape\components\nsDictionary.js

MD5 0b22332c1cf81bcdd9255d6685d69047
SHA1 98a5472ed96bee490d0520b26824eb7a85ab1e62
SHA256 29a878a841e231390d7a393d694494717094e8a98a7998523a2e61d233af8d18
SHA512 138afdf38ce07ac7f81295a13697cdf1a16d1d6517fa5feb11a6d7ab84c4bb9c4d48ed93e8e74c9e1f308669148c9e0ff436935b29f28e4ded412a617e2cefae

C:\bonzi\netscape\components\nsDefaultCLH.js

MD5 741a764eead0827df6f9734d1f1633ce
SHA1 7f2c38a82e089e84778b6dbc1bc1066ca3dbaeaf
SHA256 df4d5a2d4f82b24c73d71e57c9647bc02286decc704c10df37d393292dcc8660
SHA512 4b74c9680a9bac47afa1a3476b536973c63895ba6a94ef9af4e915ba3d2e58089a14a9f7e87892018293ba1335009a43bc7a5f82312f2c19b717837f8dbbb534

C:\bonzi\netscape\components\nsCloseAllWindows.js

MD5 4f9abffba5d2e45acd75ea2e0505d049
SHA1 1ad99436b0cafafe31907f4754abbd34ff2361b1
SHA256 11f85a992ea0489490f305e7ac05757b5a2a10b8d04fe5ce362c6605b5aeeab7
SHA512 f1c7cb6f1e91dc6ced7ab15a82eb72860672334552fe521d694916ef2a5582280c38d3d40839c24ed52a2702eeb47940ec354997f98c0dfd6c5ca641f0b5cb97

C:\bonzi\netscape\components\nsBrowserGlue.js

MD5 eaec1d6852c10f66a9ab3024ed40860b
SHA1 9996913f95f9ade98363c59821740baefac7eab9
SHA256 3c4ad7e846618277ba373e2173593deac7f9ef0739655b017756a8a43d02bb87
SHA512 28662134ffafe9e5e5f4e56501f4a7f035752b72bf8e96ed248db3a7c8d924fa86a78dfca01e950eb2a8c41d3ec352b94ad44b620ab03fd31969fbb32fec625e

C:\bonzi\netscape\components\nsBrowserContentHandler.js

MD5 f707c6650ef895f4b9246ee1e43f86b3
SHA1 9d1432ab58cdae7f35e91fd24695191554d9a6d9
SHA256 e1e497a942d7a903b6556d511485d76457c7ba2855f897eebe9c0b3734c76b52
SHA512 3b7994420c9fac1f5a44af5b2120f514794e0f21dc45d1b715d326ed46581c954f3b6c4c314db11098e59a17ad48170210b7e53123826c83c9d31145020857bc

C:\bonzi\netscape\components\nsBookmarkTransactionManager.js

MD5 c24c287db46c59c71561c1b1690322b5
SHA1 181ad97c6339d5e32fe2f54e5018a3c5ec5fd35a
SHA256 de39cacd8f59edceacc27b1808bd0dd1508b809f5e65c6522d2261940055d364
SHA512 3a45e6cf727bb20cfe0df6d2958674b3e344e056d6c56c8cce6c2df6438c81cad876fced141e88fa12911c09804582f69ba06657598fbdf882cf797a1df8724c

C:\bonzi\netscape\components\myspell.dll

MD5 08fc5c471d479fdcfbf20b69c0bd0d68
SHA1 b885d66100a04cfb8da0ea2ca0915650bce2b0cf
SHA256 ceaf58967aa34778d5bc35eb5a3bc7df7e61f5daf55bbc411bb50579169a37d4
SHA512 e6c096412a8366e43761c3e360b9bf1313420292ba217ac75a55c4620cce27eea81560d121de5ba49562453c48d423bb7829594cfd46dd9cb73a739da36f60e5

C:\bonzi\netscape\components\linkpad-module.js

MD5 70fecc49fcd20479309d9adc05078830
SHA1 833f0d0f8cb3a0bacb11819c8a7662590006f7f1
SHA256 a3ba21168f4f8b6a828ad0f0ac72aa2f60cfdc541ee7de6ba5fdb86d17ac86a4
SHA512 fe4f1cf24ed680f5a06fc84da6075ffe0d404a2acb6eaf99a353bcc3a28392a393f281ca4cff700ab700aed738417fce7ee35971319157a221ba6eadd5f73b0d

C:\bonzi\netscape\components\jsd3250.dll

MD5 1a6924f35fa615987df6fcb1356a5f82
SHA1 0f964d2be3a471964d8b0e98695085361af0ed02
SHA256 ac6bd5690942ce2a1d9d0396bf3cb07d6657cf4bcf361c541fcc00a884324259
SHA512 7bc030694316895a9fc3919c3d9c14fe77f536f0128ab70bb3e67fd8f9775d5a86e42808e333ab390b924ae45b1c513db1ab3e945451b462f3b3021ce7b4ac36

C:\bonzi\netscape\components\jsconsole-clhandler.js

MD5 0987ed598b945dfa32853c4a30b757df
SHA1 5ba15d5d912aa77e8028b89b65eb1a8756f74f13
SHA256 bdafc44ec1ffc146fa1fa0432cebab3e0180b19e1bca67288a2f7642fa4256a8
SHA512 5c377974c5d193c53b4ad235a80412eea122f26da32d247e6ac6b60034696b2fd54ae8eb2260fd942c66ed94e8cc682e380995a03ce77c7a2d1a5a81e93dc404

C:\bonzi\netscape\chrome\pippki.manifest

MD5 433dbb4921ce78024add72a778754702
SHA1 4608e7571ad013787dcd68f23ae385b29c5691d4
SHA256 c249df4bc8fadcceed1dad278a96d7915af54f0ae97ae0f23fc8eb4175731880
SHA512 59cd550765f633b2a94443c31edc3740053470c4408b31c9b28bae307b27d030a1edaa3c6974eb82fb454704eb0e46286cd454e7401cead18b1694f81bc5344f

C:\bonzi\netscape\chrome\pippki.jar

MD5 9a7d55620c9f1780441fce11a443e402
SHA1 5fb1cba9cf23512bbddb07dda8564798ecb07c72
SHA256 485b27b406a07a19195af81285067919da3e5165747bf01b2f7a90b6527038f8
SHA512 832bb408758b9d803aef5ab175f80242ec10c99405611d5f9ca93d0b40b247d58c3a875f88767c8893f992d2d3ccba1ea205f181ce963f18e61ac7067a7f0ecd

C:\bonzi\netscape\chrome\en-US.manifest

MD5 a9fae4b2673d3754b89c9d3ba508ba47
SHA1 c201a0696a9dc04597da29502bc5252502c2661c
SHA256 b9cdf76c02a0e1f31094e9c61d1eda54a3bf4c287ad95f7df1d4d285de95ca63
SHA512 e0d1a1911653aff992be54d957bb31e5ef62649958a1c06c2e206718208496547bb9ba851414f9fffed8e5b9a8b2f6d3485dc23a69fb92f059998709dc3310ba

C:\bonzi\netscape\chrome\en-US.jar

MD5 4b5e8d0c4a9388ef045c60eb9870fc40
SHA1 6e2c1852aac68ae8240ddbd9f2c8f1f82f6c0f90
SHA256 f6f452c736639acc1bd75a83aeacd10ad0f83af7dcb6e47ce6dd32a26a2a0343
SHA512 85a9a675a245eee03d6a6cbe33f8522a3c8c22f42b70e3ba57dedc7e49670f050f7e4152ec6fef29428b17e765f870d02f097954eeaa634f1583b84c9a22bccd

C:\bonzi\netscape\chrome\comm.manifest

MD5 940eaa4676d333fc76e2c37e7e7e3a85
SHA1 7f4a87a6a08ea398704225a2e5483a98a01cd622
SHA256 28c245f1be3a0865ff3b6898f78c87408a43ea37aa53ee74cb18805c4eddeb58
SHA512 4f233b8b662ed8a4e3aec5c19d3b7ebc479f59b4344c877d97eb4925f25a16e324875e76ee266d653ccc9612b8131cac6bbdefa9e8a74fd1733c3f70961ee247

C:\bonzi\netscape\chrome\comm.jar

MD5 6f1b9ce083df442d2aa5fa03f6cb6f60
SHA1 8afe52d7ec7f49df4a4ebf2f2cbe83005e8dc6c7
SHA256 0ff2af2df6107236531d54f9ad6c81c60b4c66293c910c077a153ebbe66bd2dc
SHA512 d50e70367a706c0f11001e10432ea3564d2294fd6150706ac5b910275ce5d4ef857257bb33bb68a62a6a8616dd91d0b6c072d768e786e4bb77b758357eab1934

C:\bonzi\netscape\chrome\classic.jar

MD5 23624d88c9a71f0c366b7da0c986c74f
SHA1 1fb9c47c58a497974bf142106136c0a3de3d884b
SHA256 55818d24c66b15a04650bc4158068e5d02329a34d1c270fe1d219e2f53086b21
SHA512 025dc050fa19dba690a135adfd1215c306719243e52e3f71f830517e58351381dea614b4cbddfd7c3ea4c397225d2201bf5b52f86b6d33c88eb4a39a9901b367

C:\bonzi\netscape\chrome\browser.manifest

MD5 78f8ac0d911444edd41ee4c91bb6739d
SHA1 66da36d602e7e774043a8b47df762bda13eb0088
SHA256 e94a3fe979e6fbe23ebb0061dec47ffad95e054fe0284ea5f30d544267f409a4
SHA512 8621e082f28ea28fee03fb8e38c9a8df64e1f0dc5046069bdf8d162f06896b83a91f722b338e6f37bd5c0c37d96fa17870b5be2d9bca03fa4954059f893c4f82

C:\bonzi\netscape\chrome\browser.jar

MD5 c8395710f824ec9e881a4d16fd6b98ec
SHA1 f4f873cc1e21d4e52aa4d94b1a74b18c4293be20
SHA256 3e975f38a5d95932bec15dd8180af717a6bf76206aacf937a0dce94251c8a567
SHA512 9a210c79022140f5a24a921a8514407f964444231d62300270f1eba318e2494ee20eae86445c1c9efae6623b57c5c70e04900c5594fac402890a3f5992f44e62

C:\bonzi\netscape\browserconfig.properties

MD5 2071861c3bcc63421c4552ee2bb7adc7
SHA1 c2cf21a40fa560436999987b0e5b03a30cc11892
SHA256 c80fea75a41531da6b48b13419d358a00adaf622849db5024c0dde020e260be7
SHA512 f7e002e839bc691fa70f27ba432be8ab7683548c29a2144292d1de63fc57da4c953a2ab012832e3a475504f64a71c9f735637a967993b611750be4286389d775

C:\bonzi\netscape\AccessibleMarshal.dll

MD5 41d1f3a566f660af54961e766f7b62c0
SHA1 136f8911db5e2260d21be242c12be32b2f39cd36
SHA256 c10e9e5064cebe3da1e5adac75e7c5275a1887c7f26aeda77b977c5e67498f0e
SHA512 c8d05d38dc7bd1e60c6f157e2b9aa7e0312bbdb6efe6da150060695108204907948f4a33976ae2aa4e50110a35db6c9cc83cf20b272643890e1761ecc91f118b

C:\bonzi\netscape\components\nsProxyAutoConfig.js

MD5 08d001dd821413bf330d48fccf57f23e
SHA1 018c35966f308db51095b4eaf4f9ce6392b23b1d
SHA256 827152eb92571cfa3418bf17f5cf43bbabc41bb68ab2eeceae9d5a6fa69901c6
SHA512 e7459bf5f84c4765a316e8e4f51f1acb058563e5c9b610a008719431cd9f55841a695ec08ec708012cba5e5f2c3347d3097e21e1ee1f120f8e53241d9c594c32

C:\bonzi\netscape\components\nsSetDefaultBrowser.js

MD5 f76a9fc9d44334e584164f56fb7b8b62
SHA1 28d5ac9e9faef872bbc5b63d887a4b8c857fe5dd
SHA256 6ebb03c911ac718da5209b39de0e2be4ddf1980a92619d8bd59fec9749e1003e
SHA512 422bfa21f86f10ae87074897730074a4a961e4e0c4f97e90916d8919a5feb223e23ca82a3c74f264fe6384703e3d3ecf30243085e0c87816876a88249ad53d25

C:\bonzi\netscape\components\nsSessionStore.js

MD5 27d623618b9abbd8df69f13c1c2e5e64
SHA1 0fb33087a86393aba5249aa8e7d46b7a8a8b1027
SHA256 f05be03766bba2a9e398ae07e2e67334c3868dbe561af389bb63a139eed6750b
SHA512 62ce28076deec31090ada6cc0be2f48e3c36859fe73518827a2717bf201985ce4999c4f4958f209ecf11c0954067c9ada6198f6bca8614b3932a98c30500e2e5

C:\bonzi\netscape\components\nsSessionStartup.js

MD5 eab9dca528deb7f4dbc8ad6783783d2d
SHA1 a62178387f03d81bbef841ff51b8fd4d7e60b02c
SHA256 42e8cbe65fc237c7ad0ba99578f1ad4909a8a96b723f47cede11b5c4c2072573
SHA512 d82dedc8af687ffb6346490a1b4672b5b445dc07e88ed0209139c464cca36455e97e3597e0ca6a509fd407f74a6f93aa425d0961def492e9b642ecb2b7b67dbb

C:\bonzi\netscape\components\nsSearchSuggestions.js

MD5 5e7e23d649cdb5bbd192964a7eac32fd
SHA1 1f38817febdf3467679f111df7752c45adcdb15c
SHA256 a0f77e8b1102ce024009480c844e64a6dd6222995418f8ab3dce2972b3a6be83
SHA512 b2a2decd596b27488a8db996989341809d1a103cbf01f32416b1204b59b9149a6a2fc16ec2c77f13a54efc7c07b32c60553a820744d776d657747f1f444e2815

C:\bonzi\netscape\components\nsSearchService.js

MD5 27012140c4a8e8ca5c2045b8f5f984ee
SHA1 97c2af3d3dbafacd4b9fa9a0d9a9ecc6835ea9b7
SHA256 cbe5a2e9510a65432c5c5f443d4380d982a2818fa3497db0ae6680d76ff072ff
SHA512 9de498a5c0e7f1277fd5bdca784bf33ae83a2c135e84dbe0c6638861e95aa1a2ca2fe239b94b8adacf34460c129aad066e6f9351e6bc0aff85edcabd88b5b7bf

C:\bonzi\netscape\components\nsSafebrowsingApplication.js

MD5 4691115edd580fb8d21aba64ebce2637
SHA1 97d917e4c9c0b18a5d8be11e6a2cdf2ee9b2c5d8
SHA256 ec1448c500922d7576fd5cb5c804166b0e3328b82bc94de58434f39333e241ef
SHA512 976e96ee9b9ca07212a58ed2e5195fd242830efc48e3cf3925340b6cdb21d374d72495f94ac14b5d9ddfd2ae83fb24daaaa791232682b4ff28bbb2c5d726d05e

C:\bonzi\netscape\components\nsURLFormatter.js

MD5 ad970d1a0bdcedb23fbaf1257a0b26c0
SHA1 6527b1d315f7274c31e63536c169cefe35496239
SHA256 5329211f2ace73dc205b0d9d7cbd3d977c7733edb38b6c8976ae60309d024b8b
SHA512 2f5ff89be14e2caa171d4cebd80552e2c259d9e9f3a993495a415feed0485fe09cc88c5bc8651d25e061d597371dfb1cec4e6080590ab6391180ade5b443f095

C:\bonzi\netscape\components\nsUrlClassifierTable.js

MD5 44c81aeb42187848b0f5dd387cf6f753
SHA1 119be5ac19e88ce09a61411e80441eb813278a8a
SHA256 1f31611ed540a65c9168a38ede5fae3a927eca39f03fb66b8f8e33ed2c7e4fd3
SHA512 8fb9455168e0432b7c582cbb3fd2333a3f5d6360f584d755016233072b3f0262556c7d4a69b87f9bca1484d4a83561da7339e45ba3e3fbc2a25f8a578b0a0b32

C:\bonzi\netscape\components\nsUrlClassifierListManager.js

MD5 ebfe7bfa671f2b663c79948f8b8d6823
SHA1 924ff2a9f72e7d2a5648cbf6f0c7e036a7c9e1d0
SHA256 7c4db11301ed9f1bbb2aacb0f9f75c3597d797e2c3eda4567c96660eea8ec144
SHA512 2184e74a6e4e7bc8f4b2876175f8ead8117acad2c7c386d53985461a4b8aa5c83cb369ff6459499a4361419892d137c30cd7dd3d5474d6214061e89601e0d9d0

C:\bonzi\netscape\components\nsUrlClassifierLib.js

MD5 7e52afdae967a4ed27df43530183a43d
SHA1 0ab9f5ecbfab7f42f4d0f6ad74cff93f449f98d5
SHA256 e07b29cb7a4468b8bf60b5e59819d577fba0fbed976189cff768aca56cbb569a
SHA512 8173047631536acfab539b9f67233af690ed3d5722cc6ee26adcb8567d9df32a578d6eeb2f46557bfe735e164340ba52588c64516bbe33170efc827a1e6b342d

C:\bonzi\netscape\components\nsXmlRpcClient.js

MD5 74413e91807cc66f2209a19d4aea3b37
SHA1 e27a9839280c5ee937e21b3ad2b6e49fe074e325
SHA256 c1374de0451a08a860ea7d2389560036ec0aef3196b6544b4455c8ceec347ded
SHA512 b9847bbfcb7badabed2c3c818e238acb88f30a1fc7a39cc57587319e03d995ace31cd25acdedb399b65932dd9f9a8839375b524d613b4bcf9d84d6e916b22f9b

C:\bonzi\netscape\components\nsSidebar.js

MD5 9948247b0825b1ea4416e76c212aa7df
SHA1 23a1ea3f3cfed840a5154385c05e29a50e8a7bc2
SHA256 47c783b7ac65e98954e4c09f373c0e7462fa4f412bae01647c845fccd47a7cad
SHA512 1d8b3bf1dc2bec9b6b2282fff918459b5fd9c89214864940885d7c8de4e6a8db4201f0b5437f5ae3aea691854fdb33d046f84686f4ff933e2c31048b9973bc7f

C:\bonzi\netscape\components\nsUpdateService.js

MD5 d1a73e0298389c25e91a595e5599f1f0
SHA1 6f80fd6a58ddc87ee25ae3315efe94a4910ac97d
SHA256 4fd9bd4026c5154fc56b7d60f53a99835b0820424963432b184fc496c6ceb65c
SHA512 b132ed63a83be39f822c2cde8f365635a2005b2c03ac2d9b89b5e1d8d28c0355f5abd8b1a61222bce465ce4f9f3cdf1adba68316a9fed270d2bcb4d09e47d082

C:\bonzi\netscape\extensions\[email protected]\install.rdf

MD5 431d865bfdcc0960eec97e72448f0c55
SHA1 194068fcfbf2f6d81e968a4a343064b1dcd8979b
SHA256 ee3a1d0f9b4936be7a9abd49293643ba74ed4d88ea0066d1211963658911accd
SHA512 2a499ad5845b4d3c5848a9b9dc8bbe7a27141b279d4cd03243872dd9e4ac3a77594476dc26cb56b84b302fb22e630081fecfed33827edc7329e22fe5784c0e83

C:\bonzi\netscape\greprefs\xpinstall.js

MD5 eb2ce400f30e5aaea7957379005cd5d3
SHA1 a0a00b69c3450cb5c66b9cc06fb94841c6963875
SHA256 d0e82435e9600d4e881c0cb7db9b1a8cbb4a918529576c892546c0b877754e45
SHA512 a4859a0dd779d234dc0134d6b1e0525324b8f7fccef2de22494e9524e44c6432d7b345537085babd5666bf0647815f9be3caf8281293835db40b91310e76320b

C:\bonzi\netscape\greprefs\security-prefs.js

MD5 53f123fc23f330dd813312147c76de31
SHA1 86f25786d1bd39f31141820bbb729bab33e6c4bc
SHA256 bd197f724de55bde3aba0f961eaa971dfe3bd09ba226ee34e193e82a04e96bf9
SHA512 cd24a704fcd44990087745438aebf248e06cb7dbd95b0079c4ef821a768fbaa3d3c123d046f31dcf2563ac6ce4b7145e769d4473db7f706667a596971e372fe3

C:\bonzi\netscape\greprefs\all.js

MD5 b4a2ee06c41c338066a52ffab8f29e76
SHA1 b475a8227667800d209d665d6cca99f5341bf9cc
SHA256 186741ba1263c9b520eccac62b14c385def76280e82dab337dc3e8418d46dcfa
SHA512 354ea55bf5930fd11b5550afb9ca6f183f6c2644018626d7d0048666c2cf6949b800b11b97f4f70401b804103a429fa443cd40c3dd2a389a1cd322d84613e0f4

C:\bonzi\netscape\freebl3.dll

MD5 b5131a9ce0da9fa658a5ff3bea0d1ca9
SHA1 0b88eb4d003f9641ada07fb248a3f1a6a64297f4
SHA256 4ae900ab6ac0e624051cb0007ccbd229a9c22a69a58c63e5c08701a24a1e64d9
SHA512 b259f0a99514b967fcee249bf6aa061503931f23c439f3e6c6cf8e9c36e5a5abed2d4d22865a4bcbe8ca99a67060e5b9cd330216d01c187305b74bc1489bfb13

C:\bonzi\netscape\freebl3.chk

MD5 b9048692c33fc15f71fe124a1ac34c00
SHA1 4f014a3fd551657206617440dd158c6b3870e5d8
SHA256 a91209959d1f78c3c304ba5d2d4e64fee7d2f311e7e198dceb02516290925af2
SHA512 1ef4aea0fd1ec52061744fcba5479c04575ae246e8ba3dedb643151d12858a80f481a800c3bf3f74e34d21f25020056c8b77e5cf1eb530f3ae311200e7f48408

C:\bonzi\netscape\extensions\[email protected]\install.rdf

MD5 d0319e0e1936fdb42c3a56770aff0eef
SHA1 55761dbb56e8763e9b8f819cc1d51a0bed46a714
SHA256 85e35d76855c30aae9e07f9dbaea16861fabd9eebb4222cf0b733339fb3d6a35
SHA512 fe6e0bc18cf29ed659cfe6df4b0451bd1ec9bc5b3d13323564436f41d819c30021713104ce420a00d6c4f084dcd478476157ca9786b32347eb088e0966ca5076

C:\bonzi\netscape\extensions\[email protected]\chrome.manifest

MD5 9e2e3cdb27116815f259b2d9bcd567a2
SHA1 27a3809db66020521e16cacec8dcfff24333b11c
SHA256 c9d65e0ce3d7fdd0fdc8cce87858c2cc45189d8778daf26afbbf02ea2e3d1f8b
SHA512 7d0f52a03f82ee00ba19fa70024aa8af610b56dd59b8cf2faa334f769a7dcf502c3f3c1ea8fcfd159eef7538d9a27a662f8ffc4393ecce79b89687de10d31559

C:\bonzi\netscape\extensions\[email protected]\chrome\ns9migrator.jar

MD5 f26c61305ecf5692d1c2e192179b6b30
SHA1 27d9e5929a0e769f130f73c25e47f50258913515
SHA256 b04af3d3e68c0254ba02ccebebd223804af2fe2f37c0505dc66edd44f163213f
SHA512 1b13fe01e9457f53c926471be3776820f9042c05549b0b620981f6f321c98a80c617feeaf789178424d6e0caa76bec518e10d8b24fed8437bcdcf2e0f5c8f5a2

C:\bonzi\netscape\extensions\[email protected]\chrome\ns9migrator-en-US.jar

MD5 15a413803fb8c3eecb0465e5d64ff4ae
SHA1 ffa2a75e541f697d71745d80cc20b0ec98a94c2b
SHA256 b20e7e0dbf8b8cd1d3b7608e7c8340330b521d1a6580a9cee8b6d49ce395a164
SHA512 673e8c4f14ed31ba98752cd104a376ec9f5f9234c72735784e48af00bbe9da9b1db2acbdb59e1c207e67d764cf0d2e28f80e1cd2a4f8ad9498999cdb5606c3ca

C:\bonzi\netscape\extensions\[email protected]\install.rdf

MD5 2ef0a4267131641c2e72a4d3f07d5ef6
SHA1 d79c2fc375d97527c49ec333da1355527b3b47a9
SHA256 52af9d35c94d01b83535d846dde0457341cb3affd2086d3973a89f38da0ed7e6
SHA512 94256907b2510bc3505a06252ee0582c79fb9feee9019168808bd8605731f2f3946cc5da17e17fcd7178f5d052408dd8adb7bcee0ea4821ee587abeacdf192ab

C:\bonzi\netscape\extensions\[email protected]\defaults\preferences\inspector.js

MD5 b398099ced09c658a4b156ae25ca397b
SHA1 6264987e2d5733fa1d2e4c18cd92bea04b986479
SHA256 58ca53ad7eef6cda7d018bfeba2029ca7a7b7a8b07ca13cd5be0a3bff9f33fb9
SHA512 648c9c90bececee74373a0f0370a6b61f1b53bb4a9f220a3f4cd8e366d59925c13bbd26513573df89530beed01bdc445418a92ddc3ec315793444204d32f75a4

C:\bonzi\netscape\extensions\[email protected]\components\inspector-cmdline.js

MD5 922c8e14b8b2378b9da216059c091901
SHA1 a01b6cdd2ffa65d3eb3a73790c89ec485fecb0a5
SHA256 77069964afccd28f46d6889153d454b9472ed2161b225bb2bd2ee70119a84081
SHA512 644c6c113598f100ee57a0532eb5277fc6db2c93cd48f0386b8124b3ba667e9ec92b4a036fc5c54b7c06219e32b5d4926e046511ed8f8443d3f92ad50bd1bd8d

C:\bonzi\netscape\extensions\[email protected]\chrome.manifest

MD5 8fcdca80d3692d87ed68f4b993ca124c
SHA1 1af6ace69c021ae851b78027f379d6bfa8d316b4
SHA256 07d100d9460789b4a0974dab9c861bce342c3b5a078df6537851f3b6afa10a3c
SHA512 864af0d2c7fb8020af710e715a15dbe6ae3a26ce36a4eec9335a4494539e5f75c67b5befa41f9dd05017c39cb3f74acb2258850c42f2b6c5d744dcae4619ed36

C:\bonzi\netscape\extensions\[email protected]\chrome\inspector.jar

MD5 90cb2f24267e0120c71ffe6395205ffb
SHA1 a5be679a919247720093950f21209c8093de9647
SHA256 91a9e466ad473f4fe493d1fb5a574e2a59143eacef8eceb0a1d65c918c9276d3
SHA512 2b92d4c276c02f4d63b37e81eaa38069b979100393b5ee10b6fe3a38c26c3ef8f32463d0733b8bf37b9356cfec7d41c7138c22f4ca42b6fdc8fb7129c5475ab1

C:\bonzi\netscape\extensions\[email protected]\chrome\icons\default\winInspectorMain.ico

MD5 d9ddc6869edc574e4210b9001859e8d5
SHA1 0391f94d4da74e29bbe75cfa6cb8d67499ba5eb0
SHA256 fc2b8aa8d1dcbe2893566d8f821f0c4565aa27c0564398fb874dd0de6cea60bd
SHA512 daf29f2d0c3f00ae8601f02ccd48ca43214c2a35a4bf5b4eef519260f15208ae140915e4b0eb35f0bc48f5d57ecc75fdc77eea6ba77ba68454342e50c3ee49f7

C:\bonzi\netscape\dictionaries\en-US.dic

MD5 508a7bf30b716ccf59c662ebb7d910ae
SHA1 ba119761e911604012a348f9c7358822e2f0467c
SHA256 6f90f900a772cc49d96b061c489671e217d68ab9b533bcdb854682631fe4d303
SHA512 e5658db0f04b338f71707fb8b4ac9889335106b993c898ce9082322f711d10d819b3e7839b5b52d6c5c63840fb1533cad1c6598616ca3a17c89e5924bf7ca65e

C:\bonzi\netscape\dictionaries\en-US.aff

MD5 0836da9065e3f2d4d11db79f1759f019
SHA1 66855c47c10d65d92fad5a478460cee71897bc06
SHA256 66db43ec9d39dd0875402a900936edc037936c59ad43e24ca086a1aec75314da
SHA512 c3726e8055ed4342997e3c00e33fe8b44468d60ae39affc576dac21088dd92fdc0d08c027c4e5a314c7b395a1ed7ad2b1706aada40939ab09076df74ff69f688

C:\bonzi\netscape\defaults\profile\search.rdf

MD5 939dcfba9fa92f86bcacb487df9dede1
SHA1 74c89a6c3bb22b3509d86e6e1d428b4a206a3c9c
SHA256 451c4475c6c285da263f91049224c87cf1567c4a7ad6236f3dd52290d65fab16
SHA512 e29940cba038a737335e1be397605930d207bdaebf7324b57da1f4894e4f416d665f33e9eb5adc7daabd166864271c4cc42e824479f2fc9e8c6ba48422a9106a

C:\bonzi\netscape\defaults\profile\prefs.js

MD5 99940ecd258d83b3355ab06fca0ffddb
SHA1 8d94cf5c736408c218bd7e483cea3357124d232f
SHA256 0a9bcb3c03867313418c0a1e97eed0f016a3c37ca56d16793df8df90e2f2a212
SHA512 057432f34bc2daf33eb2d4ea7a182521e4edb39c4229fccb875615d7d42d405a642e09974ee8d59d1bd018e328126ad8e6dab7d6a2b6ee6a77734c7785ea75b0

C:\bonzi\netscape\defaults\profile\mimeTypes.rdf

MD5 6047f42624d9930caa8d651fa94d28f1
SHA1 ebe84276ea707bf822cf6673064a2c3a6de1d22d
SHA256 c9aebb4219a0e86565a9399c14b70219ea4f066464102848010cefc425d72008
SHA512 f9b83f91669152a5ca10c95a9fdd502f6a4f7124c76c0fc1958c781d8b1e09e2b28f27705b390b31af23793ac31a709a6f29d5cb00595b0eb8fbeb33a50aafd9

C:\bonzi\netscape\defaults\profile\localstore.rdf

MD5 ea03cc19c2a3f622fa557cd8ea9da6eb
SHA1 2d8aee4b5cbfb5e1c08f2a4c9af2110bc1262b11
SHA256 f72301be0ecb4ce64e26fb8ee57cf4bea3dc8c8f3830f2fd0c91ae893ab5e592
SHA512 06f6f5bdb6609f0e72291ef82aaf55c035fa1fdc0906debbd7807549d6b61579428585b91ceadcb8aba511ef7a144c9636c6216afedd9753bd26e4e72f49c330

C:\bonzi\netscape\defaults\profile\chrome\userContent-example.css

MD5 d3765c7d2de5626529195007f4b7144a
SHA1 257aab5a68752a4de9375aa50809f3faa8b83b26
SHA256 10cd5c7d7fb1f6f1123893530099888822c6cb8a4a41584534c2d2eba38f5ba9
SHA512 ca8e87d31f8df9fa1f9c46a51aa2960b980949c4e5b360c82297a5ebb3a823f7c63fc8ada7db53f8e7fa25cf409d33d492f573e5ab061ec7659204577f4f0545

C:\bonzi\netscape\defaults\profile\chrome\userChrome-example.css

MD5 4788fdaa51b0a238cb21f5c2877ef06d
SHA1 866b51a43c76c9ee058f7b507791c86e5df8ba5c
SHA256 bbaa6de3247c9d5c9991f8d14b9022491578e603a6b2e2838e760a87c658a719
SHA512 3e628961b1d55dbb795cd08508a3578d2affd8dbcc68a4ba336e0d02dfe069a747cedb05d9093b52c36c21ec9f8e9123055e679caf6f13b2c6d600b4cc5be748

C:\bonzi\netscape\defaults\profile\bookmarks.html

MD5 7ad9a2201434f3b56abfe706bd79d78f
SHA1 e0730e32d407ebe1c716aeb85e4d46a86c9f1e29
SHA256 5720d23c8d052f33acbd334c0b4f4c4a4fef47638b77690f2228615682ee8a3f
SHA512 58c12594d2158608e7993ab11cf879d6587fda9b9ea8fc8d846db7d9f919d2e5f231c5ecbfce24c9c661a98e8db73b6f1eac775d74362b0f9677e45f93738e5c

C:\bonzi\netscape\defaults\pref\firefox.js

MD5 d89f5220181653b77196c74639a5561a
SHA1 8d773d0f4e8eb72cdcc77e112ee075f17fb24a39
SHA256 ea8bea6e0e18f43ae943601756f9e8202a5b24afaccb6a2c2b7cc5d137184988
SHA512 3d893ec0c23e7beaceeb10b7400782f40fa14202437b9cd0e8dece2ec45d32564e128c7bac207493f078a4bb66fe07e24d64bffcbd5b25d8dcd5fd8b4923b8f9

C:\bonzi\netscape\defaults\pref\firefox-l10n.js

MD5 8feb09bb3a23e2f151d664abe960c9f7
SHA1 c02a7c338f5fd78ad56cf842d58fdb55a04112dd
SHA256 6d5ac2568d323ba7d05121afb58c85424d8307355fb16bc6e7e918a069389f3d
SHA512 85eb1ee8b2008e44e056b0b53ac7124c1e303db404876412bd3c4e1552aaab9a1a890608c3017047dfb67aa880ec83ebe829610604d18e547841842b4ec4f2b1

C:\bonzi\netscape\defaults\pref\firefox-branding.js

MD5 25c55ae1428470b8f827ae1535a6d60c
SHA1 d4889ab09d687828a57f433dbb523d52a68750df
SHA256 13a76cace7913c4e1b0c2d7ea2eb9205330f4ae443bb488894eb3f4099e1e9f4
SHA512 8999607218dee26ca9df3b780624fa2319660212514a640480c68eba86319750b8b43499660a8f6c60396e1b3199a4400f88a3a0f17e12d35138b1efb2040cae

C:\bonzi\netscape\defaults\pref\channel-prefs.js

MD5 5b749a30beda3a05f87156e65b97f89c
SHA1 4f9c3cf99891dc318a701a3d3c0570c9061f821e
SHA256 df17dd3fc932c653365ca9e0a8dbff0b1f0e441102dace3cb578ba62a3856b27
SHA512 13ec7744ffb3be6df4b8e0e5c01f2306efe28a4942146a243208fbae0893efbe5bc0db1504c3a9f34eab86b53ae7e7984f67dac18b35e83c5f6e9052be8f171b

C:\bonzi\netscape\defaults\autoconfig\prefcalls.js

MD5 4a87b8ed95918a8a94ace81998529f18
SHA1 7fb3a79e959cf46c613599568be8b93bd647652b
SHA256 375fbd824a7336a51729ae7025a01ea1b31d33e005facef3c8bd55fa742284a2
SHA512 3bc4c3a9bd72334312588765140e01f1df839c3a9c836bdbabd3efbc11c9e203a658f1a551365f447d95ef0c00f715e41ad77f7be8a9ef07c135817a9757ad20

C:\bonzi\netscape\defaults\autoconfig\platform.js

MD5 e3c0b603d8720a81116319d44ee421e6
SHA1 6b7554f4fb3f1a4f22c1b09f0d1e84eb9438450b
SHA256 a319126b701f722a192e0653d2698b8d855e43d56153069ad1255879a0affcb7
SHA512 b398fc5f36d54ac60f6487bf950298c03ba9a01821164973c1b999d4d63b280e2271749be803bdfb9593642b79fbf6a8546eb15684b1496bf0432deab21afa6f

C:\bonzi\netscape\components\xpti.dat

MD5 807084072a4a43fe7068cf8cc9e5b6fe
SHA1 2da384c3c4da778604d2983a492674f55cffc934
SHA256 3cca77f42e7c5c2f843b819c1afa34f3e2836b7c19e39e7878b78692ead57904
SHA512 0fe1409e09a471830f2b6f54bb6f70b674b367a9f995b850994036b76e42c0085be939a66d746b46d5b322d1557f83d3597d19b1b866e2af2b264178b2c66a6f

C:\bonzi\netscape\components\xpinstal.dll

MD5 fde7dce307297e73f31b3dbf8280087d
SHA1 fa7b21e7d07bfdb87806763d0b5c95d1dbd3c9f4
SHA256 63fd849eecbf81005b50a1b0ac0a90b4b98b387a470df90dcf808c311afe5921
SHA512 a7e5d7ff91e733ea7c157255e300546d455b138c3db2e9bc3047b9c1181b98e504bd40c1b043c95290aef0377dbcb7e911feb5a653af1049d84ba88f5d80c33c

C:\bonzi\netscape\components\WebContentConverter.js

MD5 9b72a8b155a1b5d9f58f5d908a6f1cef
SHA1 7a9da43bd02f63095417891fb64bd9516d549d11
SHA256 48f5089af788fc3c9b8bb956ef8fb78353d0e217c24d680c1bb158670cece404
SHA512 74ff99fe2c307f6d8f399a5a964d8763d546cfc2d1cdaefe415e80a0d1745d5a7277651736d350b6dbc01d28a78d60af467accdf4892b69f554307a8f5788d34

C:\bonzi\netscape\components\splash.js

MD5 581e95ccaf7f7b76d9eba0e9f3405ae2
SHA1 1cc422c592345b6dd13a8b0fbc46ecb3d6985270
SHA256 7559901b6b9fcfb59ab384c890a775a124f349aaa139b6895aa6f5a5e66514c1
SHA512 e0c68c199abe96997d15462f6a5d0008c65c2b938a70fb5053663f87d63984f331f93d9ddeca78d0e5a958fca21d8c558c548a91b4074966dfabf4614d616edf

C:\bonzi\netscape\components\spellchk.dll

MD5 f87cd56a00963d60a12846b2a0e09c6a
SHA1 f8e4dab59b0c09f64b29260259cf5a0c4e304ae2
SHA256 baf98ed31a1da2e86a52de675587c850fd47846f9c84b49782a5362f4a1daddf
SHA512 49307387d2d2cf3e663719b527b7a7106e9b436b7e30e02563a5c528146155c40195c7ce0099b57553ea98d22bdb9e94d6b68501a15db883dc02757e852a2fe5

C:\bonzi\netscape\js3250.dll

MD5 3b808914db411389d9ecbdcb4fa1c1bb
SHA1 5deb6c3f5472136a5f5bfc5a499b8e5615ec6333
SHA256 2b6a59c020e48a2308587d773607da0fb3d94f79af0eacffa47cfeff10acdce8
SHA512 d5647258bdf0aa3f7701ea26895b9af6533e679572a608fc8440f6706898738335903f31eb68d95417e0c23ef292733922557b6ce001a6cdc4e6f4f7d15b58ba

C:\bonzi\netscape\LICENSE

MD5 48ff35a6e75247e702019cddd0eacc21
SHA1 870b3816420f898f42dfd450ada2b12934b5c7db
SHA256 c2aa7d58cebd24cb877bbf11d6b13a4bb7cd08b9d7db5d3037ca06c46bf4cfd8
SHA512 3879fc8ddb55e2ef7ee2c9c01a1bca80c3306f52dd14b1f9949d8d16f8f7b970a9650f76eb000e91571cb09eefccc11cef482a41cb31bc0b00b17e4997e321a3

C:\bonzi\netscape\msvcr71.dll

MD5 86f1895ae8c5e8b17d99ece768a70732
SHA1 d5502a1d00787d68f548ddeebbde1eca5e2b38ca
SHA256 8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
SHA512 3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da

C:\bonzi\netscape\msvcp71.dll

MD5 561fa2abb31dfa8fab762145f81667c2
SHA1 c8ccb04eedac821a13fae314a2435192860c72b8
SHA256 df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b
SHA512 7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43

C:\bonzi\netscape\navigator.exe

MD5 ac9cdd36906387f84557acddb219f405
SHA1 2539465a3c843d70615810afc7bccb7a5929e096
SHA256 b529c4308f6c2ffefa022bb8b4c1456778f3a15bc0634cb109436a72fa5b3aff
SHA512 0204726358b6a319c1c3cae7f6c67e415139fe2c99169de6bcec6029bae3299601b8d01fe804410448863361680fc74e0939bc2d91ab14adb889623c592e4250

C:\bonzi\netscape\nss3.dll

MD5 8d0ab55e35866b45f65768a7a9c86f53
SHA1 d67c6cafcc35b6186b65e796b50ac3f6312fc43f
SHA256 259db1e89f9e87e7f6711d475abb3d9ad964f42be4cadd918f18502c0e4c0041
SHA512 57de0a4e4e0db6735f91524b18519970732b3adc7d15216c38cec0c8323286568f8dfad6cdfb54b148351523507ac845d78605d27cdd7d861955b7ca9abf70a8

C:\bonzi\netscape\nspr4.dll

MD5 bb39bd7ae471f9ed12bf9cc8457496c1
SHA1 d8e2f023fdf0eaa75eb776907747013d0879696a
SHA256 43d1f30fc2b47e4ec0f69a6410dc6e870ee4601b2abb88aa5a7852bc2530a97a
SHA512 9fd2a8fa2e70827a4172c499c42740b7cd70c47a8a819334e78bb02929694ff49433b1687cd1506dfb70a2d644eff2fdc7ac75c8c1d6b2a9b87959402e482e80

C:\bonzi\netscape\old-homepage-default.properties

MD5 774ae4f0f3a74d0806392e37756e4e33
SHA1 a9067e6b1e57b01d901f48766fe3266e76180523
SHA256 407aecd0255e0492d3839a0f936e4ff55e5ed21efeb7be518ad3adb95f98fdb8
SHA512 94fb88cf1242b1281f8bb4de888a965e53bd7f00dff272cc215b2fc66bb719732a5fb601e51e267ec721541980ff94a04252e626fe7a0528aeb728fa0cab8436

C:\bonzi\netscape\nssckbi.dll

MD5 ac325a321a53d920e99f787577c51369
SHA1 19993a9b67ec17c3fa1ae2a0170d6409e42d5c32
SHA256 b7e96e63ac4b1b6dbe6fe2c1562032d5f99e3256c515edcc1b2054dcd7edc769
SHA512 f9d26f35f8a2a479bf15beaf210e2fb35269907f11cac7d305fe20666efcc350e22d283d99a587da747cda78260a71e48aab94fbded4d77401491a3c4af49a7b

C:\bonzi\netscape\res\svg.css

MD5 0386adbf839e5e72336f780838965ed4
SHA1 9ee5e21be98e1c24a2b84780a13726104ccfa7a1
SHA256 3ac1f6e45e7f599ebac6f6658053231f2769da73360405d5bfeaa0317c1ac319
SHA512 0cafee434c9c84647be4bd04279b34bbad533cfab916277a20668c20acadec232366e6b4b53a67b778f1a677ca2f94e1a2f6202180b6cdeaf45095371ab54ec9

C:\bonzi\netscape\res\table-add-row-before-hover.gif

MD5 3effbb21fc1ce4a3541ff129e61b6360
SHA1 226b23cd455176340c8c72f21481d6fa0ba438c7
SHA256 82d2c0c94973797f588c41cb17f5965d2979d42032b87a74a66b19b4ca881722
SHA512 e5e381b2ebcde5ca014634f44ec0463ad7a4ef44098c856e23c112dc84d62f25750fe4a22428617543bcd89424ea8b0e22525ecd11b98ecb49f06eeab846add0

C:\bonzi\netscape\res\table-add-row-before-active.gif

MD5 e5fcf51b2ccb0d92f90b2ea04e3f234a
SHA1 edd33b631007828da2f369e2c53460075dcfcc45
SHA256 faf9ee17f3da733b3553b18d51988e1acd888dd0f6cb1812f4601defc504ffa9
SHA512 2fbdb6b5e64fa3430f18bb3adaf6433ebef16fe85f35152be119f22a221b0f1258e776c719ff1843d98bcedeb2f469cb514d19757e4bd2742eb14fa977555bb3

C:\bonzi\netscape\res\table-add-row-after.gif

MD5 86ea7058408e6573f06e35a22c381e5b
SHA1 9f55167f4843d25452419ad8b6856c491a7919d5
SHA256 4314043ba7acd3ff7d7b068c01039306a6162a706ed9e74ecb4ff9f81512b726
SHA512 b20a349a6d9b652b0a1b6932c7c8664736927b34529c44ccf2d4959d5b4a08c16b0ae568dde8417b0a4859eab54da3488b80abdeae4cacb33578065250c3e78f

C:\bonzi\netscape\res\table-add-row-after-hover.gif

MD5 73d91177fe9ee5a7d6f27f950fdaed06
SHA1 6cd76a918b50021f3baf7d0f535f1e7588232f52
SHA256 7f95f83b24a702e701808d2d294827c37a260c4cab54970d8a89cffca311aa3a
SHA512 2b03039a595bcf8e3569888682c016f599bbde90ae1db9b4abd0f5369cb388f3b71458e0f8b341dcc24faf7306c161eb937904c4b21a98628d3dda66afc14758

C:\bonzi\netscape\res\table-add-row-after-active.gif

MD5 2118b374a6a662950d0bdf4a3aa31188
SHA1 86c13feda9879e0bb9ed9c38766a599192cf4880
SHA256 3ac7a99ad807a3d329a8570dd2d9f35dc693409b80a52a76422ad30ea0747ea8
SHA512 73e81d0470a1fb0c6fd50acfc0a41dd1055ae7ce1a491fb82e503277665fa68f01bc80cb1239f1482bc434392e2e45641e96f3f83cfd2412590f640f3e5e89b5

C:\bonzi\netscape\res\table-add-column-before.gif

MD5 2915b1ccccef8f1b4efe358744fc4a35
SHA1 d07472295c783f52842c727abe8e568bde27bc58
SHA256 7aa10dc5f73e868a1cc4790fc4c0de63f7c8be43d9557b5e3a63089fc576aefe
SHA512 6c5831a948c9f56c505b82504541d99b46c0baf475717f4629b12fac39f09ed47ea12bf8b8a2a6d8cc354aa49d573f4a0d50feaf78a4215a9919f0399a089195

C:\bonzi\netscape\res\table-add-column-before-hover.gif

MD5 db5b629893e402162b24764d509337de
SHA1 6aa75faf4e9d7ce0c743d9f014d1349822efd64d
SHA256 ee08fb30bbf7a2bc1fa0351276c18d87315f43d1dcd6e721a076c7f4850d8576
SHA512 85ae25cf42e6acd82339d9e34792d7b9de16d38ab08e424beca0dd3129b64006a957074e3599b14402bf65a11f43f43e27023215c230fa2cff32be5f896d51fc

C:\bonzi\netscape\res\table-add-column-before-active.gif

MD5 def8fece8fc888b90526e51828080b71
SHA1 a1e2ab1b77101c28e2ce585f0d49528466318a22
SHA256 0b308aed38c132e3a6233bf1107454102dc1e47a6b44db3630634f177223e950
SHA512 c8c63fc13388b03c3a92779a46f8a71a7a785f2cbafa17bb212430cbe29cfabc5dc38453c6ca170a950d165c6aa51a5c2ac5768b8d3746b1c26609aadd3ce9ff

C:\bonzi\netscape\res\table-add-column-after.gif

MD5 feff9eba20bc5ffc063c0b659ddfecfa
SHA1 bffa6ac37f2d6aa9f030e7b428bc5ca5ca55218b
SHA256 c4a26dfcdf51f779b80ac85fc417f9c71bfb4544da6fde889de6180db5ea1b32
SHA512 09d5f9f1944554fc245d69625dfc5d98417b953ae3233ec48b580a1efa999d7a8ecd84289f285df5606ec544996297a22a0e1e58ffaf9fcb4e7517c8c4ab009e

C:\bonzi\netscape\res\table-add-column-after-hover.gif

MD5 0c57685fbbd85c5eb8aa186019576972
SHA1 33675f50d10cbf4e7de38068a8c35692aa1de8be
SHA256 5b25b7884bf6be16aa6cf99875ceecf33c40d03c9f3cfec30625b8ad17bfdb5c
SHA512 6173d16da9ee4f8808df8ecd99d9acb147e09fd0071b311ee80f38409e92bf9d07c936d501d893f9c21279ebcdfc2dda07a8eed42f65cc4b056dded440bf8c1a

C:\bonzi\netscape\res\table-add-column-after-active.gif

MD5 59952869546acb264ef0a38bbb76a202
SHA1 24897012bc14cac8aa27b32f5c3cae0a398f4f18
SHA256 662da38b7e6626e561a9659da9f71662ab125dae60f07e099b5bdfce6c85ca72
SHA512 2fd72303f1e3168d525ffa4984e29302cc5529197a0f71ea79c0c42aad39645a3af47865b240ca9b3be3129431581d1ffda37c9059b7e508438a837d59a8bade

C:\bonzi\netscape\res\quirk.css

MD5 79959b19373efb260456c42e0d176068
SHA1 e4c09185d7d6b9e0a08abb5ba828bdb8e59223a0
SHA256 ebd1a3ba548d222825d6500879a656f125e71084382c9067d1322fbad4d57467
SHA512 c312306889ce7299d11c2be52e144893ff8b93b7e989f8de95f8cb39baac54ffe7c0f6a0624c63079c0e06d93dc91978be69c1258f3276d4f11bc95227552896

C:\bonzi\netscape\res\mathml.css

MD5 3fa9013a72e4119b37d01fddc304b503
SHA1 17a5e859ba84ebd46af094589eb7962e267c8d91
SHA256 9a113001b65bd4f0ac3c4d22158e34f0dc393f28bfc1e5fbb2ac0eaeebcb8582
SHA512 288831bd11c1f73c4a79fef31fb77e6181a81a4d810c22aae50b57e371114a69981ca0f2ca52c0972eb4bfbe30500106f101ed4aa237d671504b7d71e144a684

C:\bonzi\netscape\res\loading-image.gif

MD5 e41b2867558df65d6a42a0b53a7c2faf
SHA1 c2efd93d1244801f190b61091e3b180bda94e945
SHA256 a6b9b27eb70773a93a78e32119ef43f1cc67cccfb674400b31dd7aa0d2759507
SHA512 83420801c707e093012b66439b17cefae361c7e3c368e05439a202dda9ac463f0fc526786a8ee5c8ef6668f1439f9a3fd28f23dc308b5266d020cbefb8e7a926

C:\bonzi\netscape\res\language.properties

MD5 71f8d87b1463453a1fcba65985438790
SHA1 594976f3906f91f2a1a2199f43e396f63e8ff6d9
SHA256 d90c0946e1382129801260711b90858187c27026a69b3f5612e0cfe60244e146
SHA512 d627e1d96099d867eea62dfd2e5dc6f83254c19b53177c5e15de7f3a1c8b9b10ae28068f5ac65ceaf8446b3decd4a659a0606eec5d26fba48e1568e3a3579bce

C:\bonzi\netscape\res\langGroups.properties

MD5 5a20252eb148d137feaf841d456b8a66
SHA1 57833f48db56bd70bf538c424f6c5719fbbc7437
SHA256 25a8862d429351845e093a5acf8f37b77e3823b7f32e37d2cd5fc021ab85bfa3
SHA512 a95f1876d22dd6b9df24ca0e80f40867b37a2884259892cb941ba3c225ef7b306e7185dd19827b3f464973efb5c96a2aec1582c8804548ccac930bd67b3404ef

C:\bonzi\netscape\res\html.css

MD5 7307c19745455b4321b977e531a3debe
SHA1 ab28c3de505bfdab6f2b549fba85549bf6ddd154
SHA256 01392ec8fc14f1ba2cc821ff7e67f2550729557fa125376ee15584b56485605f
SHA512 fc67f2fd32048ee5ad5396fa9c372bd5b1b13881ee4c5fc21620a97fb9fd0758d4da7262b7a179e383bfef91a9003b770c5be1df51957a22a7308932be3594a0

C:\bonzi\netscape\res\html\gopher-unknown.gif

MD5 471f7aaef12fa84ec56afbf28c44ba05
SHA1 e7bab56e2f3fb9efd9a5fa542579fe1e96b59e4b
SHA256 51d1f020c168a650973e9e84f4dfcee2f1c6cab84b6fe721d24565bfbc8efef0
SHA512 de9c1a4d0714d06f175ba388bb761b3a957f6c0f5e28f405dbedcf0def58c4810727b295197f8591e2a2ff72943436055c59e1b17c431b5ad5992fa07709e68e

C:\bonzi\netscape\res\html\gopher-text.gif

MD5 ca091587f135c792890a714df83f7464
SHA1 5d7630f05e8f04af6bb53efd8e106e8401395593
SHA256 16dab52c085bf7efc5b11c05f323864bf14b67004c78d964695abc0f7c4789ad
SHA512 507042ba6072cb958a76a7e4568a367c8dce66d8a2cab97cb82605997017b4803e36a7c361b2ea34ef1d6b51a81cd8b8b3bfbe8d872a614dc8be2a8acaf207f7

C:\bonzi\netscape\res\html\gopher-telnet.gif

MD5 152f38b3bdfa36be6e424d6870fb7687
SHA1 3b458b1d126f5abf1e009ce0e8efc56447c25d8d
SHA256 90fe4aa24d8cb14d82afa5044b667fab647d4476e8ee9b24f3b4d727eb8baacd
SHA512 485577185789cb15cb24f3f7ea1153866b6a5252f4adcca7f788cf03e7e8338422ad4ae66709cf2b948ba9f161a4723e334cc70be0a5ba8c4fdc8cea73b910d4

C:\bonzi\netscape\res\html\gopher-movie.gif

MD5 fb4779eea87a41f19e0fb21fd8718779
SHA1 96e673799c87380573ac9ced1c9d01912a3bcf25
SHA256 e644b3f76081c2d96951805b038f2948f96b866193e1c4bd1a157f270b866bf1
SHA512 a0485c61656be0d2562c48ba807cda02e1aa27aac518b8d629307b49ccafa26ae79f7c63fffecc0c70a63cf6674fc4d1d5f1baf687418b43ca6b8a17d7b9d925

C:\bonzi\netscape\res\html\gopher-menu.gif

MD5 7c2f66288e1c62c766b6b68878a4fd4a
SHA1 e531cccd1d996ccddec0a274e384ae87bd1fc35d
SHA256 23de0d6e469bdd1ec125a759be134eac2f878b06d04bb3228699e92a429a3bf4
SHA512 4434c8ee638c40e42762e821e2ba29288b114f3f844e45724d7f2f28a4bcc28708e1c0e48e5af8010aabff7d587696a8d45b3edf7da6f370e67ca4734f1e20d3

C:\bonzi\netscape\res\html\gopher-image.gif

MD5 2734f280b5cc8219706db1bda4564cbb
SHA1 56e5482b03daf814a75593e35111ea763244f77b
SHA256 092e6f42f3863dc67badc9f151aa5969e04a6d46380d052624e5e914cfcbf8d6
SHA512 7558e7fd866ba7845f349b3431e60e51d8c605a81e043a421d171cb932172f33f6ddeeb0d6713fd667ce1c1ea4fb4657073f3114f403e2841f98a82e6476097b

C:\bonzi\netscape\res\html\gopher-find.gif

MD5 2f847301ecc366bd4c24c93057be436d
SHA1 88ccb29c6fcaed2e779762e1984dbc0aeb49d1f2
SHA256 766d25e4d59ec5e532c9e02e088dbf239217ca7721a02b38a33242567bcbec22
SHA512 3949f23ec586500390803912edfcbdfb8e2ca5cbd5e314e001d8f8abfe045acaa59095e43bf95aeba96523decb28034cbe0d06c98d446b8471060f73701984ee

C:\bonzi\netscape\res\html\gopher-binary.gif

MD5 7544430afba18e7d21927bcfe6337378
SHA1 6e8236587844a0c2896a91c0d52bf28b064025c7
SHA256 9475985417ca221151e350c6d1085a5a0ec8a06373f1c435685afa4d53544882
SHA512 0478851bef9d6d5c73a19013c01fe8d344574af93369ba2b14f7ac6f4b9ec848c0ad5523da00b79d2728f7465cb42c742f0a0b6a0b6bc44ead368be258ed7e3f

C:\bonzi\netscape\res\hiddenWindow.html

MD5 0c016c31bf6369424576eb280c105866
SHA1 e3345fb059be0a17fec9f212f97eace0fe4ae119
SHA256 f3683ebdfe930d58f109e402c188eee2f13ec52640d20ef07bd238f6f72ba457
SHA512 d9bd1d20f690165f3f79f7515afdc97aa5275c4abead33919b30856284c0bd395c718e5dd1ddf73e3170b89a1f088ed7b1e3828828b546b45569de83be7acbd3

C:\bonzi\netscape\res\grabber.gif

MD5 ccf39b06aa3282d0a1f9e7582418583d
SHA1 c0b32c82d1580b7c9a6fde4eded9612530d284c9
SHA256 f281e4469914b472b2371fd402e02dca347577b7803ca1ae99fa1beee5ae85a0
SHA512 086f1bb76afe867e5713d71a3979656afe4ff5d1f68952f2209f2e000b72566f4163f522cd1e9e7eaccd789d69f48718b6601959e4c4d78df8f8926bc7f030fb

C:\bonzi\netscape\res\forms.css

MD5 43c717453b00dba083428b8e3583b588
SHA1 7554be160c70d44b0d116ae80be38e9624a87e0f
SHA256 6de94bf45ee501dffd9fcff3f4fcdfd85e2452cdbce630813381bfff77f777d5
SHA512 4e0ed98beb249633a670f496601342d695d368deb9dfe3d961f4d16d1cccf208183ade074fe44d932ae7e77088215604055d0fd14fff3a4597cf145302189d9a

C:\bonzi\netscape\res\fonts\mathfontSymbol.properties

MD5 5774e479d17be06d4d629e5f2c990917
SHA1 15ef907d9b07a06936a068406f46869000938f8b
SHA256 cb8a5ac1ba0376619a665cb1eae2befdb882e0c4b02c5e91c5d692183af85c00
SHA512 c1c0c8e8546d684ed22624298357cbf6e3e67ed544ba8ede579b54e4f8e2fb43c44e19add29e4083aa126b590fa7fd8c3b40e398bc4f11ca94753bec8c819c6a

C:\bonzi\netscape\res\fonts\mathfontPUA.properties

MD5 aab137523a6878f21cd3121f8f734835
SHA1 7dd64660e4dfb5b64f84b4eea0b9e5b45109e782
SHA256 b4ec1d7da983f096879f456cd038efee14db2651a62496dde5f35a94cf195e49
SHA512 d3041c35a79d68bfd5921f0e58ad5772dcb305b409a48e96352d08b6dc8a75d17f529fead9ad0b354fff9ed996c3c5d5c1f04ef6f7d41966e55eddf7dad89b05

C:\bonzi\netscape\res\fonts\mathfontMTExtra.properties

MD5 52c66e82fc4b374580e8c94594984b1e
SHA1 379319767f7ee6f37eb252bb97a486fda5eeab96
SHA256 f979886cbb93cf5e9595595e90e85f28d19c7fdd9bd051f98c80aa33c8f1a837
SHA512 76d6dbc0800ae7e51f6fcb087bcf279269b8b9a8457b89fc3d9a2bb11bc31674fdcf91a60dd68764263d84fe8e85e3f0a0f242392377e092943325340de4fdc8

C:\bonzi\netscape\res\fonts\mathfontMath4.properties

MD5 a297dcdfa13b114f18aec9412e5c0d1e
SHA1 ab3fec46481498830b4090d1b2705786279faf09
SHA256 d0d3965afc01ee6b857368118a87594bd25c4474c3054f65dc3b7ed72dc5a331
SHA512 ca7eb52530838577a21e92198797daaf07dd70ca4a457ec2b92241b63edc7f75a065e74f6c63968e0cc0b8ef1ee568fa81e023928da102e92b7dc4ee18d03623

C:\bonzi\netscape\res\fonts\mathfontMath2.properties

MD5 60b00f7f15888c2876a8162bb3397ec1
SHA1 777a9e2335d48c8e05c07b137c9f311f955b9d13
SHA256 cbead106f2580f6f968b616a64d313ec212a637e4a6cf6a32663db9dbbc7d7af
SHA512 deb09dfa5ed02ada843f9087cfddf68daa3ddcda9a094b346444bdc71809b9b4ca474935fb04f02f2c61e145e806c478115f773703b4df0853210e20b8f7ac95

C:\bonzi\netscape\res\fonts\mathfontMath1.properties

MD5 aff124d60ab1da137f4ddb4e1584b9e3
SHA1 ded83a18becb99ad83abe468133ca2e5d6750857
SHA256 e9fbdaf5846b1971d3da2c7c35577001a6519081a64ed01aca0d75abb44d2776
SHA512 04ed018c709107093ea8d215214c0111d1d6e372c67862f023cfaee9abf356b506d024ef5accb389bc230a5728637dbf0109b8881c3b55dd07fc1ff152ec37e0

C:\bonzi\netscape\res\fonts\mathfontCMSY10.properties

MD5 6fff89e0fc68e2069e67b0ffbff7c6fa
SHA1 395f101eae1ac4a9cc3bd4c2a4962abb26961b02
SHA256 6c9e23e083f1115d7d3fe980e533ff99d4fa10fc2a14416163b0e1240e894ab9
SHA512 c6729f11747f19353eccf66f6043c7d8fd24ade79cf6f386353adc98064db213ff93b4667c961f4ab1eaa20ca4865d1427d01b7f9d5533670632d57d15927fef

C:\bonzi\netscape\res\fonts\mathfontCMEX10.properties

MD5 205040f1b617deca1e07fba15ecd2956
SHA1 f3a882bddac5251b9dc47ee1d2ec19d0740609b2
SHA256 6bc5ec5392d0827f1f2114cf55e7e58d4abf264877c94023f805fa2612fe7929
SHA512 0eac2e58890d76b1dce0299610b5dbdd6c1aeca3e0f40f5442871a617ab2f0ee736a0577e979b077f8514f91046bd84f9e04910b261ab859b7814f2375a724c0

C:\bonzi\netscape\res\fonts\mathfont.properties

MD5 103cd89121716cf5bdee228d85b0a75d
SHA1 09ac1bdc994301bf823979d57f994f91c1551bce
SHA256 f14766853f3a90b12fe3ee53b0e592acb0701dbb5188a9607e1a8cc249ebd123
SHA512 92f74d433ebcfb70b0120d4fa2b9579bc7a53cc454538be99b66138870d517cbc8353875d6b36a75f084fab523d6294cf0c6d7bd171e194222c1aa17b0c0c4cf

C:\bonzi\netscape\res\fonts\fontNameMap.properties

MD5 e709dd8864ef5f69357ebd67c241bf52
SHA1 7196c56e88656704556c2e131f4079dd57785e43
SHA256 26b038fb327c518a770db81fe92dcc462f046c5792b17950fb30eb55d0f3b12c
SHA512 e7359ff37c39e2c085301c8e87f60d31f381191430ad29ec7429d0250ab3f8210c203065d1ef7ff38e9c58083550c8d9b057ba69b7d8d09df0368fca938ae610

C:\bonzi\netscape\res\fonts\fontEncoding.properties

MD5 31e490b3dfc2699c8688e080234691cb
SHA1 e8847c6b598b8e4e1ec6fc5b392ad119a0ad5b98
SHA256 809c0a9b3fc1df5d9883d69566d264c4c9620187e62019ea58b2355caea04201
SHA512 cf8e0485539296ddf955d2199df4b7a59eb4dc8373f48bb19b07eddb2d82418a206684301cbacc7be0c6c987d3e85cd9ad293336b899e4fd3bf1cb085cf67fb5

C:\bonzi\netscape\res\entityTables\transliterate.properties

MD5 1dba3d8d7921c78d10861e451b1ccad8
SHA1 c4c48f26418aeb4bbf26c309d8c797e107a07fb2
SHA256 665c9b0f62315fa40a13ab0d92a6d7b113bc83331536f7dbafaac3ef167c0ea9
SHA512 05c52c7a993c82f2564a668fdaf681958abc473e99b174fa77f1819bc30595a5a0dc7b713c04493c2b17d8a881359907e905e1faab32f52de73c659fe657345d

C:\bonzi\netscape\res\entityTables\mathml20.properties

MD5 69328a3f978e27edf755a5a81332de3f
SHA1 1fb4bb5c6d92f1283bc3958013d45ab0bb199251
SHA256 3f2e7fb01499b64f74fbb4375efa841ea750358b669f5741cfab415b5e7761fd
SHA512 ebdbaa1c941ac894722c4ad86d6ad25079b1c11d6866bc5a2e9c9ead6a7d32bcaa26b911c39ab693fbb60a69ddbbe197fc50a94b726bbe3c961e121666d60430

C:\bonzi\netscape\res\entityTables\htmlEntityVersions.properties

MD5 435964b8ff8ea502582e163172151c1a
SHA1 177481c2b5ce5618a40d6fc8c6d61e3eea492d76
SHA256 ab8bf8597577462ee2356d6ed647267dc881e596600a0605a834b8b61166d4ac
SHA512 be86de0afc4136f3d9e98040695050552c6e27ccc6a0ede517de1f208c40e31c8590ae5bc71c23320021453ed9e1466964b86111f922a5ec8707d612a67f4987

C:\bonzi\netscape\res\entityTables\html40Symbols.properties

MD5 710ac52b998e1711e516320c0adcfc85
SHA1 374927a30f80ba9ee2a005b6f31182c5b19c0404
SHA256 be0cf2d866828cd4011e597db57e2183bb61ca5139cdba7390a3bcede4604bb5
SHA512 5270d8dcbd9c6a56c46396c1db1855c61c1c6ac459a5e8f01c3753e7a3e8bd25854139487881082a727975006b178b92e0480665eac2c64e28da580129602ab1

C:\bonzi\netscape\res\entityTables\html40Special.properties

MD5 4a451270086e7a7ec3ab34946922bace
SHA1 59b7eb9d49626e5b6daf102e4cbd70d889df63e3
SHA256 3b2a1670bf5858c1a357b4a06a5f8e01078fe8cb010b4ce50297da615bc34180
SHA512 3977e4d6ab94a95373effc47d3cb78e263c5cf1267c222177621dd9af33e020619b6ab087490a32061d5f842a6b298acf0abf8c5a1eaed37a88c46beb953b8e9

C:\bonzi\netscape\res\entityTables\html40Latin1.properties

MD5 4ba94eac1147dd9ad4b427351b744775
SHA1 532df7db5f7f0e656cb79007edd48fb117836825
SHA256 23966db1054a2e3241d2c65b093825588f2e42ffcdcd9dcde72dc01a5c7aa7ef
SHA512 2a7cb38e91bba7641221b1327e9876475e9d79027902a46cb769b6be301c180529e317d692843295cf4e8f3450a231287412d5ab404810fcfa31bd22b9f6e0d9

C:\bonzi\netscape\res\EditorOverride.css

MD5 4b3b5ad0b17c566819a88d54026b52fd
SHA1 86d748c1a251e8fc0df91ce3f3a8c3f8994b063f
SHA256 4eca3b7360e2d917b9c6c626f9bf5aafdd5eec1d296146baab32d1f3b00d7a53
SHA512 c883aa074075eb6a8ca3139f28e37b4f82015e2cc8549ae8ce493a414a56de74befde72df5607a88315ea9b85abc445fa65ede230e7016be32c68c1e2c09a5fe

C:\bonzi\netscape\res\dtd\xhtml11.dtd

MD5 7f7b2f0922918714b3cadcb21eb30de4
SHA1 2981b43e6045ff35d34a1027516182447531e0d6
SHA256 9d595acd4edcc171ed84213328736337d3a8265ad22eba3b28f09fa514de7ffb
SHA512 ef3bb75471cdf8e02e17405d04bca3e6707fc94e88987efe8b53e6718419f5596e78da4b4855e1b12c9721fe340504fbbc774264ba689874f45eccd5d77389fb

C:\bonzi\netscape\res\dtd\mathml.dtd

MD5 1b94d59f4ff28824ff6063957964661b
SHA1 fd0d7d47c1e431d65d8ad5d5db866dcf0a23ceb3
SHA256 29168f6d6d0e2a08ac6bb748d91492fa94ebfbcba524c589897f0928844e113a
SHA512 3fed2d216c90ec60517c0c860e5c1b14c6d61e4167259abd15211b77ef0cc330d4c1fdf15db7fb0683bf2f284205398949acc02f247666f410216f624fecdb22

C:\bonzi\netscape\res\cmessage.txt

MD5 ac8a0ff756ef0956622fadc94946e7da
SHA1 8d60226a44fc4234116bd32b8685454cdc03f615
SHA256 338264c233790b22cea2bf996acfa03f04c60b2912b685124b99d247c91582c7
SHA512 6573c098e7378b6dfe944ba9089a545d840e04de9b8efa92779db7cb2fc5b0b61f40e45c4d99bdcac8a83f04a2f0e4a95f23069d7c8636f4cf08651c118c7890

C:\bonzi\netscape\res\charsetData.properties

MD5 b6d0a4eac1af2673975e140c6f06849a
SHA1 4492148d951377cde4ce882f1312b0a6ec448d1e
SHA256 151bd980c43e240df150a7e940bbd45f56e90d0ca3c4192313c6247887231765
SHA512 86b55c8016027f4949224dd3cbe7eb9489b0ebf6eae6b9bcd1d4a376aff5e70d2273b97c1b538b963229bfa0d85ca03c3413d11dda3c06c4fcec43230bdc46aa

C:\bonzi\netscape\res\charsetalias.properties

MD5 794ca007e6681380f7ebde8a194f1f72
SHA1 baf4760e27fbf4413fccfaecbf281dec06169ab7
SHA256 c227987f70392daee076057c2bc5b127583da2f67f67b37f870f9cb110d9b755
SHA512 9f7811a459482a71e019155efbb8580b39dcabfe6b1b2bbbbdfa8e6233345c1d28a155e256cce63ffb9b28a8fdeb4ff8bab147c9f3a38d0803ab055d0844ca4c

C:\bonzi\netscape\res\broken-image.gif

MD5 1f689efbc0c154a9f812f033d6cfb327
SHA1 5448857ee603f9a53ee9ff224b3984d82cc43ec5
SHA256 4d3c8d3f9e495b9b1d22b45f00aecf7658a7ecb48174eb31cf4f4432fb0a0eee
SHA512 5a4d7f027ab64e36b2b1a63c92f380855c545ea171d34f271ba6309e34fcefbc4842697183b8d42cd1042907347683d85206c46d7dc30f4b390b2a07af0891b9

C:\bonzi\netscape\res\arrowd.gif

MD5 9d562b1fca17886ff56c0dcc71159a0c
SHA1 92a63431faefb91159b417c9b7868477206fe50d
SHA256 0947f76403fb629b8e1f8512fd60356e83184a4ee363b4ad631c5d8eee8cc46e
SHA512 2b4aea6410e83f6bc625adba0958e9765e58acae198ce0aad1b1d506fc8ae1700cd38111129fb8bcab7f6f297b0b70f0241f00b979fd3c6d9192ed9fe2f46332

C:\bonzi\netscape\res\arrow.gif

MD5 c72551f52990bbec40e4b0c2dfad4812
SHA1 2adb34a5cb044e2d2676e3b082ef17d9ce5136d3
SHA256 180ec27b0b2ae92875492de625756b847043b2abf1bc2d55c8c32cc62ca6ae18
SHA512 458dc0acc9eaadaf6d13260990182bda07662d509599c39baa7c76d19cba045715385793521ddea9a369400fa05669a858880b0c593abfa27eb7caee88a62a68

C:\bonzi\netscape\README.txt

MD5 f1be372b81caf032a3bde803b9e33787
SHA1 baacc2b8f82724e7296a358f11da3706221dee8a
SHA256 3ba1ed4d714f5ba913a19eece926cab7b8f78f429e3c2fdc903b2b0ee918ef45
SHA512 8aac07eb5524ef7e910a1835f64517d245af5cde32003fc005a1c2b8b31cba85ec07f64f0a00667ab3b927bdaa5512cc81c973353602f4d33e64d5b0a3ab65ef

C:\bonzi\netscape\plugins\npnul32.dll

MD5 f0eb4e3ec55aaecb2d6d4ec8331ef573
SHA1 4d539858da4e4495d387e8b8376391a66c0f5f71
SHA256 0ffff409ff54acffdef92f2f8489901bb0001dc22809def18c1681d5a8d31a61
SHA512 01d80f6030258ada0adb6bc864ccd9c1903ffe0978cd8c6e0bc4e18ac4d3ef0fdd3649b46e67feb85957207b3d91dce6aacf45780f1613aed1cc3c874b8c287d

C:\bonzi\netscape\plds4.dll

MD5 0bd2bf6f536a881d24ee99c4745d5b56
SHA1 c41d68cbada011cbfd1295210ab6b118ba00e971
SHA256 2d8ff355eb723f2f408e98fc2a13b2ad0d7a2655ff2caecfad9b05d9edbfa87d
SHA512 b032fff82d5695c6360a86717eedc6faff2a9f28b4ae55b8f122b5b752eec3252dd71339c85a268bf8b911a7f0a4519b7c9ea3c7092722f7c03bb756dd4d4d00

C:\bonzi\netscape\plc4.dll

MD5 2b42ed8377e0bbc197efebf72cccd5f1
SHA1 45efacb4330c7367aa5772dde93e086d27ddfd30
SHA256 16a3e8c91da67b99202557724b4fe47232cdd8d3ce8f7d42535919d107c47201
SHA512 e28c87e6c1b9a5cf866057f2a037fd33bb2fd2dc2a07a659b0d1afb3b8b6c51dafa638635d97ccc047ce29b8cbc9c96f26b3af39336b224f6e9f076905921b7d

C:\bonzi\netscape\res\table-add-row-before.gif

MD5 3bca4df18e26d1d22adfdc990fcbbcdf
SHA1 71d14238f799191d3196f662de97445b2544e56f
SHA256 48a964d88c52616ebd70d146fdd7d98bf585c8488b997963842b0ecb5ee16cb3
SHA512 a900e17d2af8883f6ce87c334a2d806abcb7104ebfe34ef80a2230072b931bd013bbd55316bbdf5b9279842c1f13776ba809722aeff130be006d5a0fa8cab278

C:\bonzi\netscape\updater.ini

MD5 320c48003a9b5d27d885e8644c0035c4
SHA1 c878885188a2480dc75d1f36a394ed744e2df680
SHA256 370d00b879c431c7be9908a394f20c8ced1337eeeb133dcda708b18d067ecb70
SHA512 32b8688caae43ad30ea48c4b46d3c894293c925e3420ee9f9866bb5151ed8c86757982b4ec401f77cb5a64874b5337c7727116c6ea778f7f471b408cd68692eb

C:\bonzi\netscape\xpcom_core.dll

MD5 42ccae3b5d587b2b10c3d095e9551f17
SHA1 6a9d41d77f15ed8af659c1e710b38060500b60b4
SHA256 36d904d796feabcd0d5116eb15df51ff3d8a917e0cef1e4e79d2348553a56374
SHA512 3ab47d3cf2da617b3279c0f3b06d62b3008de451c55311d7657a0cfa84bba796d104be46209f2ccfae06722e060e3924ebce598d5524c4e3b302740f60016583

C:\bonzi\netscape\xpcom_compat.dll

MD5 97448f58586c55c6fcaa72e640a61d74
SHA1 5293e2c179d6563be589e6c1e693da069523fe90
SHA256 7757d3259a2a7906d8452e7aaa5ea6818f21620dc5175bf283f61e21a5cc2155
SHA512 927ef4b228bd40bbe4af2fc73c730f4e468c18f21f1a16a61a9ccb92e68c4153477d77b40a74e91deadfba4c2be35edc0ab99a145a4884b5ec98aed563886839

C:\bonzi\netscape\xpcom.dll

MD5 ae953e04b41dcfba2ba527979de8e52e
SHA1 0994525dc2ec9b733725b6a01bf48d4a9e0c1224
SHA256 47e72bcc89d6652219666cf7d1b62b54ed1e264af08ab4714d9b9deb7432b69a
SHA512 943a5de7543744569c3a9ea492100a30fa2de9f5f9bfb3229be8a180f253c0fa02a78d52ceee5444af02cf7a5fe37144844afdcc513c20aa7ac9b9b35243b123

C:\bonzi\netscape\updater.exe

MD5 b3f10bc05c5dd33be9ebe2c9b097b809
SHA1 d4ff4292903610271830709db9605d8a6ecf2c90
SHA256 153b85c26c8a6158d669184629357e69418e3774115490166b18c5ecbaeca3e2
SHA512 11840ac48d8453fdaaa4b9114e65e076ee2222b9ace9c0a8fe896613b44f3775ab0a71776339efa116d590dabb648b51c1f7d2d370b7ea37431631872a8bc2e9

C:\bonzi\netscape\ssl3.dll

MD5 095759998c50786360999fa59f1a38cf
SHA1 2b7ccdbbec337b8d8f99c9b267f75867319782fc
SHA256 0f790c77c7f7890ae53eeea63c8a47c13d2a6d587a02e3640b2edc5bb0b764d3
SHA512 64d5f70cb5ec45f9ab35f582181daef743243c9d8a27e768cd4a04698b797e8cc073ec5e3ff8df903aa2edb42918564609caaedefbb516cd3b4c8eade818a732

C:\bonzi\netscape\softokn3.dll

MD5 b6c61aaa6e5c6d6cdb3c07256892f2ff
SHA1 ba402ebf4ba6268c9ae1c0b39374fb9249acc622
SHA256 d2703017505c96bfe815404702184d95f6ad9455e9b74330613098826eeb168f
SHA512 92371f103177cc2af045a4fbc881f970b6b097953aca210bc0afa8de3f82b76d65264aad6b565fdf19ce71b783c6ec917bcaf06c53e7c53bf53b14f749d7e6d8

C:\bonzi\netscape\softokn3.chk

MD5 724f2afa6d876ed8a87b55e9ac15dc37
SHA1 e72202c17cef74bafbdfb6ee4183bd689977cbc4
SHA256 572e76e6777b45ff98959d289b2db566379f2d8b29b28feda3a08badcf707e9a
SHA512 28be634c15460c6a88c999c9dd6bfe092b4e6bf44b76e7624f3713cfc90ad15f1c2e7adad9175a60390c14c68b6f1455b06a9365e3aef05ab0df5ce193b20475

C:\bonzi\netscape\smime3.dll

MD5 447dd189360d9ee712824adb05fceda4
SHA1 9f03bef5e3753cd594752c3efb36ddd1f574f32e
SHA256 399bcb8b5ac08c9f7532ec0e4d34cf10e01849bef09a3a6119b43040801727d4
SHA512 40ca426cf5f0e9d2193ed5a87569cfcae9129eb9da7b75a08154340afa5b03d8a29533471c1a69643732d9137f968b9a13b6bd9e626be245ee73eabaa9eb1260

C:\bonzi\netscape\searchplugins\yahoo.xml

MD5 61662814f3c385a2e30e542a5df552cf
SHA1 679688b98d9f519f57effc5b8f3219e795348176
SHA256 41053e273ae4ed16312661dde0ea1ca1e921c910ccb114856ce5578eae8723ac
SHA512 cd73e83d510f14f933d756585d5e5f879b2a56ec366826fc8f038aae28256b0b0f87ab3b11199fb7391282b1cf946f9b9c477107db84cc7408c4353b98b77c80

C:\bonzi\netscape\searchplugins\netscape.xml

MD5 a47d2a2b97c46aa5bad962837a236ebf
SHA1 8da28ab63166d0644bdbbc5042a55aca25f71a14
SHA256 020b6c9aa1a5b47afbfe2eac5f0ef6b8e626590935f8ac16260101aa6f8365f7
SHA512 22c5912f449d6e256e443adda5e13fd87fe1150dc33df95aabd9477a6f8c9a3cfbd9da10d177795acc966737078fec26647676732f140d4f212bcdfd167f3b22

C:\bonzi\netscape\searchplugins\google.xml

MD5 756f09a93fa87fdfa821f0d24142f77c
SHA1 baeddf725b45dcf23c516eb1276ec80acfc8cee7
SHA256 b349b6339b22ad0660443ab915c6c82207926c2ae5b851ddc7d1fee4cb82254e
SHA512 16f3b15083ff1f4b75c7e7d809fa5f38adb5f4874142a8005be7ae53d50631de6bd2606f5d0456e5cede88f51621ee31b4093dad2bb8457ce2abe3471ffcda40

C:\bonzi\netscape\searchplugins\eBay.xml

MD5 f5a0ed69af100f6af39432d04dbd6ceb
SHA1 cee1549850cc9c78c1201026a04721ac36b11c2f
SHA256 35d6b5d741d2363f7516dfbb9bb55b85545c5c634a5101a610d91eb235b84e61
SHA512 0c052a4485d2df651b717069a17a8a702ceca3f536d05d40af2267ccb5cfbc25b47682afb79350b655839cc8bf5e50625c606ad57afb800e548468f11f08fcb2

C:\bonzi\netscape\searchplugins\ask.xml

MD5 5f52fb5308a766979a68991b03a349e0
SHA1 e389e7257fc9d64df24929179c5efb0b1d3b4188
SHA256 a81b937d332ceeb0a3fe1c41b9cf5e4b1e435a9fcb99139a84ac3388bf39aa97
SHA512 3b4b0a1135491d6ff00eb876502505aeef2a50a51d64d4842de4a9d9d400c16a2a9f77c785728375ab630ed28b51665306eb2d11f985c1593e614fc51d4553d9

C:\bonzi\netscape\searchplugins\aol.xml

MD5 59e4aaeef0aeff0acd0627904e3cb605
SHA1 b44bde7b9a6b9cf50d89b5d5fe8b85832597473d
SHA256 86647de6df4adcb1f9e7ee44c4c0b7c7fd752f55b1ba090eb1a71612b46c78cd
SHA512 3199bedcac865e6402cc67dbd43ceb9028d7e1c2af0757cd283e298b9ee18435d439558ee7bc68189a14a73243e4a3a3afcd7511a4e7d62fefebafba62a2d8b5

C:\bonzi\netscape\searchplugins\amazondotcom.xml

MD5 e45a022f40fa6e85d387c5485d9cfe89
SHA1 2feba71a6676c95708c9d2df3bf4bae316999dfc
SHA256 0a64d0a74c0198a1611e25612da1cba3cbaaf5729f990d4cfbe352d4439e1a26
SHA512 fe0cd33169058282c50db22ee2cc1f3ef200ddc1356e636c5bab4cefcb6d524f25780eefee024b46ac77b74f65925e28fd34fc080e3ef339a05a67b09156045f

C:\bonzi\netscape\res\wincharset.properties

MD5 daf08d2c812f7185c4e2472febc6b8ec
SHA1 f2e30f66a696051452e49245f1be3f72161ee5e7
SHA256 abeadbcac63ecceb67c2f692273f2de230adfce1b83322e6be1ce04ecaf69599
SHA512 b5a34f22737934e918289097463cfee97628ee1831f7e2496859d09329df8383cfbc8b8cec23b1035e1dc739772d717b67970740d9dff7aab426ba3f0518652c

C:\bonzi\netscape\res\viewsource.css

MD5 e60552a13e4f1f44416eb9e53ce85143
SHA1 01201cf3f5d05c34e31cfe66b69a3075490bf070
SHA256 4c7068fe21e3e0d09757b66bba44f4c426e34cdc32d32e96722316f7b77fc6c1
SHA512 c4b8c2fb4e365e0ec0373d6abe565657d7eab9290e3d22631b450d0e4d0bd8987823f47f3cc703ef5d533fad27e8cca35289dbe45f4b9df0e6e0b55dde313dc9

C:\bonzi\netscape\res\ua.css

MD5 e95e78329871e4a902a97641c8b43e25
SHA1 f9cd536c535fe407f4f6c7f0a80ee65a91b0bc5c
SHA256 eb98804cbe3bbb242a301049b0268278ca94bab7c15ac95ab969b87b3981332b
SHA512 4a030b0f32e13049c05a71edd2343c77b2b9c0b88334c97edfed9953b09047cb9e543352b6ad4dfad90dd9ea513f039992bfa2d59772fca3c0229b373e6a1cc1

C:\bonzi\nice.bat

MD5 5a179439c6002128ec64a3d68aff9508
SHA1 7ae90b60346cef19765a13080b77b4f32c30f3c3
SHA256 acd994492884677f79a440eddf52325feef9db71bc1c7ed7cbda03ea14cccf10
SHA512 f865f75e7037e6d26037ed082e6eb08f5aa62ec8d3ee9a5ba079b9c9f700c632a3278b6f42d79747e3787a2ab3b405a720b0668383d22929ba68b1fdf7f3735c

C:\bonzi\netscape\xpistub.dll

MD5 226fb967c562e5c04410d7c5180be1c9
SHA1 97c3585d33d35c813438636522d9bc8ac30e43e8
SHA256 f197122f219f72566e949623119e8e384da03b7265b2876b9db3cc957bece071
SHA512 e9a99858d4d74d5b09063b0bcdf100390aed769b0e3cb533b165fb477c56da5b87901691e25e5200726e4f5393e7488c5bee27a97d292695c067d7b5b0f1328e

C:\bonzi\netscape\xpicleanup.exe

MD5 b643add42d6f45f601eaeea2fa93f3a5
SHA1 502ebcbf5f228a8819c12416e1468985871966ec
SHA256 3f9c5a116ecea24e2e8f83132edc74d44ce3746facb854fee6f2a81011f828c8
SHA512 ddbfb4f1057a21fea4805615ea65ad12681fb59879401a462493eea3e76dafd07c927d0d6820d72fba629693e60fe3f804e1998c9bd63704da0e3c33426a7ab6

C:\bonzi\nice.mp3

MD5 2eda72c1e492d5fa19b16602a6764755
SHA1 e2ce911f448fca1d2affe25c2ef4cf619c31d049
SHA256 6997c09f75a291acc7b1e4588b0de224918f3be06a33c8a1b43cc5f4633c3c25
SHA512 89d183ded9a2e7ce423c6d4c926efc99b5c97ae0343388f98f1079b58cd1583799bee14a835b362986c1ee94cc1c2eeafaada548a75bbe9001ae3230675c14c2

C:\bonzi\org.wav

MD5 d3b1e5d03f566b68cfc2a757a7d2ff15
SHA1 94e7ce06c0bbfec9953f8b7344640e57e86911dc
SHA256 f6271ec6ec59083aad58987760b917804cb2dc94f81a405f3743b5917f3ef189
SHA512 3187a8e4685db7dd44d4630f4979409faf7a4298793045e3e91155449bbbbc5d1532f70cde0e4f6a019c2a9172a2b863087e0f4ded21da7850e022679b14c378

C:\bonzi\optimize.exe

MD5 5ffeadad118403d9496653dce94300cc
SHA1 c96574ebffd8fc82bc6b4bf40bf306b5602b38e7
SHA256 9bee3eb4c6544d6e69543440bec4f1f246fad1e17067bb6e8bfd6daac7ce475f
SHA512 76726b8a982c53cac62068a9b9531918b0230537e526f517634d14cf9459fde69303c83067cbee50b4005b9fe55108ace1a2eda980922c46925cfc8aabe59e3c

C:\bonzi\pepsi.wav

MD5 393f1e65b814e53290439d97526c43ec
SHA1 e91e0da95024327c88937bd9104b92a8b397a4c6
SHA256 f4bdc036b03463ca06c755ecb9919dc1b71edb6fec874317536d1e04709fae90
SHA512 71a98a4e189c9d67d68a619a3f098812e93bb8f81c8dba1997db41b08994281a5bad5c098ac5e4b59c010a07968082270738d40a90bd393a29bc733c72efa015

C:\bonzi\score.wav

MD5 0fc239f9d28611bc635a410db3189331
SHA1 07f2875aca2065499257a2b442ab37e54cdb5c33
SHA256 92470fe92d39298b8a80dbf1fc91a96c64449787a00ba50f7e377c64fd15ab34
SHA512 5c8d4eeac0e40678755b2f5c3accfccb271891c0a65bd180c6b6cb66bfc3aa896ea2f8f4a28be1d8af2b74d339bb0ef0bf267124c264e97906f27412f4ecc3ab

C:\bonzi\paint.mp3

MD5 1c111738ee0d15359fd01970e0bec752
SHA1 4259b0943c02d363868fa226daf312bbf1d285a1
SHA256 6843957ccdaf90e02cc7883acc848dd7d2bc65a87ecd300bc00bd267b026833c
SHA512 f11293c1b1b122ee7775671171ffa06d555c9a3b6652557ce0ac6b00b8c86a487f79dc6a31ed715036fffae9c50a0b77aa60de6bc0f98e3ca5968efc56406a82

C:\bonzi\StartBlueScreen.exe

MD5 b01ee228c4a61a5c06b01160790f9f7c
SHA1 e7cc238b6767401f6e3018d3f0acfe6d207450f8
SHA256 14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160
SHA512 c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140

C:\bonzi\start.bat

MD5 76c6bb82f14dd70654068aef25870133
SHA1 d53fa079e0024e75eb1fe30d18d66f67f7faebe9
SHA256 83cf30717ac40183d3df880f523d533e47f50c62537157322c0026a1318c8409
SHA512 0c5dce308439217b25362e7ae7bf61dff3339b73d49c8d649b1efa2921ddcde02698cab8d3441e6d41df78f3cf66a523256b929d5c85209e137e9947e29d3448

C:\bonzi\smash.mp3

MD5 2e41251102ae85617f735767e9ad8cf6
SHA1 a9da821edb3c7fbca686be6b5113c383361d184b
SHA256 049b0eb93ecd684a980394f491cddb57654aaeeb2d30325cad5481217b6c8e6b
SHA512 b69bf793132070e5396b012604fe67348682efba3abfaa87d37fad4a157129ec352c4c1fff06300454e36cc459e2b281fd49a58d4e8bbfd3c81879319f9e6996

C:\Windows\msagent\agentanm.dll

MD5 c08f348afc0ecb15e248135a246521f9
SHA1 30ccf959611ca0b1f131beae65299b7129230d39
SHA256 6b187a95242a821ce1e800dd80cc7a91fdbee498900b2b7fa6225a273a43496c
SHA512 0392b7159ddb651a43fe0070a1ac243a86d941ee3b82c939009653c301e6d6f2ef86f16d2f2b092c488e002ca5fe02ea9a6a4f5db298ea74fd1a19c54976377f

C:\bonzi\wave.jpg

MD5 14c088fedfa49e01cbfa06905844f8d3
SHA1 6fe39be58db72f9ef29d642b220e7a861a96daa8
SHA256 5f79fad755940f442f968dd06fc1dd3dec3d2b480b4b26a0151be0781eb7328d
SHA512 37c89f145e90338eb23f5eb6e1f7ac83a7d10ac3e9ca860db13c47fe46a69bb9d8fb38c87f13e4c14b8e1c620a4236f08f723a01f3ba80b023b0300505d09597

C:\bonzi\vape.wav

MD5 9fb155c34929da2bd9f5514058de197e
SHA1 c850508a7e2f9edd9efc6abbe8909af618d5d62c
SHA256 aa962bc3b0e4070f5c664063ffbf7241087e435e3b51a8e47c28a241d67c50ae
SHA512 1b0ac3d24e2a98643f583bf0da83caccae6b29fb3593f779659111f7297bb68192269222c12c901f2fd425fd5415237898e9058964b0980e17d107cfc6c41b5c

C:\Windows\msagent\agentctl.dll

MD5 7ac2e4204766364617db08f2b3b13f32
SHA1 ebfa3608b0ccf6f169bacbc3d8cf574a84c07bb8
SHA256 6fcff6c942593c732c5acd0c56f5c4b686c2d8fb8247734693c4a8f9c63c2636
SHA512 6f3a015c77bfbb13ba1a1d7535fefe683604833db391a73510d97760b198195c0e577d8da40b33e51a7c50ef1e6fd501c6aa11169b29b82b19664b8a294c0bd7

C:\Windows\msagent\agentdp2.dll

MD5 44f0f16bf6eb8e1443ae788ca4eab04d
SHA1 0c80f7345466fdf0d69565cfb07cd7b60fd7726e
SHA256 5f6cee0baf6b35b36edf3f2eda0b720173e3d30c945b734749bd0dac861bc856
SHA512 192b9b198b248a2c1b33d7d47e3444d4645e9f657c90229974a2254a538e9f9dd8f36b814385db0c01c4aca67fcb3d7bf64baf6219a35270c426ac6755fdc92f

C:\Windows\msagent\agentsr.dll

MD5 b161767acba91b2ad503524165fff9b8
SHA1 d3c39c5820b34eb2eddbc92cced7ea60aa28dd27
SHA256 6276ac775e6b1fa9f428cddc459a61ffff545b33705cb3e7e059771da942ae2d
SHA512 eb74f76db115f5fd8b1eac358494526eb8cc9a184e234c737f2ffb61953a8d8e69083887d6605667b5a8e5e1ed0c8c50bf596ccf7b73ac52ecc9150b76420403

C:\Windows\msagent\agtintl.dll

MD5 4877da173bad63f3dc43c4be4a05b781
SHA1 5733cc438f4f83f4634369320ea6f2d8f1d0c5d8
SHA256 e800ab10b828225c9135b810c1fff8fcef6ab332f48395efc3a4d4ece8049d50
SHA512 990bc3af324ab424af96841ec38ebeda2760c1ffa3fe15d8c48720284445d573c718d928475b0fb54d750cbcc352fdadbb767b88b1b0e737fc5bbd5d824d37a0

C:\Windows\msagent\agtctl15.tlb

MD5 1968971f3fda39bda6239badf0234b8e
SHA1 02ba4512136d20202fd0d395e7ba13ecf535f460
SHA256 7bdbbe55f8f84cdec639e53a427229f73d507cee22a0c65a8bb2009e3807b4a2
SHA512 ecf7cae871bdd2d1dfd1cf9f28ca6f5a8598b8d6bce7e01a17451ec48af38c76c1e3e25316739e0197baaea7c7be7708ffb5ccaf879ac0de1617102decfbd26d

C:\Windows\msagent\agentsvr.exe

MD5 f209365e10daeda9a084dc30a8096487
SHA1 7bfe1b5c9771ea232e96981fd79cb9d97c1e9203
SHA256 7a8fa00e694d713a128802221815fcb114999a392851c72c02a73564f1d95844
SHA512 d68b440b721df12b6586f246878311c2b89001515c6b71f1f6eaa351256b6148084de0259ec2c4e03aabb00dd6f5caf27be14b6b9f6b08911c6b99f3332865fb

C:\Windows\msagent\agentpsh.dll

MD5 909db998f06e949c59558f1d420a169b
SHA1 d113a11c32951b094ba4322c607b76515f5c9a29
SHA256 9f3e5be482329e337a7f2516723bfb8886de89d75f551543b3832bbc6a06f987
SHA512 7ad570f1b9b76b3270a69c3783c961561ec8d025975dd2820972a5c3af2206c990c5d04be10963aa0f2bcf91b155d50fa22e459ba6198f621667503a6a3422ae

C:\Windows\msagent\agentmpx.dll

MD5 4e91700e7bdcfb69946b078b3174031b
SHA1 f20c61a08a1d0186449ef4cfbff0a72e6b603cfd
SHA256 6aaab6093d5a2390b9a3ec83a820508bbb041c07e50b874c736228900db50bbc
SHA512 aa02128092e42c5cf27832bfc52dba7046a93cb528dbf1b07dd1ed90ca25738ba4106a8b6bb4f07c4581b402735b8741b10f14d27594e360238b82130177b125

C:\Windows\msagent\agentdpv.dll

MD5 677e9dac87b67494de9a0e7bdbf77890
SHA1 5dd20234aaed92f8db592b4efbb6b9e40f4c3b39
SHA256 3f7b82d4031c4fd14ccd00bff04cf4be7f9fab842083106ac795957c50857108
SHA512 7d7403fad4c13f8c6799b7433f76c8e6ff1ea4cd25fac800b570a429e4a7a9204c94f428c83eb359c5a84dbb6baa00a9353ad5a7729e8d9a8bbf3f92371aea7e

C:\Windows\msagent\chars\Genie.acs

MD5 22bdce2c97e773a7614b34d7c1720232
SHA1 ce5c3c484a9fa32f403e4f2fd2360fd6e38b8320
SHA256 87887195179efe07ad6ee7a44fafbc0fa6b96d0990ec604f5651951c647f8f9e
SHA512 83ad39d3f83754452d557061f0792fd8af85d358ee4d279b27f2dc3a3866193b88df4d21a645baa3ebcf2b81a348af461114c61aedad554e665fadc3cb26d07d

C:\Windows\msagent\intl\agt0413.dll

MD5 aeb8d95e0d925f8bd0c55083500b196b
SHA1 9450a8500b1d7ec98cbed8e4d86de359d359a645
SHA256 dfab04ac82a040e94f5ff005120f79d1357e9af7544b862c7f8c126175f85054
SHA512 286e31dbd0fc5ffa779df4c5c5fc2a427cf3c56a1d512634e000d4564d7be404fa59da5deda9ddcbd6b6b9da1a3aa22b98312eb07769f4b7cf21d44feef49037

C:\Windows\msagent\mslwvtts.dll

MD5 e7b6aabcee0108d851c4da46ef088138
SHA1 eedfcc7f11145906df7955c9328bd8e2693eb53d
SHA256 e4eea18ab949eb224892f6dcb6b5cd73a32b981486860376eba82fa54171d467
SHA512 3a7f852eda6e9294a4a8921077164197c1e4e532eed0c3e918a3b781f7404fc9a166c2dd15796f5df19d368a249219306fb573ab2bec1e2dc1800c59c360dee8

C:\Windows\msagent\intl\agt0c0a.dll

MD5 6849587b7169db2a475430386466190b
SHA1 3862fa0162c0be7f1e950ff8973ccc253ed16e87
SHA256 333c07819883197e1461c603ad880266bff18d937ef41cfbd72067599f69f5ea
SHA512 6313cb16b7948946426f84231796301afa883d7bc6de0dcfd755638220a7f5f75c5a1b229083400277e158f9df770bb0312af22ab53031bc57b7830da69a726d

C:\Windows\msagent\intl\agt0816.dll

MD5 5992c3da611917348c1cb313cd3508dc
SHA1 8711081cd4b0beb0e6c0ffc3dd6a542b23746f3d
SHA256 07498bdc34970b7e88fb1e7e09bd4e68d33cd76da02a1d937aef62bc463cc099
SHA512 ae9c00be3a53c2740f44c0a73c8c0ffc3043af5e440761e84e7160fdf676acb533acef1ee8cc5b7755d06ac34643704db312176a2d2cf92b2c6048450c999d0c

C:\Windows\msagent\intl\agt041f.dll

MD5 cd2f542e2bc4da9f5939aaabd1537834
SHA1 5c4e4bbbebc07bef9eb83c507f6add63cb01dc6c
SHA256 bbbe538006290415c830fe38be6b84d964ca2c24f44efc3ca527976e6c92b599
SHA512 47c60b1ccc423d35cf1efe417f5b8f2163b082be311a9e04f75a54a515fb323e02cdc56171a4d2d41a2e4020bac8328befc2d273a97d007e0630eb914761d75f

C:\Windows\msagent\intl\agt041d.dll

MD5 18d2c5dfe7b9200911d691b5b0d0c890
SHA1 79c4a8a9daee813ed6ce1791247a2e88f9161641
SHA256 e661e253655aa88ba6c63eb1e44ca29fb31a9d1aa0880aa4bee9e373a51ed227
SHA512 d9545d6f3c87f5bcfa8f00df125326d0999b3c81252707b34af6b2c7b9f08de592ddce4007315cf3401fe24222c16de6ba099f961db232686476a78151cd7002

C:\Windows\msagent\intl\agt0419.dll

MD5 9b3c6cd206aaf590c6c0d1d06070c5c2
SHA1 bb5a1a8fb839fcdcec85f8c3ddb05dde699f15e4
SHA256 58a7ae2732360cd29d4d1c95886680291a9d24750f90c64f94b5e984e23dd6ac
SHA512 f74a00cb4740fe73ab5a1781f0eb351b2f9bce742f0c0e14aa3205f0c5f915fb191571793b9af94d417bbc3f40dcf918c60474d95a6254f6f9e887f8e82490c2

C:\Windows\msagent\intl\agt0416.dll

MD5 882a86b6f624e309cda6eca01f6e1989
SHA1 e7c4bf0738faedd0e57a06ffa3b4b7a3d14693ff
SHA256 26f2ffce49c383e238748d13bd545ab114d7aacbb08cb072179d67dc5fa4cf28
SHA512 a2d2794c895ec1203c5cee2c34a6013d8fa90e31c582dfe892650379bf4b4a8bc6bb932e0c0369457844b972968b0a136f1f444dc47169e5cf3e18696df0e009

C:\Windows\msagent\intl\agt0415.dll

MD5 7d7a60f32f725d1f73fa915e233d4059
SHA1 05909dfe82dce482ece07cab96ebdf90b881b51c
SHA256 9f9d3fb470ebcc885931d87decf3c865009c754e1d553281d2cb8d329f3f73f2
SHA512 126b37d5845bf682f69d0bc9aa3d68f94b336eed6e625bac2f78ff90fbcb5dfe4f23b748af640f65de05ee5bfd8d827f36c804e837de16e8d6aa77eea3ea02b7

C:\Windows\msagent\intl\agt0414.dll

MD5 e362a1629838769704a5ba4e48cd47ae
SHA1 b6084b43a997a8a81c29204e8b71f43fbbbdcdb6
SHA256 84f09d3d6e874cb02b882ba070dcfa36683eb61cad6515e2bfb35e990f06ed6b
SHA512 331850dbe0532f262f8b36bff63ced16867e0151934f66fdf56bb24814d93d8148ab7c6317002e9e0d118e77dcc5a6cfa88098b6a669a49f456f8ece05c263c3

C:\Windows\msagent\intl\agt0412.dll

MD5 673af99b34393b6d62d527a1d8684b9d
SHA1 85da09b0a7258343ab03bacbcd81f6dae52767f5
SHA256 71b5f3377351adf9908d564dc3d38373b43fb826a6e3a7f425b9bb3d79fdf819
SHA512 3f97869555c5277291d73b9054a7505f7bc0dff8032ededc088074e100b5b358114205be63e4e2089f60057c5770549b37ddd891e8b8ff0a08342ebcb6be2834

C:\Windows\msagent\intl\agt0410.dll

MD5 176a0d87bd7b87bcdde7e5435a8d0882
SHA1 522eeee0a0bd8bf3633bd7d65746371e9ec30724
SHA256 5092f7295fec2ee5618b981965552476d5e22d21f6e610a9475fd31cfb3833c0
SHA512 e2f80f06a1f5a01a5990a50392b8828aa92c1d392637580e9f2ee00a0c1a892dae83425f724319240ac1267db67353370462ee5be3a88fea38db2d259b9a622f

C:\Windows\msagent\intl\agt040e.dll

MD5 79c7aa68a9e906bdc999c953b0baa9ac
SHA1 e30711f4cb785fdb98c162680189452c471875de
SHA256 c06432219d3769a5dc58b41e3f2a594f46ba3748f1d2753a71b83ccaa1936a54
SHA512 480e3a091659958c92101a34f17ed18600139e97ffdc57e692a95f3b9d1cdb7ba2b99543faf4d45d628a140dc4b96cfb98bff8cdf54bda90bc3c4676c4c5cf1f

C:\Windows\msagent\intl\agt040c.dll

MD5 6e2aa1fd86a44ddc19636d6655568399
SHA1 542ec2ef24096a619cb393189dcecfb94ef5a256
SHA256 65e5feb47b79ab353d0fd8a7ac9739b37699f5e008171e2241fd0ee07868e677
SHA512 9ba66b4220f58aabca908a25a16f95c416255f1ac7d823ab5f52fdc32a1f52f127ce80f425e9af2767c707c41c1ffea62ae9ebbed77b5371e2dacf726cd3b55f

C:\Windows\msagent\intl\agt040b.dll

MD5 8d5054977b8adef4b3588d428e0ac4b3
SHA1 f31482db2a480ffc74bc7a060fa5179354d6917b
SHA256 c8e364f9d295a4a6f9c5bdf0f468aea71491f3f94842ff412fa5e84c67217a63
SHA512 1b49f5c87ce52a073f60a9fe15ca9115b4eee606aaf194b1269ef1fb2e42416a064c8dad1c2eb780fddcb7894097f622c5cfb1f7b5a67e6d1b5f6093d6adaeab

C:\Windows\msagent\intl\agt0409.dll

MD5 c537ade8e61db55bf89a84e682bbc6ab
SHA1 8180ce84f2228cf62609f30fff32a631932f82ee
SHA256 fb0dcabdb076b8f81a5416c107e5ced3222cce4a1c2135f0068e3410be15ad88
SHA512 c26c5a1b40270189184e83f7689f07b355939de227a3ce775e74c49f422ca5de97c508f004ed2cc7f828bffa27a953ff6a3fd38ddb112f9ebcd941675f122359

C:\Windows\msagent\intl\agt0408.dll

MD5 fd67c2f652986c2f217ac83eeab6268b
SHA1 83a1fd6514d7a49263c9f13e24a82b127c9135d5
SHA256 21c21e6dc4a0ddcfd48f92c7b47d8139758b06f55884f6da8cf51fd85386853e
SHA512 86778418fe8d06dabccec5d47c8789074134ae712ffda2c013e997bdf066bf391e3e6a59c086ceb935aaed95fb9ab68f0e8604c32cf95cfd829dcd5853278cb7

C:\Windows\msagent\intl\agt0407.dll

MD5 864652be39f3ab4b6ecd47aff9430e91
SHA1 966830119d427129f208781427fcea0384aa50d4
SHA256 4e2503e1281f9530c0d83d3692d867a4c4c794003e69e8121fc6676d2e320010
SHA512 1291c74c99615a63b2b5902491209585b5c3e9b21296f7914e80698ca7ef238a529945acca6c5f23ab36fe36e1aa791a0b4789a6913e86d2671190a90e18bdb1

C:\Windows\msagent\intl\agt0406.dll

MD5 9a2185b7ab725324cfac5c31e641ceb3
SHA1 7c8c91264ac5ec5430aeaeeae37c98aec0a30c55
SHA256 b2ac9edf8f9d1d7ee3f9def30af93a2a59ddb7ca20d31e8fb240e10bfc4daa5a
SHA512 fac3b7efc9934e974ddceecf217cf7a7af1b652e8b185c94683871ed8c22e2debbb494a1e3214f4f511cf19e6e2a8786966050d09ba479c12b8ca203cce93cf7

C:\Windows\msagent\intl\agt0405.dll

MD5 7b8fb679427871afb2466d08204e728a
SHA1 ed0b79e6d11245fa08d90f0a81986de9028c0349
SHA256 727f6575436540350f7ca0201b025ec713d33440eb7c1bcdf1fd64fd5e45e6f1
SHA512 1ce95c0a2d62cd79f442a56d6db8ccf196a943cf0fdac4f8696915bb7c49a717853683ccf50a68e8a5ebdc014411135923b70a6fb35c40c58b9ceda317981fff

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

memory/6036-2703-0x0000000000400000-0x000000000046F000-memory.dmp

memory/1808-3195-0x0000000000400000-0x000000000046F000-memory.dmp

memory/1808-3208-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5220-3712-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5972-4216-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5492-4720-0x0000000000400000-0x000000000046F000-memory.dmp

memory/3308-5604-0x0000000000400000-0x000000000046F000-memory.dmp

memory/3312-6197-0x0000000000400000-0x000000000046F000-memory.dmp

memory/3312-6209-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c84d8f819d55f37c8f7dbaac6c4e2dc1
SHA1 a21b5024b4b7b1aa4140f333d1c949a1bc2cdb19
SHA256 455f8de912f94b6bc77deda036fd3353a6efc39ca44b2d070599995dc97ccf5c
SHA512 c278b50029f997348d884f99b11508fea46077a9ac56f3f18f110109f2cf6a5631640c57e5f2a3118acae668dc9688ffd448b8591173d727bd6c94ba2da9547a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e63d6d5ee93e452c528b63dd69c1e0c6
SHA1 5c06c0c69b4915c8f42562295a19b7b2dd19e1db
SHA256 9a56082fdc81266ae3bbb83f1f56f4a6bd833ff228fcff86d9f17517ecfadbf8
SHA512 ca31d262e52ef4cd961aa7eaae56464aa5845b886777573fe5622c2d4f1386a876e00bc099a3042a7d974956a5fee980c9bfd04eb959e7b88dfd1b71097cdc96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 472ec32677a453af2c74692a60147dad
SHA1 d88b5e900d82c9bdac5cecdc1104ae46888f9e89
SHA256 28f495a706bbb9a09ca286ecba0123bde6bb8e1e0aece749eeea7c8d62fd52f7
SHA512 4140bdd439121c889e8ca3824b2aa6783318d0ed28557ad18ec8469df1cbcfa4b492f37b27124f3ec12300e3e32247bc1bd3aa9e89936228e6fba84e975beea0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 be529a907c265364aea60b32d2a6b43f
SHA1 4e36681dc58aaaa130238083d0aa43d4604019e8
SHA256 1790bffabda47de3ac63c09728874fec01d03bd240361e81dbef964f8ed179bd
SHA512 37e65201a514127811d0f92dce4ca096401af92b4c90441d1e0673c1829cdf5d47f513a63f8ee1593987ac3dd542f197654423b0fe24d50aea4794001356004b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d023f7c1f31144d6718259d26c3347e7
SHA1 e555fa6585605520b9a7ca18f80392eca429e438
SHA256 612a6f4f3ce33101a2622918b083ab7976f7e12af7910949d0e327ab28f882b2
SHA512 cb5a074938101219bf3a3a89d24fea03b2c977134cb2a861e58b380a0137a22dda9ec18e539118f554138fdc51d159fb8ee0f5127b74e0331d680df69a02906e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e2b8413f78dc1e2ca18304281ad7993
SHA1 2b913a5e1deb2956597db42f30e93b1c2319bf50
SHA256 998a56b7201fa41d1d1cb4caff8d658206a692eb845419f9fddcd49d00f28caf
SHA512 0e7a5e68c5e8b1cb48ee88c188b2c996aa5b52c903cf94dd0a745aeab1452580a4c34ce4e2cc731c932cc4d36bff4f00c943022e7ede2f8541fe873ff7450a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 54a5ca74a6d9c531ec2c366edd7be658
SHA1 c4d01c1cfd3c190fd9ac918eb5a3bebaf41b29d6
SHA256 9f3cb2edebc4754956da013e3e4fa9735d5d5cdbd5f02a7c9869a8ada5bf190d
SHA512 b8670bb7a6496e8e6a09dbcb974ace55451be9c937f178803891129bd33f9545119924dffffa84f13dc87a753df0e9d66e104e5df72f9d6911c619c835d78e2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 ec52a780fb628756883539d1daf3f68f
SHA1 cbfa20c69acbb5b75a16c81d12127be1ebcd47ae
SHA256 4db0f4e2991abbcf13c1fa0094672e2b3f453797e271a846a0eb3b4ffd6ebfce
SHA512 5191b287f7d15d882ced2bba912a327c351a29dfc4b457172f3f5886b60eb6d7683c6ca51c9734cc0385da9514d271d674313c049db5b0adec1b05a1a1ca29fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 8852cfc3d33f08671c7df96fdadcc54a
SHA1 53a286b6ff6e215c90fb9d0a9a3078ffe1d364ed
SHA256 2b907730278b227f45035e1f5fc78cf47c018a97145d8728efe190546481fa83
SHA512 20ceb5526d323a609348bd7d9ae6ad0d9416eb637ff55e5f7bb9cf73a2be92c5f0ee7aab1da7cf43835552034a97a49c3d7076b4d4d00c376ec902b4dc50df97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 675c3cc9eeb511d43db6635bf1b515f9
SHA1 b5a3bc916093bf35af9cb26f45f79c229db4d70b
SHA256 827caf07904c9ca524acf5d97bcaf1f11c84ffdb1fc2e7f683e1dc80648ed58c
SHA512 6e82a416ca6d79ed2402382326d8621d9828b420daad5ff0a93f2de13598213b52ed7fc9f6a59dc6bb71bfb6a1bb13be3d54581e2d26ecb0dbf0bb2ecc894197

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 7739350f11f36ec3a07b82584b42ab38
SHA1 d97e0e76a362e5fce9c47b7b01dab53db50963d8
SHA256 d84e9971e8c344b9ff5a5968e7252270757f211f0d408e26c12693729068ed75
SHA512 2cb436985e382ec17390a1f8a7c112bdf18206c66d845934a14f9c84781200828e05c57cef5d4128a9d9b96778042ecb7ba2c031563c78ee9b8ec41accf8a537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 b06fa3dfc52a8b8307d2b0cbc039a5bb
SHA1 26588a72932890663c6316230f630e52f5038fc9
SHA256 2ceb1cfc5718d43f62baa9b802554f79e4029384a625c01eada3c508a3c518ec
SHA512 271e62ea541a0b17c1e52dd79bfdfc35641abe1750013daa237441e2751839edfccde0e42f6f67235989d608dc27094c86c442c7c584248d0b9ad251edf57837

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 9a21c78c3cfb129f395919dfb35bd678
SHA1 65e66cd7c7dbae0fa6f5346a1413414bae531d06
SHA256 f336b0f4882f58bcc4ffcea8aeb064c3f2999836ccb269eecc140bb401bbdf23
SHA512 8005c6594dd227e5dcd0e1a9dca2757c1e94ac1ee01f23f01130900f67382b5123b265ecd7f79ec01914ad8d8f743318fa2ba6fa70fa18a5597a9f492ccde04c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 12b3b06a215a92b61047d4d676009d5c
SHA1 bfaffa1420406892f96c14563413c12b22d5578d
SHA256 ebddde1fdfe55665db44af96d9a914ea833d5c74b510150b0aafcc6598c8ec72
SHA512 5f597b93c1bd9e9be7d7aa42ec1a69d1183d164096046af276546f907c7796cd5d1ea80d152ac8cab76f1ddf3a6e3d51ed74c6dc97d467a4f5519dbad8d42ea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9542a9daf5efd4763f339ef742e7aa5d
SHA1 bb76ceef3329c85bb2fa1b62c697ea7a3bd74562
SHA256 bd523941f7ffd6611f770b97622bee6f4e68432d6d93e775ac488babb9f38f89
SHA512 e9e1bee51ae2c6a639d120ad1700b2a3e133fd9dec2b488647de2af68b20223ab94b4019e94855dfee14f62f2d1e90b7d1234f320fa881c16d4e5ae93b3d879f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a474ed60a0205e1b5dc0ed18939da3a2
SHA1 5f755d880347eaf19fa454b8d0b0f7f2189d5804
SHA256 908559c9bd35cbfdd3a7d8a3b3f37176884b8781f21e54f561f6e062912e67d1
SHA512 3ed5756ef42269c1a46dd21bd16cce2fd43dcbc5952bee447efff03fd428431e6deb96c315a5b5d7a958d5c7502f777a608a3b57e453480086c8f9cf34d61514

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e0a6047f190455a51e7347ec9edd534
SHA1 0eb5387af0ce4192dc54c8b741f2ba45502ac9a0
SHA256 b9ae1d075f652740138709f4cdc2c27efa39d93a9a889ebc1ab118ad48753f21
SHA512 d822661bc0a4f9b10540f436ef85b39462e0210f42eeb1f9ebb702073df5544a7893215e4192435e20015a1993e5e60b3aade482dc746bdea308ba78c3a5af48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2911c2d300c827729bc5c14229ca18db
SHA1 8633c0898be1c9dac6e018979e1dee99cd609a8d
SHA256 b9f2b25dd5cb8a30f129b912c13070a5db3a115f644c639f1deb8733963f4ab7
SHA512 eb4cb95a7d0d22958538d4784be47f1be87d038e5ba7808a8f2f7f6a8013de23851438e6e00183155de9584302b464fce064dc3eabf46e06a8240f1fe262c10b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 595940c1808f885f50ee14fd1eb3d484
SHA1 a8b6ce47c9407796e45451ebcee444c1de84bda4
SHA256 076d898736fa34258cd3f91e52bcc4e43d3958f4e9ef74da86618068f201b6f6
SHA512 1b53aafbdf9d97e1a9fcdd6af87ff7f2eb281832233252872085ab893bfadb1b96a697a2f3209247dc331eb17af973a6dea7720746cb2819e6b551c691df0c13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2ebcfbb69f044bc6327f527c09febf65
SHA1 231843073f05199f8d6261f1351086557974b4dd
SHA256 856267c30ca443bb01161c124dffe600dcfb13ce86266c7c59489bb1eb489925
SHA512 cde787b11b2d4f814c4fc20605ec1cceb3689ab12006d018809c4efde5d35055f0150bae75358eceb8150625994aa575d6f75894230007b78f91d26c9524e746

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b6d4b22ac763bbf05ef0900ae675cdd
SHA1 ce54f798ba444f2fcc2c889b581ee169c4dcd29a
SHA256 d267bb4a5cd58b9b6a02e90642ed6fcf7e23afe08e8e0fd5bc5d7ec08d096d59
SHA512 42fcff7d4ea38edb6020651b56ce13ba3e779528d0812f35ffffe4e4634cce618461f73cadd30c24531e0351f35c601edc1960ea6719c628fcd0f5ce1b3fbc70

C:\Users\Admin\Downloads\BonziRogue-1.zip

MD5 911722d67f234eb299b8fc3e834573d8
SHA1 cca1cd0426545a385afcf6983cb8ab3479e235a1
SHA256 1d1cbdbd3a72178b36bc9a68e4b5c8f2d849c5698f65d2220033d3417fff2827
SHA512 63e411a4374a05ae5f07961ae302e66035f2fc8f5087710ad7012eca92bc1c723bdc02be04baf5ba2f792288438623da21800c6e980721a08f250bbcc18de092

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b84645607719e24a99efcff0d343e894
SHA1 5b32be82032ee1346473cbff53a0339561634809
SHA256 5beb1ec96d1aabcb1bb676c29d061a741976b1234e7667c91686b748642e865a
SHA512 4bde5c5724e17da0d5f750ac68fea330a13b59e167bc3327f672fb2175f509cb8b0c7ebe3ca0e9833e9ba378f65f9abb501b1d54f50e17996f5f325938abd3d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 59ed7fb7d6e513a2d6e276b825af99fd
SHA1 48d65e043ff52365c55998d907853da3511bb24a
SHA256 4f4e351795db65c82eeefb3ebb7543fb58468f7db5a9653c5184ad8681827671
SHA512 1b87ce8c935fe6e04821e376ce4a781364737416a128c56e64468419e0031489d892e5b66212aaa1caa5abab90dde713ea03cd3f4fcbda8b72a5bd5891a5c5e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1597fd87cdbc396cae9a090cb550a789
SHA1 cbcca5b5e3fce3d954b732b1c93502cb6b3edda9
SHA256 f4ac4c29b29bcfe02154fc80b98ce06171f3b2c5ff7fddad61200b9468753034
SHA512 9bcbd8e951a85c493aba5b7a8d4283d1ef2eceaea72284eb91bde483649a3bcc895fab3b75059e44ce19c12156ed85ee61cba17fa141cbfbbacbd39fce76d598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f2ff8e391458fcdc99c010560414e3d
SHA1 b528718a84018725720c22ead4b684aaf997d24b
SHA256 c5834b2743e5355417ad772da49419ab65989abefb4f1c696c0eb05056ae3d77
SHA512 16d6677dbc82a04cf1ae1929b926aa2aaf2fd8995f643a89c5c30e595d8077cbb816aa8cb2f2937d5037f4e33471b3e3d0f14630eb70758ecbb7ce2b3ccf6e55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f89e73c64a08cc954719eb8c116d1602
SHA1 da007f4bd2d0d9ab406fb19ca136a31c73680edb
SHA256 b7942e338f7116f75bf470c91c8d2ef788672cc33213d5507370fb05177b9f1c
SHA512 d999a82edae52f1e575cc751ca227734b683a4bd774729d37bdf147f969b81e3a7e1346eccb89af781e14126aec87b37ff1c167a875b1c5ed9ed44fd9e709671

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4dff2cfe8264a27ad2c1afbc37933ee
SHA1 98e5b64644bc775ff02e744782e8bc62c009ce05
SHA256 2706da0ccd7a2fb7cdb15f270876677c17c07e9536936af45046573a4e7a8d59
SHA512 789dd56eb0bb8c37d9f983ccb11d28475633f15feb7e003a3c767f04a0c3ba07dd414ee6dcf28091713afee9f82fb34f0a7cfd1964e124619c16ffc5bf5410b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

MD5 53436aca8627a49f4deaaa44dc9e3c05
SHA1 0bc0c675480d94ec7e8609dda6227f88c5d08d2c
SHA256 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
SHA512 6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

MD5 fba47837a4f1869cece43900ea928039
SHA1 58a94b50fdcdf1b65972f37781f28c2225c10e5d
SHA256 858f19c7c56b26332a91c653c5ca46dcde48424af28a37f6a1da74e68be4ebbf
SHA512 b1f32081bd582e825232bcfd2cd81b0d7699471b42c447539965721f27acd7d49d0153a5a3b458c2f305c09da0f345eafa2572f9acd42bbddae3f5e255eab3d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

MD5 77a7756774746386ef9ead66068e5e5c
SHA1 55692345ecefd7eefe4b8b78b377c23d27281ad5
SHA256 e2519bf5591b6053295770da0709fd923a5c679c543776bf35a12412d17add91
SHA512 33222b2b55bb28e340545fd123806dc0dc3177d8e5f7e8bf209128a34680c8af6210906f2170433d4b9cd1066b88b74eeec400aab89654024359907c6e0fbbd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b988b2d40faac5f86db146e26f76aa3
SHA1 3c1a335910dd888b9c7fdd7bbeb8d717da81799b
SHA256 89184578978b32dd1856df6beaa60d65fbbe40e2a1a23348bd8b8a1e0795e02a
SHA512 b54241cadc966fd16540dfdf2bd9d7ea9cb0b6a32b86a01b35a5fc202487f74b4a296467aa3bdd0435e8da6b34abaecb4ba140191baca33bfb217cd1405a0f82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1aaa07bf28fd067ff378211e76634c8
SHA1 f75d6308453e4507e1866734a69b4dc792cc009c
SHA256 86bfb36c06f9899c25f510231ad0e9aa807933c1df290b782816fcac69b61a0a
SHA512 e6d7debe24d610fa7c9c90cb10955b761ff09cc17425a3a70c99138ace2f094c61c38cd4066b06d1196e955fb2e6d24ec9e35cd09cabf5f2aeec0d6e1ce78330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14390c00720f6d4c73e823fe882a7e18
SHA1 0f2f4a7b4acebdc2a728f559ed71d828e3cc0eda
SHA256 4d7f082689ed064b3d48da53314f1e90181af22693c3f06af2463f052f3015b6
SHA512 cdd8217f8e691697407454b7518610067c8b913816de7a51937f0e00a9b66c29be08a8bfba5419a30b6fe8db7e0c4decf0a5a447f8b210ebfcec769a15128ee4

C:\Users\Admin\Downloads\Unconfirmed 350908.crdownload

MD5 3266fdc29df011b6d957fb55515a39c0
SHA1 86a667801cc4c08c52ecb916ed6c1cfe227e1e5c
SHA256 134160a327410388a2aa8c9edfc20a49fa40d55db41e4cf6d8852372d88795d9
SHA512 4479fbb2d9e4fc62549473aa3a76760a9b9afdce37cc0d3d809cc5194273e8477d80d58c3f4dfc5b52452efee353178f5e93cfacc9ef9fdfbd76016d835719a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

MD5 ea025098c35e6761a82cb4306a3e0104
SHA1 6301f5facc6a82d2d455ef6dcf296c1967a517b5
SHA256 4207641e54e9cb2e066682ddc7a7e2aa0e5aa794156fb5c2020a81361e67ab94
SHA512 56ec932dad87294e4d1df229a524b869c2c3e4d8777385e0b98b18f1e41fb2f330b3a919c2a67884f6a4bb0435e53a546f9139961af85d2a01eb181fb25341ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

MD5 643fc418e76d7330a3165e1e238ce081
SHA1 a81edeb988d1ffc505951594a0651d759f161ac3
SHA256 21d067403e18244f44d612f8e2210be087390e1fcaa47c02b63debbae2e1ffa9
SHA512 21b9aae7232544158e2a7add33d50018219734786172fc0a2c3bf737c1e153cb8b53566c95fc4ae911768a5263ac2b794c0317a069dcd8d796f1021f1694827e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cfe10a711817c78b_0

MD5 e6ea9033e20ad76ba3ac200bf97cb651
SHA1 37b217b68a60bea3eb4590bff0600b64ffb1980e
SHA256 73f6efc16bac62b3285e2de01dba0ee15e04031df2d12b7eb7573681622e718c
SHA512 73f4dde658f7c95fe399036400fa3ba8dafbf57d0de29a8e2e424a5935c508fc5def1414bbf0348c9e4bb1af869e1e1b80f049e75865ad51ad059630e6c58d62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b1b8ae0e28ebcee83a97406efd54cbda
SHA1 61072110ef3390000f68d49adee4ce250993b82a
SHA256 9f44ed3d68ec0ae0e5094d07493b169bd13d0de610ad35cf444d861ef4d998ac
SHA512 bf2fb8938141ea983aebf47152e28afbaf952b44957beae50ac47989d4b1d36ed883756b189476712aeb17ab8a3ce4a44aed5b3cb62bc72ffe034e8a4caa1c5e

memory/416-7544-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9522dd92b4d97c4ac1bc1e114e936edd
SHA1 8ae44352a9531e2f3c40931c2f158c2ac8f50b96
SHA256 b0d30a4a3ad03fd071c7b08e42b285b44ca296a89a36eb2c7000370199d86b8a
SHA512 dc0df10339eef7ca3ec6a5ce4e3e5e48c23bdb650ee5c3f691f94b38de633bd70d7bb3612fd40a88d08cb9f4eca964985c0e09996ad6c9972e220bff5d79458c

C:\Program Files (x86)\BellCraft.com\MASH\MASH.exe

MD5 a01e6daa64e1408a0da357c9520fe23f
SHA1 8ce8943df98d7892d135747ea8fc1e9361d3558f
SHA256 bfb5038b834416ddccfb6dc94d42daba460b96b664135b830a99a68a252186b7
SHA512 4a6a1fabca4db87883af2576a71295f7a8a7eaf66e29a3a22c0c57a23f67414efbab4eacb3c311a2b4394c77cc9a83399ea5a6603789eda4951876449527383e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.INF

MD5 8275c5f0d81e4bdaecaff93426f37ee1
SHA1 8b96c3b0eb9fe86a2ef8c6bde9095c4af26f6c40
SHA256 a8b41751f021ec02a909a7eef1d2a99a22bb583c525f4d2c91631f999faa5887
SHA512 53e8bca5dbe83551fd61d7f5819763bb013aca9b5952a7cfc8e5d5efe33ee6448749352e004616f2ba28c8383e3907663147208b2a1ff5d235cbb0f117646d2d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.CPL

MD5 5b6a9e6737531dfe95dcb29208d4b639
SHA1 cc812359c46383d4c489a76825af8c6d01964463
SHA256 9f58d16004d0b59392908cacab9e41a638af4a05026af17127ed9792840390a2
SHA512 84b82dcd51bb4db6b5b4bc907182350125ef1accf9b5167f133025ceed8ebddea563b17e749fa9105fe0b89765907ed297071a183f3e8b8ec31ef4a4672796cc

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPCHCPL.HLP

MD5 4add01eaf6d9fa8c21bc2ec6e473a878
SHA1 3b72793b1d34aa2292025fa94f59546fc030a8e9
SHA256 e04674b406f2ac0acb4080ddf2aa131251cec70cbafbc9b4796d5ee180597a48
SHA512 8304244576ead82539c3a0660dd66b8c3d0e5cb9a2a1c32a6a9df8e3c8e6b359d0ab5210c86813aee838ae26e3661d0f3e494b8ab45343c1f9a9141da7ca2b1e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 1233b28631b64f0b2fe25e340d2c7646
SHA1 e785e3efbd6805af5a6c6c9192854d5b4250825c
SHA256 9ca0974c15e7f554ebea658aea15fa9739f801137e96348deecb53132effd812
SHA512 beca42ff5da8c4a07fcd4304166dd1f6d815a6ef3a3e51948c2566c2653d20fa3d669701e040ce38e0ceb89860394f82f205ed88de7fbe50c359dc3869f7a19f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPCHAPI.INF

MD5 b00f1393bf87560945b6b38425998a79
SHA1 2fe00a212f952f7e4a53d53880ac90ef8d8c32e5
SHA256 9e7e55b61d3619729829b263e0af2320223c7eda74eadb2644c63d728405c86b
SHA512 854222c8d68ac0d556fe0fb4e1bbcdccde963bf1fe82c1689dd86439a519d8afb5c9db7bca4939fbde011dd4c84c09610b779adc64a18f0caaa57783ce29c7ef

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.DLL

MD5 898fc91bf6424f629e933273b6e46ffd
SHA1 2c777a8cb7f6e9a469f6d6486c98e70414949acd
SHA256 171d545ca7d10188875fcf103b664be2195996bbed2bd4dacfa8cfe827f1a441
SHA512 de7815a04cbddcff2c2ebef4c6d441936314924f6bdce3b3fb4a8bd4b62b761c7dbb3b99a12deb45b23b186f42a431d67b43fb9950f3d447ee9f721bf6cf6ffc

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCAUTO.TLB

MD5 695b08aa62b0dd9031fafcc1bb2a16d6
SHA1 1b151114b4f1fff8b3ddac92f4e8b3de2cc02ff3
SHA256 0e74c1dcbcb38daeb9d505b94f74b32ad8d37e8a26ef4022d46999eb3727720d
SHA512 f0a816783fe19a740c50cef76f5747ba19f86fbb41ee95d53c234f0bdb1e28e7d9badf55fef6e7e8e1b9d1d656ef5c4f5d59baa418fe6968e42a083963b3f128

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCMD.EXE

MD5 367351856db877b6c659dc42dbc89df0
SHA1 6725fba6e42487929f75c59fddf44c8d090a50e5
SHA256 6b2c21142bbb3050101606f05956a60dbe04f971bd8034d918731f8e9450cd35
SHA512 2c5ea481d64203751fa059bbf54e17a826df8a89d73d923dc4c5a68a0c25687cc3d74e511cd740eb801c6210c18a51bf268d3dfb9648a83eed137bd384640634

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPCHTEL.DLL

MD5 c546b50be180b4f7810fd78c7fe8433f
SHA1 d7b071eaff8d0498724c1e779731db51e41c900c
SHA256 ea6b0454ac40794ce46a6fd8fd244179cfe76293b18cdb52f02b372dc0f64d1d
SHA512 34ef3830a489510b42dbe0b084d3e688f7558ad2f806e344b760d5e25744763792ca52a664c312a47417cf629a74ddec302f47eed813e76316ae2e5aaaf6612d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VTXTAUTO.TLB

MD5 283c7d582752fc0c025421fca7b7e1d0
SHA1 ee6149b8023ec61b18b098ec3e37648c610c51a3
SHA256 544b33cf240a425cccc910269c68b99b411b2374571ab8af51a490f9cc277f77
SHA512 844a6689000afc5fa724e1e1fbd4e4efc6ba6f67a4c5d2ef88c0c963feb5f9cbc62779affc11c318bef4b049a77d6818b0b2f8fd0c85cd14e6ae7414885b482f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XVOICE.DLL

MD5 06201e3ce75755e5eb4138a0a3e1925b
SHA1 05296f4e2774b9c3270365bf19304bf28e13fd51
SHA256 2bb50939fa7068791eea58c1fe6b112bcf5bb423ca55b9698411957a6f82d1b8
SHA512 0bdd01a7f42a3b6de0ca094d55d79437897e2f329751735097d2b7c4ed07792ba81c07544ec9a1f8c89a9472b57b3067dc204bd773721ab8398637949ae74d77

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XLISTEN.DLL

MD5 ce7367a398dd2d0f77041316906114fb
SHA1 128bbde9b589b94f88ae9799043b3c05fdc73990
SHA256 287fec5f90f973a5aa4100bdbca1c9cbb0e242f908d218b975b9623ea25f9393
SHA512 a5151b5ff83ed72288e76e9f7637ea83746e61a2d9b13476cec6ddbb072c36b4c5929c40dd0c39a600338a9d8c4a5bebad304b0d29d9f4050a67ec2e894b8519

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.CNT

MD5 4653630ff6f8405f6d26000802e638ac
SHA1 3e6978815d5e0465c7ec557a2da4c253fe89427d
SHA256 51d0efea836528cb137914a6dd77f049cf0457245fdfd608c3936605adb11c57
SHA512 961db65e440dd831f2b490d4c80f306047e65cc0ef6f1c921a732b89a11b289b84e8556d4711ab9af0821cb01f4cb84f8ceccd51865448f93a28f5a02678805d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.HLP

MD5 a7db03e26dd567b3ec5804d5064c738c
SHA1 37abaf849e1cbc0eacd545c19e7ad81d947c113a
SHA256 56dbafcfa4a628fcd20e49bf169115bafe596104f8dd51d2aac8d7cabb452c3a
SHA512 d7f033695ac098a07f6d7cd00f0bee86bd581d3ab9b8f4b5073337fcb1277b5a49a99ea7d65819587ce2d807e0652c7ea0d98524f1cc934be64776c25d2daee5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XCOMMAND.DLL

MD5 198c46362e9e7742f7efafd936624bed
SHA1 87b628c2a14a1c5897fd0281a682e9bdcb32bfcc
SHA256 0bd009b376f9ee2c2cea181adc0014c6c9ba91a4eaf7a3b98441a1696d302e89
SHA512 8c747cb697294df0daf092c8f139ffd18c92a098b1b709359739644029b5523d6b5d9ac80d11e1a4fe885ad13fe8a810222d6d609997b722ae0908421f9168a5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCMSHL.DLL

MD5 2f8c18e8e067f6b84bf8c6c482862a70
SHA1 1c350c5a4674115cb8ba5620ec61fbebcd8fe974
SHA256 437ae2139661f2fb5fd97b34ee751521db477ee8c3454c920c5480020aaf94f8
SHA512 1a5a4d6064cfa35106c865661249d1023ab777b1c216c34dc0e86df435338cf1f8d8589fb567d34956e71a607db4aa8ce43039f42d5fa3ddd0c68506064588e5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XTEL.DLL

MD5 69c2b85b9db59f7ad8d04e6dbfbde511
SHA1 4547a87c80b3ff9e2a148f7c0822c2495240aa5c
SHA256 c32846fab920f5da84005aa169ff259c54a3b9504faabc52f2f53d240ed2418e
SHA512 e677a28a20b4b481d87cd2007dfc3d6f8b88dcd0cdf25df988a43b8480458a37c145ecb8a9ff48ae41586fb571230e79208ba7baf74dd27b78d93412fbe1ea11

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VTEXT.DLL

MD5 c0a7306a302dd35145a37286dcfe6e04
SHA1 beba434997c5f60e988bd98928c13273996cb516
SHA256 b7a0114e8bd9875e98fa6c98215d3b4582e0d1eae9b799b912145e88095ee815
SHA512 ada43188cbf3d877ed055fc4a7395482a7a0adff6268880685b450f2f79c081aa8499f4770cd70c70c146002ac7fd516421202e275a71568872b879d0696d80a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VDICT.DLL

MD5 6dc843c473b68ea93202a32b6445c765
SHA1 3616292d1b84b9273471af195927d422d7fb9394
SHA256 08b35a07bf0dd5b231f7b25aa48476a7f78c9fca7a76c047103025d1a95952fd
SHA512 77623c61303b1f5fafb5d5af3e1d409af37ed3bd8c8c8bdf83206f2b5ba248553758696cf16835299f2267265689ce0fcb8564cf6823074257ce6964ac0bd517

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WRAPSAPI.DLL

MD5 8ccb0967e7371d64933fca913065789f
SHA1 63173da8984611aca496a253dba336af23aeb558
SHA256 8e0a80b885a73c8b62e87ab7f2a4b06a556b4db37a1fba9b37db2629f4c36a49
SHA512 9064f27f70b7a4e48dd9fac1954060fbdb5d5b35355f7be5c8a1221cc931ef20df7e4543b28e4416f86ed0c56b6a2a204d78db4c70e298bd29db5ccab2349d3a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\MSVCRT.DLL

MD5 63da4613383ec70e047b4cd5c48f0b05
SHA1 578dd3ee844678c24c0831b6cc61a7dfae410bdc
SHA256 d4287ab5e4988dfe99bd54243d50dbe8744094f11fe5f9809a1a6fb9728c2124
SHA512 0fe7226cba7984f22367d03dafe568e8c0e44956a831fda93d4bd8ad9cbc9ee87dc03e4a56696c0bb0e5f8ec27a304c06cdb56c52d87263362359523f0a220a6

memory/624-8390-0x0000000000400000-0x00000000004B5000-memory.dmp

memory/416-8389-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 343b3138fda38001941fb97f7d4b4b41
SHA1 47a7eb620389015ebefe69224cd6f19e804455e3
SHA256 9db6ea1d873d68c1c38893007bd54b1889aaf8b0c69ec81456440eadefc43aed
SHA512 35bb172197c84a031b5aa3e56b61d957e0def2dca53e091ccfc189b0e98fd0955c4157f9cb28c8fc9f4d8a7665a18abb05be1bdd53acffbcbcefe358ac5bf04b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9bc3ce42bbde4b6c0bd0e1645a0f462
SHA1 0eb038ebb32414d882740660cba60cd54065a885
SHA256 758bb7fb28948ee59f3831f8292371077206ba37351df30bec7b63bbeea61fde
SHA512 6fec494470b56a9c53f9426af66adc224f69fc42334418a7324d66c84bee7cb188e08262b62f4e9e54e9dda6c87b7aae002435f74290c3a05651c0801f4ef7cd

memory/624-8551-0x0000000000400000-0x00000000004B5000-memory.dmp

memory/416-8552-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e638051f2d77259fb0fea9e357aa83f8
SHA1 cd07c03175866fafae6217558475e9fcd848b845
SHA256 8b4aae9c677a07ab1dc9e1ac398e0cde8733473e4caa05ea55bfe9e35b9ee99d
SHA512 99c28e12dd7780399fbd600b717170701241f48ab20cb70b975ae14ca5c9981d6b46cbd32c4b0a8de0d5b533d3391564113e3852780671069b022f1f1ed6b7ef

C:\Users\Admin\Downloads\Unconfirmed 469161.crdownload

MD5 5bec3cd56f47e42391ef4e792bcb0b67
SHA1 fde0e960134152341e10e7a3e709a39c69aba6f4
SHA256 40b04901da62acce98e9797f7f1d8ad3e4b78fc715633b591b1c10e3804d56c3
SHA512 23e55927d582c9bcb0e93725f70699bf30171b1c9c84cc140dbbcf69bcf01ade390b96d4c1d7cf428a47455f62ae4c5041a696afd827793166cdcbb91c582b56

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a0a0faafcd7ffda2aa6c963fb1b1f252
SHA1 7cf28cf84c788abb4bd6df2e70391fdd006a00f0
SHA256 1920f58aa60432fdf1405c59557f97c6dab6e7938b4a4e02aa8f3e811def48fe
SHA512 27b6d7962e8cb6a8390e433a2d547be7db7f14268a58f5f9aa3e73fd3388539670ab57d1d5db259880d5564f2eb8e42ee19b661532dd5ca17732d4d5b67b82c9

C:\Users\Admin\Downloads\Unconfirmed 469161.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ecba20e4c2d9989bd3399bd0275d59a3
SHA1 7866971cf5d01d158cba648a3720c10e3f44002f
SHA256 7e52ec40a9ee14993ee9270fdaa208b6ba493795c70af3e5d204eb6e427e416d
SHA512 bc9ff8ad4f37b1502023de45442b7bac2b6dd70f768e31736c0936c3a779e353760e09350af9cbead276a9d93ac6bdcbbae2a0783284b75537fc6cc64d4ae97f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6397891a59c90612d51aa534e8a5d06a
SHA1 050518038d213841a3855ae47f5d57a083e2c64e
SHA256 400bb4870f5c27c1a2bbd553e3f46ec7cb38473f73a65f2ee962366777953e29
SHA512 c9b5ab320a222b0284fa5584a14f3771285e5370dd0e3037719b811d7c5cb3f79ea63f78e4a1a0f445eaf9b456343ac9ffec0a127c185bb5907f2a55a432310d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e42893258dfe1346216ebd952e75502
SHA1 c5de0a9873e7cb7d74a798a582398cd3835320e3
SHA256 54ec7bd4384fbe402453a25e4abc7bc047438eb00ada0c9f55c3f39fec41d124
SHA512 f6ac68f0352a00534cfd7d5a70bcce11e1d2388d035597325ccc71b80ce6d42881299754bf99aeadb7fe23489a0041c5bc4a1e043429a66ad8fb084c3df72bb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d6ac254ed327de35e40d370a2310f31
SHA1 670993abf110eb56344467ae81d787bb00da9571
SHA256 d2ecfa45a8c0abc6e347f356448cadb5006e43a86110681a0431624cf62f8b91
SHA512 40cb965db5a1db3a88b80d58ffa807272f780ec293b1dede094bc46f9282901d104469d0c70218990cb3e6de167715f4fff9e09dfdfbaed96787ea6b5dd5c485

memory/4072-8682-0x0000000000400000-0x000000000046F000-memory.dmp

memory/4072-8684-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21c5bd4932fae646ea186d4350fdb561
SHA1 295a9dc3a51f8cc2c0273077be8065d3d349ed37
SHA256 9ea320143dfc53317cf473cf5f45151213918b2fd6613e4b883fb8e31b51ba58
SHA512 8c78d5a8c64aab38441ee4169c2d818e777204252c8b9410849785fae1d50d13a5d82137e8e96817dcceb76c01c941279eb8a8b516a3905fe814ab69a2349c0c

memory/4544-8751-0x000002297C030000-0x000002297C04E000-memory.dmp

memory/4544-8754-0x000002297C050000-0x000002297C06E000-memory.dmp

memory/4544-8757-0x000002297C070000-0x000002297C090000-memory.dmp

memory/4544-8760-0x000002297C0C0000-0x000002297C0E2000-memory.dmp

memory/4544-8763-0x000002297C020000-0x000002297C02E000-memory.dmp

memory/4544-8766-0x000002297C090000-0x000002297C09E000-memory.dmp

C:\Program Files (x86)\Double Agent\DaServer.exe

MD5 1edf89beaf7c0026c43d31a8ffeb490b
SHA1 43f6b4648819069caee32fe350b41bb5b193a53d
SHA256 4b636958d62e114768c155a019b75af645308ea6819e37139adb7688e71e0db1
SHA512 8b1d705d49137dee49f9fc5dc2ac76f7f071e94a2dbb9d56a1773a7f9c54b5bee20777543ca467c651c36ba4c9efbe35d53fff8a891530e5657f71aa4d825714

memory/1800-8775-0x0000000002F50000-0x000000000308E000-memory.dmp

C:\Config.Msi\e624eb8.rbs

MD5 1bdcb7236237fca5c7b77337dd43327e
SHA1 2b94d7084cfaa875b655a20d2732c35bec8a5a37
SHA256 d131fc362738d7ff3862587add781ac07819d7e128b304663c8cd1b390cd0133
SHA512 ecb934b98f7e4ef995c2eba3c315869e1061fa0dd9389c6f75a03f6ba48d3641c44738be218a39a0dbbb655c22e93d8911c8287404fcd5bfaf8f075e99cc1f9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d8e5884e44c4c8f7120dd496cccc5a9
SHA1 e4865fe4f078897d7d0047867b64b610684cd4e8
SHA256 a6dfdbfc2843f28903b3bad9ac66522f5941422cd492b070a7d9b2f8c026606d
SHA512 2896b6bc26650b17a7853de127f7f5467b256ce57090210f5d089bbd0d40a9cc7e6d9ea5270d46b430d09ec5d6f06de5a57db1cc7897a42ed43923698e12e15a

memory/5340-8825-0x0000000000400000-0x0000000000619000-memory.dmp

memory/5340-8824-0x0000000000400000-0x0000000000619000-memory.dmp

memory/5340-8826-0x0000000000400000-0x0000000000619000-memory.dmp

memory/4072-8830-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5340-8843-0x0000000000400000-0x0000000000619000-memory.dmp

memory/1360-8844-0x0000000000400000-0x000000000046F000-memory.dmp

memory/1360-8906-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5160-8907-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5704-8908-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5704-8910-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5704-8909-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9856dc9c45df594149ee4283ed6e7a8f
SHA1 7b05c2218655bf907a14f68ba38205e5791628ed
SHA256 5685fdfc1fa718161c4b77a9f520ee7971a6bdd01e6c931102fb8be8e23eac78
SHA512 1ee7efdaa066b9c2a65565e83306fed421846086b7a8e6bda680fcd345e29ab3bb9ce4fba57d22846bf85e8e7f8826e3203243538632cc7ef719e506cc8e08b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ddefd4be84bf906de2d9f081a3504eb7
SHA1 dd9e47c17d9edc517ea72f7371f0d91cc0cb80a2
SHA256 799e3985789aa9a61e174f9b434b1f7226d9b0413ff937e0d4a700a830091cff
SHA512 d523d241604ea8dc662de2a1e96d601d11dd081ddf18355611629837df12973a433757de8e0c1be85334f0534c16bf239045d7aba9f9fc5edebf41c4e3bd7a07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da8e19c9c1c29ccb5c59bc29391d216e
SHA1 c05431666a46f59c850b34a67bf1b982f3ca8d2b
SHA256 00a179e9190081ec0391d1d69a20cdc244443f14cd8da8930154a44a4515c90e
SHA512 0e1f02d64a9713eb5b3d01c75f01683c537dff2ae38118c1458ac0c06a8a57942faf3d796f9149963b8806eb63784035689e892b4202242c1f4c85e8966ed8d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02b1a637dfc4493e_0

MD5 51fc4c1eacad4b345fa196f1ee4b3d8c
SHA1 bddebd5b43a362760287d115d708ec3f059dfd7d
SHA256 c537da4169c780789cdefa04668f8a2c5b13c3bd97f1a6c9389a38fd9c08781d
SHA512 4dda25bb725d9642f1c8ab5a75772a2f21cbd177fa689f3fe0bd7c86cfd27d658b27f38a6d2dc5996bcd75aff2af7835bb7de34390718e73adce94e573cd9026

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 53102625cf02319729f83ecd4dc9de76
SHA1 6b0dc88df887a974ac4f72d961ddf6d488f6dd53
SHA256 146f12a2ef5cf956f4e012b837e38cb992546a14c3755cf45cfcf16eaaa4e6c7
SHA512 192e90ce4b006930f7f027a6c4ee55e7fab3899714da0e212260741a7b85e5e0f29234e8daceef3ee60615a9406310cff509e2f56af5fc73aba2dddf1eae6f87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 7ef7f89f81aa509c771b772ac6773e6c
SHA1 df6514f17dadef26d327114a69c6e6a16180e695
SHA256 55610166115dfa358b264368922418b7a45e7e04c83bff138a9953dad7a04906
SHA512 0f14baf48f12bb5addf5091ce3b19f813dcaf3142aff2293e81d731f2732fe9252a388577008385f5fdd057f5f25e0d509154be83cc8be61a9fe2fd8f04411a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 8dbcd86d498caf4b73f9debf2fcf6a83
SHA1 c6ce7d6c76082ddcdd8179ebc587494c81a8ec21
SHA256 bec49939cbb59861d1cc6f3d6997a23193b6f631842801ed7b01f7f5e29cb43f
SHA512 be155dc41aa8cd9e525e786ef3cb42adb2581fe5ee92d82557d35a3e987d86f4aa5123cb3bc8de4b89e0edd795fa7083e018ba9c0c5d9c9c66ab5fa53d8f6970

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

MD5 bd59ab22c18fcf3edd3ed83321989b3c
SHA1 2a9bef41c4d4ebd1541123dfef2b61e5867366e6
SHA256 32235d46f7ef00fe7e5977751ddded8c0969c46a471deb8ccdca1c2c14ca2454
SHA512 13cd12fe9fd2699d4dfd0cc1a9c2c9c4ca99c61467df97a89c287ba53a2fafbd3515e983133b27b2d8c7668ba6c73c5f7770bd0a5fb458abeb696aaeae1f7331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 3df2d62ed2a24fa0cd3b160bfa27ba57
SHA1 142481c845887744b969b397d5c2cc6e08067c56
SHA256 58ada50e1e895b13b7176c28d64f967db8ca63451a4e046b99c83ac8fa123b7f
SHA512 4811a609c94714f5ea70531b751bc4dcb0d459f20a6336ac565633722319f7193e8aa62ea3a67f87e6eda62722665fb50b9ea990e2e324899580813dfcd6724d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 1034a984a8f8f9893d14da3367fd2c41
SHA1 418d061437370860e0b1f21de2d18382f293a2f1
SHA256 0743256202007df719e3aba836a5dee634e76ed1b18ee4a3cfb4407b504b1e6e
SHA512 d33430da8b475f3395b9b6d1d7995c9d8f34d8771a9857f6796b5148328e190a6d1b823c800db09195d42bcde4082ff90ec918eb4731676ba04e94bd44502658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 fc67b987839da711113290659fbf269f
SHA1 bdbf8e673aca590e797db09ac2550db953e69c9e
SHA256 48779325525283d27aaec0158b4b03e6b6c8c194f99cce371bb8cb424ea0fa76
SHA512 2df0e3c92ba7b072c028eb01bbb859c224766529f3422731b79c78862b89f988d3bd4abd909bc380e4cd94158876c66196d78a2899fe36d224e52a4fc2054e14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 8df5df36a705216ba1429aae723724cc
SHA1 deb5a7971fda210453d79f94068d5a3e22265d05
SHA256 fdaf90d759608095b0c02cf3ab0768061904bc36d06f7e04e08b614c34a806df
SHA512 8a3e5dabc385634917ed94e4dc2269080acca4dfd655c5e5863425baf5805635bbf370df25aa887e2ca6651525cfb3ebda7e7b2b58c9039077d3988105ad1a2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 e3e4c11e43cb39a1361a4ac6739f3fb0
SHA1 03b4353875c68f9c4e8cc6f61249982442b0931e
SHA256 9931eb9ceca483ee066c79cdc1c38b4765580b5b3a93a8448b6418100e317911
SHA512 7c132d92aa9419aee5273f464d56fcd2c9567938228c8bb7d8320688b2e6b28c574bb8232bd1232748fc0237941c528b1619f31bd93eb8924896731e8a376b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

MD5 bf465d7995d6aa10b2e3805fc29f325c
SHA1 0bc09054edeac7971c3511ea69b4ae37e6ba88f0
SHA256 b967cf1cf854539eec8f65d6efa83a8e16361f62101ff9938999374b9eba22db
SHA512 74e8104b07794c7c2742fdf5ded5152073aacc6b9cb3880a13ea1dee3a0c1c8531214fd61769c8ef8bac5dac01d7525a1101b73f143c24c209772f1fc714e6cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5000633baf134b9cb138eef2f51feb41
SHA1 2a6423b5324fd147ce1f22b7f353e5a7db25ae7f
SHA256 a0b984b8c4349e139a54ca6f44a1258bf31198370e48ee6f36d74f7549d60dc8
SHA512 44e17cf9b55b9d96a6019316a72a02deeafff161efa6f57eec17485aba1fa9cbd8d55532ac2c5e8de7388420a09ae66df757bb6d2d05932d333482a5f37005e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 164130f59eca9d35b51119d44a370127
SHA1 8a08c388c9dbe1b05e11df8aa1a76e34a41883dd
SHA256 489072e9a37e4302bd94dae0551278961d52ec0ad090d79951bd42818ca8cf8d
SHA512 9d8037935d7a9ad972cca4747db55670fbd94b3b88e80606fd49f201fbb0da5aa0ac6373f0187f7540deb1369bca34240bfc883cf82a927c6e9404a692e39cfe

memory/4596-9206-0x0000000001070000-0x0000000001091000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5ac23f41e1c7e8f8089c9f7b76aabd79
SHA1 25e41479e90201fab6799cf47735b5123fde2879
SHA256 aad6cfbb6cecabb76177fa4b1ed1e610e1df2d5444028cc3fbe90f8cc9a25c21
SHA512 7c05f21c7738e1ca2120363e3fadfd1c4eeb7784218b8dadb60e781f74bc736917a3a29665f28e51d6e038b5d3ba9d360949b3c5d86e86c4c11026c954f459e8

memory/4596-9217-0x0000000001130000-0x0000000001175000-memory.dmp

memory/4596-9209-0x0000000001100000-0x0000000001114000-memory.dmp

memory/5348-9236-0x0000000000DA0000-0x0000000000DB4000-memory.dmp

memory/5348-9234-0x0000000000F70000-0x0000000000FCD000-memory.dmp

memory/5348-9232-0x0000000000F40000-0x0000000000F61000-memory.dmp

memory/5348-9230-0x0000000000D10000-0x0000000000D2A000-memory.dmp

memory/5348-9228-0x0000000000D70000-0x0000000000D98000-memory.dmp

memory/5348-9226-0x0000000000ED0000-0x0000000000F36000-memory.dmp

memory/4596-9224-0x00000000012A0000-0x00000000012AB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/4596-9207-0x00000000010A0000-0x00000000010FD000-memory.dmp

memory/4596-9203-0x0000000001050000-0x000000000106A000-memory.dmp

memory/4596-9201-0x0000000000D60000-0x0000000000D88000-memory.dmp

memory/4596-9199-0x0000000000FE0000-0x0000000001046000-memory.dmp

C:\Users\Admin\AppData\Roaming\Netscape\Navigator\Profiles\qwo276uw.default\xpti.dat

MD5 32ec167f2fa3f058e397bfd282052605
SHA1 f2d353cc55e5886a4b25cbaaa394b4e31e61ae46
SHA256 0bace31bdcb264d133fec70ed0be092c40c225a4621f9242545c7dafd992423b
SHA512 52fe825d07b8f6134e27038be5614bf904afa35731dabd9096b13d91673c018a9e8b85daa7e04cac4f9b8ac539121c1ea4d97f8ea05398783614f9756a0fea7e

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 bd83200a0dd2a307d1374a44647d8f5e
SHA1 bc03e61fd848a242b60db80663621b7874c19174
SHA256 d042c39b6545a7440362e940e4137f581fbd0aada95b9775a48a00d35724f3b6
SHA512 f9edca80673417c284c2b95b607abece009847adadd404da58aefd4d91e7a5377dfb975b921a5fc28e288486c19ec63041cbe0837d8e6a7ec9dd8500c2a0d711

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6556ab9105706ab_0

MD5 55c36fe4329800bf98feacdba6ac3a77
SHA1 559656d0e83c177db749802581c00494d1945012
SHA256 b2784ae158e71cb668727fe6f8ce03d1e7f95e1d6e6c07e8e5f2a1a1a4a92936
SHA512 adc0df6bcb356d0083aecf580bee505c46b3f21fb728146eca6bc54c9ad3d0bf65a65295f736207a571f3908c0b3dfc228dabd9298afdd3b47ab003bed144a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

MD5 2a4942316c8b8895a730fbe532a71187
SHA1 676d3187eb858ddb2ace53819cf17376931c229c
SHA256 fa79fd44c3156f25ec6b1a9a762aa76bc176cb4387f03dccc61edaa1dbd8f9c2
SHA512 c194de8b3092dc9ea9fb5e78c59091a111ede3febf657e0ce5efb17d7270e49692ddd965b598a162a63fcdfecca152721ad9feca12e006ec3b7c50855c9ce82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 ac51010e30b1d9614b8d78c203a13335
SHA1 2ebd7fb224b47dafcdfd52782d0ba974387edda2
SHA256 f97c09ffdffd94e4cc2ee4f253f27ab440716869daa0d6275f2c996bf9e06414
SHA512 b85e79641fa9a37f28a6695dbad89844cc2057c36711bcffa08340d669a458d3fa8c9a358f9003c32e3f1ab40cb54a15f928b6d3c814448029613cb697cc92ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 c4e654dde5632a2e06bb1511a520ac44
SHA1 736046cfedc2bdd18c0f3a62c9585e7f5e1567ee
SHA256 2844deece3eee494ba5a1a8e059bf815295ea02f2c0225027b46b7f1ac931492
SHA512 bb4aa115217b9ad846797ba90c39804f276883ca5c2a2438b5a51044583932cc13712dee0acbee071abf6a1d9cc251dda8120801bc4e586827102990425b140f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

MD5 a5cb3a1ac0b3ccea77d3ccd1e442315a
SHA1 5d4c4a329845ed151db8f6658f05e28c41529722
SHA256 51c58de6b31b19b82ae8c6fda6a2d7f1995924c228ceeb8a746639489a7df657
SHA512 7e6b8056e2ff216818a7416b432a97e61506ed45fb2d53106d119926688756e1085e533a776b99f7eb7937a397751009cf2b1cd6c0e8f785605bd7d7c5043048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 fb9472e315f71efc96b4b11fc440ccfb
SHA1 5eb4a0e2d34b8f0045ad57e0596dd49ea93377ca
SHA256 845f6e34267e670a0fe42ed7092e244633286582fb4a24031b36d0a3451c9bb5
SHA512 85c196e9e604c8636c0e2407f0883e1e443badd5e95b2846e27731e3077a03af52e2dd050f129965a4e95d5d40d1a79af9b7646165cda856ab229d28134957b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77ee4c5425c24861_0

MD5 c129b9326250cbf6afedbe088902f864
SHA1 3c437396b0b4e166b991d3c5b24c0dd7aa23a95a
SHA256 7ca5a7eaee01a076903434e468caa448649b24821e8decddcddf84dcb740bf3a
SHA512 8c8927f88814e05f483c6e410c32172df487c5c7ff8ab797f91605db31afbd97013536e1384506e232e4e56aab94002664e8c24198128b64bde6c0dcea348f86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 e565f5b993b490f8a89bd197a5daa1c4
SHA1 5be8f27c964ce008282462a904f3b91484a54903
SHA256 9343474b3e04093312d915099604df75a8a2b5bd3a7105378e6848a3af075060
SHA512 52e0ac658a9d8e22a143b830225b6c25adb4526d601aa2c7ca2027124d6cc169a2873c293b82647530b2242bc38611ca4441646d9e6c7be969f05277f5b68dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0

MD5 f741b2f97bfef652e0ebe7a37cd0ad58
SHA1 ccf3a90a7463fa4686f92dd45efa91667be0acfa
SHA256 567013a37af1f5f63652ccad90bfa7a53b81f548547c8ac0c26a6d2c76e53eac
SHA512 6857a1510ad1c867be374c96c3dcd490ebc56dde5382fb0518a6a046b8b26aba11e43e47d0946c3fa0e943503d98cc0121f6b98a34e9b5afc7f8e3db8f289ea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf0c3222b48cb44a_0

MD5 a0603aa2767285cec55ad71c1b5d3f7c
SHA1 f06969a59d0f85d0a4562d2214931e22f53634c6
SHA256 39a5c2b805501002444946a3a872ff5ac65c544d1e4ccf8a85d8f9430b0c5c58
SHA512 8060676d7e07e4e061c5537fcb84a9c8c7a28cd3f834a742e3da1e044774241ad48f420e650845f80c4191df0a38d741b080b47c17d1f240f67d6419d9db4a2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e073ce7d38347c1e_0

MD5 9fd7d1f7aed1a7c884144f5405cb5101
SHA1 6a710a13f9da906d3ac4aaae4efea83ff7d3eb15
SHA256 e534029a1c5d38b1ac1955fd1d079e0628fa5e36090e23d22eccc0fd759ac6de
SHA512 fb8299151716396fffa4c0f8f04ebc44b70ac2377d2d0b5fc7622419a74b96348327261ee11d24d9065acd375a11939e7d0b0d926ead5a90035ad1f92574b986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 c6b09a2fd45804468a5372ff0d058042
SHA1 cfa1a4519c9ead4df80fd2410528be68badef16d
SHA256 46f3ba7978507d5dd1ae27aba317e748cec04863cd934548ab9b50d929cb5b3c
SHA512 06e40ecc8acce122808105b3a95faa2b1d45ee9baf97c5f2ba7e4648d931b81000e75da83350673a5e91d94c54a4a14d198f5308a5a10b2e868ff90e24e4539e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 f2db870b49da16cfedd3ffe379bb29cd
SHA1 cb35ed1df036a31825f140b17529a758b53f2347
SHA256 3ee7c8bf6ebf4796bf9a526682800ce9246be4f4ee6cda3c262575d28a5daeae
SHA512 4a444837252793d7251f0ccb639157002c1238dec2822894dc470835932061694fdb77225a299650911d9f7c3f99e6234c615c47acfcce78f0dde5d9365ff79f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 ee1172654caa30104e50e45ac23f3a56
SHA1 63bd0bfb5ca3126aac0ad160837db91e9bd757e0
SHA256 28a34cc336147db68c95eab6212a784f8767b70d29d3cf5488946020b0e186f3
SHA512 824e8773606d8538f4c7b9281fcba196cf83ac5826944a56256dc43bb1f8a41973b01eb3dcb4c758b14c87d28d03a158b7705501b71a4ec131412b50af14ec54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ed26cd2dcd561670_0

MD5 06b0be65d622d4c27e8c593a2ba8d6d8
SHA1 d3ba4b4c3cbb41c5b49f35f24920ce6557729f0e
SHA256 700420635097ad76d97b42b87ca76f7fde68ff0dfc5cf57ef0e1663ba646ca87
SHA512 7bff4b0ffe3ea2de7a920d276f2c6a5d580260bc35ac4ab9c0c233976b7c0ef5c106f17c04b9ce96b209968e1a7a3d946fc789ac53051242bbbe1b76f689478e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 fa22cb528d4ed35ed01ce2b91e9414b0
SHA1 d554030c201e08c52ae7d21f3694495d16399659
SHA256 c881b1bc4968d9dadc55852f62b5d26948da9ec0929a84fb00b47f409e4b9024
SHA512 b2a56002f792f7cf55ffd6829d1ebe7c64ba143e1515346bdfb8f73f638d7d34c6ea0b44781f34b045d72a7155b067ecb1f215e11654fb80f283ce1c1fe0c44e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 251db538b39309c60b4cc7dbfb69f421
SHA1 08c3ba20fdf99488906ff6f3e086f4f152005dc2
SHA256 83ac9f4e2e7f17df024b1be79596e98ffd8f73df194aae813eab954a77e8cea3
SHA512 234ff134d67822476f5b4ed5118a73560d8292275ea65353257c2a9adf8d2612d9880ae20983f030ca450dc2fd3e81a8dc94fb31be5592e8f906477b7aa0cdbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e24d820479cdab2_0

MD5 c4f0cc65035f8b83d20202fb570af279
SHA1 40877b94c09b3c38ba90b868195ab3141440c0cb
SHA256 81192752aee109c84375b0e8e7960753f3ecb42b68a5ff21d89457433ef7e2b8
SHA512 3b5c0efdc292fd9982d8e1b9ed4317370bdf7feed9f72a9dad6f5f5d789dd20e0f2e24e2b6347df35f36d932dd761dc4d5c5ff33f2f6c8cfed949a91e7bd8274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 0b2bb203ac544088640e6da95f946c8c
SHA1 2acc556b1538fe1a688982215568b88c7905b682
SHA256 2ba30acb853d14cf460f15c1232b62f49dc6d8bbb4cf7f0ce25ce33210bfe744
SHA512 bc3c8d15d7bc4d42074d0f4dec4523c0cd79e19d4cd4d46397c0e5ea8aa8440b7dd2835cbe66dece64c3bc3a8f98f44c6171b6a3b7031cdae966d4109d49cdbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 8dc27d59d52f78f4bf6d47adfa1adb26
SHA1 91118751d3b5cea3fe8a930fa415fb6ffdac4904
SHA256 9dd5abda1191f39649fc4934ed91622a4c47c92be649e7325754b5e83a0104d8
SHA512 4dedd164d3e50e1c64ec051bed38f545e7e0c8d576a90e837f08ed7a6b4614cf51af0ab5bdd00e0cb43bcf68b34a66402b7dfae705516a7101f4448e40b23077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 96c57b950da58fc656a2947b68d32a7e
SHA1 cd1d5c7ef5348f8b2d0ff8b7de4e2feb766c0c14
SHA256 dbc2704b82cd9bb0f72f704d7f8048cb98222891160a4988e4058006f1843f1e
SHA512 1e5bf6f60df9cb33860be97fd790593b03bda055f5f090ae45a388899c68d9022a40f517b932c7819f2c01b55941162c9d8907a067f9909067a5cdb7e8718ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b0285107134e229d_0

MD5 a6f8171abd95d084104c622735cd38b6
SHA1 7a9f8d9aead267cb736fa1b2c9aea7d9aa73e2fe
SHA256 c2ab7e3ffcf38eefe5df6502bdb847406d24d653223c6519979c5cc6833f677e
SHA512 56f4abb2e282f7dfa25bfe85cb8455f5dd2513445dc6287c21baddfd3af591296d2d6ce25e6bdeccd7746c788dc72885fe49ec2b31a213e92b233cbacf518b25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a474456156bbb663_0

MD5 9ddddb4e2d78b427a83c366ac45345fa
SHA1 40dacc0642b50b8db8e606b672761f5d5d14bcb4
SHA256 d78811527092bb9c2409bd48f23738bba4f23d1e42c8abea5e10ed5f4f4e7dd4
SHA512 84c95f5f035ca83fd67a09a96f2857f5da5138a797778dbe7f3b25982956985013d86edf7635bff7a5a96705d495627dc6ef822ad6be8198ca07310c1e51ae8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9991a61b9f108bc8_0

MD5 a7aeeb6f86264e61ae434263e420cf89
SHA1 f035db7da0bddfbfd53858aaec913864fe208423
SHA256 304c187042fb42834925f918781da2500c169f26b83f6227ddeb28a48b99343c
SHA512 b30c6bd3fc6f957f4b5de2fcd058e4ffb0c78d23955a67f1c3ddb6050737d9bd3c00875b934b446827a7f8e95b1bc00f8e8a3facca2846018b69c3c003d16ca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29c15def1c7dc7d6_0

MD5 0d6141da0ba28af5640e09ae3ea20f66
SHA1 ded484d19fd94aca0f9bf7a519657632ef71e653
SHA256 ad56de7510da6a820d7e81b5a1321d37885df44449f7da70a5e7eb2d017d4fb8
SHA512 f0495ae4f04c5df4fb67ac0fc03cd4f986ac1febd5301e048fbb8c2129cb687d9e93b9162d63e1feecfa41aa50afaaa1a8984cbaad939adbea131f054b87d07d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0

MD5 7afa813c3f8d8c9d54783f144a6d9713
SHA1 edfe4e384b8e35e0e75ce45f14a2798cdc803248
SHA256 b6ee5a6a53debbd480ff74383b911e5cf248914f97c25423241b0dd8c9319a09
SHA512 e30da744e7fe16f5ff8ece4b787a524db9422fc649edc5d59d99ef5a99b50cb8deebe055429ea63afc887f2894a9959968cf9524296654e1d2cd9ee6dc1ce3ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adf3dd026475986d_0

MD5 04bd7b3eb0ec44eb6cc5e16c79a81e31
SHA1 dbc975f55a46fb0a54eb230283d81d947f8bd3fc
SHA256 6c9a58b18238386d2dd2fda6ca32e83cc67ec0975896961f6a1a5c7f913e12b1
SHA512 02b213f8f209d1350f9ef401178e65bf5150662ddfada29f956dc73d3ec07d4b679d217937cad9a19e63510ac6977bf0c075e9794d98e4cf2ce6754ca3208e73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 7903fcd42390ab9e486f0b8f888a3a6f
SHA1 fd22414e45e3264f76229c785c6862476b13fb1a
SHA256 6e75f24004bd024339983bfc57873f328df083f97a3347649757ece270264745
SHA512 cc2a7342121f6792ac57580c6c4b2057f3ed0bfba8824f56072a6ba7db70395c9b7090ba8b062a1a8c81060b499b814c9cede05530f0e56a64ea7226abea7809

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1765dee279e736c2_0

MD5 baf36ef9b81618b7885e063ad39befc5
SHA1 af6ed0e3f56116ad282aecf4dfe1de2ec3b527b9
SHA256 4e8a5265b4f366909843018118bfd95121164dbcca786ab26f696e832fb0951b
SHA512 fd56626c3b6c9aedf47f3a8852785d4fbe7d9a753640b018e945667de09f6ed7e7f0c0c24cccbe5d44924a2588df3dcb876e15653d66fc67ec5a02a233e61343

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c758ec769cf7f3e4_0

MD5 abdd8b3e8aa4bcd1d92357afd9406880
SHA1 c5693a3b7e94362298b7f0df2d58db31551646f0
SHA256 2a092b7d29b6d2b94f90b452d24465c2f6806235cfafe855bde084559536b64d
SHA512 ad3de26a0db7d8f0890a6aa233c6d02f257997e11299bdbe0c4faa4c0016aa7a96641487805a34a951cf238741198fc4397771132b889ee32b48c6a0fdfb0caa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14de625fe39027b4_0

MD5 079b3aa8c8b21e439ca9f9682d4922b6
SHA1 8a2145d49eff14a27e5a26f849ffde7f745fa7db
SHA256 d1ca1e48ad5b5e3582af093fa812b93912360cf572808bd3bf8ce3940af60b08
SHA512 c2fecc4a0b7781706982388f4dae6e2ecd12bcb995f5bfcedc6094eb951da58e9aff22f48a39a395e5ac317baa241d7e185ba1576031735d17a62383e924fc2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 84996a3941ba7a2d58448c68336ea47b
SHA1 215da0734cefc7e1281fe63f5646e26d94476536
SHA256 44972d3bba449ab34e202b321776f7038debe9064ca1fe6f93c94f0a051d99fc
SHA512 4ea5e3a5e5c2cf68c587c812cfa9915352d73eb60b4d9750614dfb6555e96488b7f6fef9b510c339cf74bd34657bc01b717d11b8c451b8e0be45e5e1fa22e272

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\587e815a173350d0_0

MD5 468cdbe5658292c484f0de1303d69d31
SHA1 8439f8c46c7689fe87ae147a0c3aaf8fe687e169
SHA256 9a5a485e384f3d5f40549e2ead0d8a6a79a4cf4a4b9b3d49cbc786ff6367e4a6
SHA512 0bc7f751b14e432ab564ecd1596ffff4a36babb8c0a1402dfbccda8abe8b2e96c4c12b9ed90863b1af43f33d41969d37e5ec97495d7831a05c61704bb62b2820

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

MD5 829e4c9689cead3cb7322f8ebd24ea1a
SHA1 51e1e0845ccf7888825bd8738841e987c2569980
SHA256 434647134ce28db73552bec2021cc566b923453d6fdc681c064a3cc61f924c73
SHA512 eae45fb1d9756fe7cf36264f144a18792c8fa796eac50a6c41cd7460dcd89dd96dd1e3a8348869885f7d97096c5a99289c202dc3c18991de2ece3b75859d9800

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

MD5 c214db66719046a664a0aedc465edf25
SHA1 1c943b79d6515e68e2eff95fdfb66cab54cb63eb
SHA256 9143f5fcf987642cb3d5bfb9ed94429f7f525d885ab3b25be22064fe0c3cfc9a
SHA512 1a1427b0336f4b84389aba1579ca85f4ee13711a94685de4124ab27b12820fdf5d8384abef79bac23e6d5093aa24c2f4e6c14e4ffc47c6f7704966792464362d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 c4b13de47b41df65e0381d810f9d8b83
SHA1 f7e23ef519ac634079e3d8b731e88436ccd1b0d7
SHA256 8e07d307c8cf965d4dd08e94291beade39462d5e315006673bfb7031377cb528
SHA512 475e70ab784de5ef6161bd61079ec5f64bc3425a97586996c0702f3fd0b151b4aa5a96525f167f71e51c8102cfa67d398513756b38e3cff81f8cc0d98bfbfd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 24a6c7205fc9ffc410e4907c7e27e2ea
SHA1 221be9bacfb83f0eaff33ae27dede8bef1ffbbfb
SHA256 f6aea120cab8ae73434238c891df5dcf70656f8782ad10a7e3d185e2718e7ace
SHA512 d1e86b9d58b53db3ced4d3a523bee6148a7ed0f5e084d67b86113890e728f8d0278ef9158e898a7f6006b05226473ba547d55cee4b16007082461e53f72ee029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 12ad1e38474aa8e67ed74467f3b54e13
SHA1 da3942863a2a83caa0cc96a3d00ef6857d5b3302
SHA256 2e2ec11b8896593bf752a38b7aa167b2db9a2646694b144674503b7416dc8bc5
SHA512 4ef8c086ea27654fe325d67d4614f392865c5ef5836c45d3ba7c2b4b4769b8213fa001785cf91422671383c4cf640ad2053debaeb7ed9f384b2e35d16210ec74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 ba1ed9e31e3dee557313bda9047b628d
SHA1 40ec17098288a98144ddacb133ee31a98443560d
SHA256 4f557df7223fbb3c6974e5a8ef73ff853dc39064af8a8baa585351bd658ccfbe
SHA512 0b3581f56d4a9823b581af752218c3a36592d3834a93c3b2396a2c4628df218b5e91446b87aea30fc70670af26e1e3d7a59f527ab35fb3712ade5a59c28ae533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 23685beae696552199b2b3c64ff334a2
SHA1 741b6ab09c548ee39d66cc958eb84fb07140dd37
SHA256 41dc61ed8e50ef10a9899f61232793fe9d728824a9c0432eb5d9c3f70c24aa75
SHA512 dcbbcdde07470a327cc743593a5ab26f89087da3e00c338b33d6809df42a83ec6e6af2ca5a1e867add66a8e3c4da6ad4b895c802493e9b0fc232644a023702b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 e126c4d9ad7d503032a5e3d00537df04
SHA1 f2cb0bfab609f12a44fbb7a7069be72cb62a0b30
SHA256 64e824ba991189f710e61f362b1f1724d6cb27d39dd7098ec56d0b08575c89b6
SHA512 b8e15955634cb27f97edd2442ee1215aa91d6378b28738275cdf4e843ef89469d0c9d7c1fc70991ddb1adc604516b2b23b9a6f867750fb7152b88d25640e8bb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 1d71986d90850b536163d10eec341131
SHA1 90b2e3815e814e20692c4cebbf255414ee507266
SHA256 c52f73a9e7cd8ae5f61dcb4e73245bcba07bde2ebdda6d71aaa5ed99f4babd6c
SHA512 93c115babfb36620aa4c3f8c5d1c53fe6710652e6a459801b33ae6560c2f9ef2863a854d8b6c2cb6381f532fbfd20c8dbe64b1cb27e1d6a26dc5fc5d546dd65b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da3d92cc343f4ba1_0

MD5 2e3e42096d14ced011c04a4672ca2cb3
SHA1 b70e7c70129f117bdd437e0dd38645f5a9db3462
SHA256 4fcc5ba5a49a24129a550134e0c7321624024d58177e2b5ef557f968545c4389
SHA512 8ef9a3ae4ba160f643f146dcc25a641799d74f9d384b7421198792aa5715ba7dba335b3bf40b0524188d9cf2e5a544de5b1d04805e24e3168d374d5aca93d919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 068f8a25e8874efc16d12858c119af3e
SHA1 771cfffa8b1baaa6425a9c26f4ba22f5d6c3da3c
SHA256 31f5283eaf6a4a207a02cefc7d7f3f70664649b00ff81dd53dae3543efb0b752
SHA512 34be58443f511c99f430c785e0dac30bcfc8cf7b141d6a4ce48e937cd28514ab340c217b46dfd55df348ddd970b989f5d5689866c60dad030abd6fa32ebb308a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 774de9f172a816651a5e859421d339f4
SHA1 811e7d7e728e09963f09a192b5cb074599e5370c
SHA256 55225df261fa43e411e8a828c3b9c300dd3151abb899acbf6c97c22e644f2565
SHA512 a606b8eb7357104b0de66bcefa1f8993eb4171ab98a4f9fb439a1397f922937db5f67d1bc89ba4fe35f2cc9029b3c5aebff9cfd48d574f146ab5d3e65bb1cb56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c35434d25be2b3ba_0

MD5 9f37d7220602495a05f95fd0791f46c3
SHA1 1ab31b383a98437f5ae578d0ef6c2e091626e2da
SHA256 358611a08e8aae88c4f3264140808c90197269178753c51845722e8b3b5f3839
SHA512 fa310e213de6afaf6aefdae7b7127901e951cb63188b5e7b4b9e9c55fed38d02c208a7827bdf65c0383ef0590fbd0bd2d97b6b0643dfdff89cbde2536a67bde6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68d07aabfc3db202_0

MD5 5088080e48117a55e6be307b8436e04d
SHA1 192d2534df3945cf9f876a0050d1b58c9a55d4e2
SHA256 c84fc8661aa343dedaa4014676b3050176aad1020d58c615fbd94b8ec4817a53
SHA512 9a99d51710e40b726c93dd46897247f2ce766f192332524df26e313d67596b96e2abb3a461d37a81c2ccc545b81e955585e65a76fe47851632963c340adc3e0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 22a2f6c532fde0810d5fc6281f6039af
SHA1 0b9bbfbf0f1e2c5cb2aee91a508b461e04be084c
SHA256 a4b530033b2f81019192592cd5f974cd96cd0b013b8e2e9f7430a73b7c4646ec
SHA512 a49bee40ca4d0337bd84cc857bfa690d0a69903ac2d23e5b71a17c4d5700f68f1cb28bb03c8feece7f13d38547d13046b2a3952d1ec1576e83da4f555651dccf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0503effc8bf0d7f8_0

MD5 626eb868a8b8c50c2b53b759526ea34a
SHA1 9ebf835f4c9585bb9f15e1c96d8379efad23e646
SHA256 d059f84d9634bacf1c2b84b134fa5529982c5e95519bbc4a9e8b30b8fa2f9344
SHA512 c7d2fbdf7905cd993cacd7f9cd22c509650e06b21c1144c571b10b06a539f9965a82833702a8a8353b6297887793f31aac31ad00b108f52134d0406c12d93753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 0ee74856ab3691f0946482879a4d70a9
SHA1 7216e3e3e52dade72952f75c81770ff63eabef94
SHA256 eadfa72752c09a080fe669f149d1cd14fa8af97b5ecaad68d337a95e156dd874
SHA512 f5959a7dccd473ad0afd3585e65ed52f1ba39808c617384a78d32a72ee2401c48926e6c8939ea75e3e7d8aad189380bb59b595a0fb45d6a4d97172a20959bdba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 bdf334e1e71ec8ef9b5f96f062eb056a
SHA1 50427f3c24ef1c6208ed99a226b730c94396579e
SHA256 1548ef5c64e671d464e8a593bfca822ad0d0d12e2ffae95cccb4b83e96b85da7
SHA512 67dd2fb4387f68046193e1537bb19aebae4981ebe17bd0db1c9da954a4c491caf6df9f1389dbf4307d8a6f9728d288a755fdcea4733c2182dca60824b883da0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 9c51ff06a6acc5d960b1977d72e3e044
SHA1 078e4abfb98027d6485ba94d8076003b067a9197
SHA256 d95248c7ab046aeafd9aaa75841f16525d66ef23980e93b9928cbf4310665f0d
SHA512 83ddf1078b359f2ae09638ce887bde204f03f58fe691a5ac7161eb0d0d2bb5f4d0a72d29968c612c3954899397d66bcc01f157ce2e3c17ff74ee1089690b7753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 54fea4a909d204d9e260aa3bd0f7c39c
SHA1 4411b9db553358240082ec8285492849f5e76001
SHA256 ea2aa6f796e2415fa9d3785c036273497b08da14c60a23a063b4e67d8e2632ce
SHA512 3960084de600a94f449c45e548ed97e124e9a5b921badee27fc75e974caf9c515bd9950c7c57682f138baa8e457a559b62d39a9888474ac16ee7763b6145563a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3c1f5603f6f9e4925535750a1ac05df
SHA1 dfe9613474dd0c5d0543152ba5ed1ec5037fd4b5
SHA256 004572e26d4cbbb388f5735c06781748c926b4d7a752a61728fdbe816cebb787
SHA512 c59ea94137a2f3469e24e9d921b4462542d504a4a1528ac5d6fed4f9155beabc820d84e2fdb5e7dbe3745a306c819492ae43950c8dfee2bf626c86681cfc56b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 628f3bfded3eb2aea59f88aba1ab952c
SHA1 1f2205814c53eb91dc8a6dad42ed6204ec548757
SHA256 98fd30b3b95a8059b696f5fa77f55f8e12ff14b4a9ee8094f465c02ca6f7b037
SHA512 793439d2bc9ca5338bbc2c75b79f020062b171b66563507e0c0d5b1ba8d5848ccdf8774a0c6dadf72b1d9ba094f3443b87fe6ca8a90dd6b3faf106b7f5714b46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4970415a1d46fcc1219ceb7c80af1f98
SHA1 92bc3ab413f3787553bf1be67b1489d27604a363
SHA256 6e1749495f7591310ab7ad2a94788fd0c156e7eb29fabe57898e22c5a615fb5d
SHA512 5ec3c62a5737c2e57ba2002328a6afc6247eeac19946b38e46ff3f947b41f1c4b4da5d12489b6fa296e99926d1031f29948fd4552da83a99f8b6285eaf283892

memory/5704-9489-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fd8eaac209737be576c98073161c87b5
SHA1 41c542642537d96b1d27e752917f9e28053c0080
SHA256 7ba93e6a07097c9dda2b2428fec5fb5aff320d8be1069b8419adf670d7e57843
SHA512 86cc1959128fffe85aeb939f1520c7372ab56b1159497d910faa8449dad66ecb242cc0a12f0c3eea1fc27d08023ed1cc7e6e1ffd95eed0e457a330c60bd85fd9

memory/5640-9751-0x0000000002150000-0x0000000002151000-memory.dmp

memory/5640-9750-0x0000000002150000-0x0000000002151000-memory.dmp

C:\Users\Admin\AppData\Roaming\Netscape\Navigator\Profiles\qwo276uw.default\extensions.ini

MD5 fe9214c0bd60437e884f1305795b6452
SHA1 b7f87af3331f031d75f5759b693ce23e5a1a6fff
SHA256 7ab9226d99dc3304b76ab12dc33f6b81a71fbc7498ab7df3f9c60f0837137d14
SHA512 f732b13bba748d39ae516a56a3a0a3efb2a6df3a38e45110eb98b6c9cc3a89646b934f89e3e3f1d6122d3cfbc6e9e9ef50daa6cbe4710a852668a94b0e62a629

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bad0c96450bf2d3_0

MD5 9064b7150e0980afeb76c9f9c6306610
SHA1 5d3abc9ba6bb883ef91437a4d3bf6028e8506e68
SHA256 a119a51b6c4ebf784a1c7cea12575936016a33e312d45535e231a10455343294
SHA512 0305231c33826711e3e26702009715bf96508c1ce259b7889e47529355eae04aa8272f93f24c06c8281e17e3f719436394b3ae85912edbbedd00ea3daf91e960

memory/64-9946-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP

MD5 d45fffdeabda99f9e4013000427729c3
SHA1 ae1d44182df93fef21b177a3b29d95043557db11
SHA256 1afa525f7d7bfc80164bb733f41587804f180b4f54b81dfa72c7cc1a5debe9dd
SHA512 a85ff282e31ac0af26ebc0bfee4c00d0daa4f3b5548400ca2c65c2eca1f4dd2dbd0160a8ceff20ac61336b0295668c993e00b4b0163cd2b72e0ed3e32b49b9e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a32ee6e262be3f48b12385d19d9db256
SHA1 d767e070381cac803459862f4d59d1b8883f5912
SHA256 824d223557ff3fcd36e92d60bc499c8c9cd566fa354117f7e6ce3811980ce0ef
SHA512 2736514422a361ab99e7705b86e08a1ab52b2db1dfcc9439fdebd53e27914f4ac843a26da0054bdcdfd81aa9a33c6583e5f441b041e83b2e10fed4c79e5555e3

memory/7792-9978-0x0000000000400000-0x0000000000409000-memory.dmp

memory/64-9984-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5704-9997-0x0000000000400000-0x000000000046F000-memory.dmp