6416b6784c92cd55a530ed870554f165f1035ef3ce7d820de9d0fa6b13ddb4a6

Resubmissions

26-06-2024 04:15

240626-evbfasxcjn 8

26-06-2024 04:04

240626-em282stflf 10

26-06-2024 04:01

240626-elpassteng 7

Analysis

max time kernel
1684s
max time network
1689s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
26-06-2024 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_3065.jpg
Size

402KB
MD5

478f0b9ab82b1ee6020658d02193c91d
SHA1

8d5452e21d3f9284a7ba468f414bb53e4baaca8b
SHA256

6416b6784c92cd55a530ed870554f165f1035ef3ce7d820de9d0fa6b13ddb4a6
SHA512

0220b83ddd2610c71e53bed8a30404eae7033a520c301c7dec92224b6f58589be8cbb03786ad1d40f53bd590aa18815748b258cfefe67006a58431c523359c82
SSDEEP

6144:I6696xbMlEggdFWFMKUN5exG1PRcYgtHl274UjFnEKVqSMPESEa5ZelA6+KAQ1:I66MbMVFpUbeABR4Hq6FSMPV8A3KAW

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3548	BonziKill.exe
3568	BonziBuddy_original.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2394516847-3409208829-2230326962-1000\{6A5A36EC-F73C-4C2E-8A61-130F7734C596}	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 153878.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BonziKill.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 220867.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
4596	msedge.exe
4596	msedge.exe
2872	identity_helper.exe
2872	identity_helper.exe
2632	msedge.exe
2632	msedge.exe
3608	msedge.exe
3608	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
3568	BonziBuddy_original.exe
3568	BonziBuddy_original.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3568	BonziBuddy_original.exe
3568	BonziBuddy_original.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 1380	5092	msedge.exe	81
PID 5092 wrote to memory of 1380	5092	msedge.exe	81
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 2052	5092	msedge.exe	82
PID 5092 wrote to memory of 4596	5092	msedge.exe	83
PID 5092 wrote to memory of 4596	5092	msedge.exe	83
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84
PID 5092 wrote to memory of 2564	5092	msedge.exe	84

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_3065.jpg
1⤵
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff883c33cb8,0x7ff883c33cc8,0x7ff883c33cd8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7368 /prefetch:8
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7580 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Users\Admin\Downloads\BonziKill.exe
  "C:\Users\Admin\Downloads\BonziKill.exe"
  2⤵
  - Executes dropped EXE
  PID:3548
- - C:\bonzi\BonziBuddy_original.exe
    "C:\bonzi\BonziBuddy_original.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,10300776849150829268,11291498612836971711,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1296 /prefetch:8
  2⤵
  PID:3060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C4
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b653f18-0731-408a-bb36-3c724a888c86.tmp

Filesize
7KB

MD5
d0254c2a68a917afa907ecb2743ff0f3

SHA1
36d2b1000bfa8a5c3d17c4d799defa61e0b38bd1

SHA256
ebcaf36fc1d6968a0c2a41daf75c18e8aaf3716c514d5db87362e39c97f7290b

SHA512
dfdf44b9ef73d15921927263c9314e7b5e1e6104aff0e3c959d7ffe9a5c472b3c010911ba662cebaf574a098dada2b3df070aa4ffa1fe060af3bd91aba1d533c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
76c36bd1ed44a95060d82ad323bf12e0

SHA1
3d85f59ab9796a32a3f313960b1668af2d9530de

SHA256
5d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542

SHA512
9f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
42KB

MD5
f7189700993d4198ee96bd6af5569539

SHA1
1ad2e11bb23ac04c9eebba69fe755fb27fcda164

SHA256
2447d53bd765b1f2c752ffda92b6f9a1dcabda1e4edc4d7496797f6cefdebf23

SHA512
3b5522068842502f5f6dcb6678248746eabdcdeb25e21d21fb0c9e446b75eb97077f15be7ca8e5b04abd4094bc7cc8ac8452c74a946d369614ee4e77a91753b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
635efe262aec3acfb8be08b7baf97a3d

SHA1
232b8fe0965aea5c65605b78c3ba286cefb2f43f

SHA256
8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06

SHA512
d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
64KB

MD5
2923c306256864061a11e426841fc44a

SHA1
d9bb657845d502acd69a15a66f9e667ce9b68351

SHA256
5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

SHA512
f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
77e89b1c954303a8aa65ae10e18c1b51

SHA1
e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

SHA256
069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

SHA512
5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
2d900c734e852315afb3da5fa8d50fd8

SHA1
80d91f82ff2248d29c0adf2ea815f3522604708d

SHA256
1daf6353c26530b2610ed934da8e563e9f43f0d8e15a4bf65103ddbbee9db5c2

SHA512
26ac11a5657b2110bb34546ef6bac82c0aa54c821b3fa1ce08c67f394ca1452a57371c0be3e97ec7f398bd5c07c705d7cd9fda5bf3cd2dd881a71b115e65674a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
32KB

MD5
e529668d3aa5f8f348e27e6ef2b04212

SHA1
bb9875cf7a3db027e78fa28e18c718b3554eff60

SHA256
b42f812971f896d4d415df864066588e7f0a2b24d2e5c8078b333d9e7829d563

SHA512
cde1008c536ba2cd3e9b8e5470eb2d40c39af3f41b2acc7947810fdb7b640190630865839f830e889eed458a684c1c788fa3ec478ee3aec41eb88fc2ecb8837d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
74KB

MD5
c88f69b53606b96dff18c7924bf8bde3

SHA1
29fa7b32032ecb1564cb6627a9ec3148cea894b5

SHA256
1f7c691bd43a49b47ed23e255c411638953439fa83e5133356aab6e59fe0fb29

SHA512
0cc60147c4b0912a9105706e0112e12172679f43896a0ba66085224802bfc6d1b31d2fcfc744b41fd64e37f75183403dd20e0fe43066a60a452c59fd55b385e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
f9d7c9aef654e1e17a11be30db91ca01

SHA1
33b723c11219afca1a29848fd8d704f30f7393c0

SHA256
33c33ea60091eb455c214a4db497629538bd6fa9501948469982513da0277e87

SHA512
fde2b9fa466bb082b0359902282f90688c61bbd0f364c1e60bcb923b7c7397e7b3f6c64fdef14fa1a54787c12dda9724688e86526e579954c30efef782a6e8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
10931e6644261e0333a682d55db8125b

SHA1
13d50ed13f366c583219d8ebb758fae10e6e62a5

SHA256
c6410eee37d64b5db1d6bc8df97b31db2a65237933fb41585d044d1960bfedaf

SHA512
ea748be7c53ed7dd4925d350323bc33de97414d51a2fa21e8e048b3d250be24d44da6065ce19172a5b5a2810ba2ad62ef9ee5a7e797047401cc60e9b87f484f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
37KB

MD5
669b1563b95fce26d9ddc3c7e9bdc538

SHA1
275e4ae2606a0da908003b77ea06b24ea8b66214

SHA256
d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

SHA512
09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
6d904e93de78ff40edaac3f2cee3e5cc

SHA1
5c193ff84ba7bf597e35b478b76c1e7164657080

SHA256
42d02ccc72a95c2eb5d789cbfe495a1934d77157693257332cea3d1070c601f2

SHA512
308d08e7cb32be2652fb0b53c42dc26b922419902463b6dd7be2aa0abf4d5b52b6d3b249da69133c53ecb6cc7098d1e43a3351cafccdacca8b598c6cadaf897f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
56KB

MD5
f0ccc5a8913e88c106c62a2aaf408a80

SHA1
e7cac57d57567835ddd9344689e7c170aa1ccef7

SHA256
ff7eb985671dddf8fe9ac5adaffcce6b4ffbff15df1cef506ee370867020fe9a

SHA512
1cc438616f057f6816ed69ecdff87c6567e01b64e6f73d6e6ef78fafcfd08ce5dc01f20f879f51ba94fc0e5e43c2ec5383426e1c5bf2ce22c835e173a3964279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
842311696b412df1aca6a8e9172b6610

SHA1
a5317101109a4fbf29eb284ea12b87078c22814b

SHA256
ae12927d3db81b4858e77f733fd13a464bde80e0d0ea0b6b440caed7f30139f8

SHA512
c81a576194ea4eb7d1e8c297233af7249fc3061a3bbe7f699bf9e8ebead7fe3d1c48d5d4483d3855fb9fa271814de45af49d07e569743448f120918d7dfd5bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
130KB

MD5
b61b5eac4fb168036c99caf0190ec8d3

SHA1
8440a8168362eb742ea3f700bb2b79f7b0b17719

SHA256
3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f

SHA512
cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
22KB

MD5
d89a677cf65c8c7490ecc1c2de43fd6d

SHA1
51514ab9a6465729203ee8ddab946cb9a858c6e8

SHA256
d718f40e19980973a3415aa99a72b6349cb7142b4f589d6004a98b11cc8a3916

SHA512
174b945c8f66d6edb9f9074f8c6b9b74f4ffde0fa0cbf230ae9157342eec8bac9306976d381c1264fb57c4b65c586e3f02aca63f7d788924f000e19c934a6cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
204KB

MD5
1886ea92d7527e84748c3260cbf5b39f

SHA1
c8f8ef0121be0aab9dcc3f0ef536c8b6a5c28aa6

SHA256
69fc6dca09c7cd13bba3ee633dc867d78fcf07de7d5945554cec773a92c1151c

SHA512
efb1ace46bb0acf3047af6139260db9c22f5d3ef1a39eb32b4e1372703384e7eee1eb6ce795040a76e0bfd5bc0ccdca350e512adbb237aa9d534f7eb6be02ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
19KB

MD5
c4c899e0b531c6b865bd399a7d7bd51b

SHA1
628ebb62bebde38ee4deb69d17d3d00b1076cee7

SHA256
4afc490743e481aabe24941bd3e2e53eb3a0dd7b1bd6172f59dd69b7884bc98f

SHA512
96696a6fe4d8a3b3a481bccdb7612b07e58b420dd95b6d3a06bf26197ffdb4337235b6ae36eac8501caf217e134ae736f3a5aaf39eeab66bbf51837a6fbbd887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
4.0MB

MD5
da262dca279cafbb35efd15206f9d6b2

SHA1
04839649bcf3922dd4de5e9cf44a70f7506ca3ec

SHA256
c19acffc1f39c466d1d4fdab044f5ae3bbdeeee99a1311b129a0f4c0cc2797a7

SHA512
900a81e5dcdf3c3e23e7cfc2f873cd8e7aafcbc617de82ba1befa8872a7e5a827a093773747955d957157904db4d625f2754f021d1a3fc0f1982102916a341c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
18KB

MD5
3ec81513fb88866b8d02cae7d43af1fd

SHA1
2b7e923ff861fe858ce135b7c96ce95299b4a6fe

SHA256
63b38c6d1579fcfc019ac4334948908028eebfa90683e437da46ce9f0890aca2

SHA512
a8dc871a0c76c59f48cfffd2d6802b298199af6862b35b8db5163a3024e0a02024e90b8cf58346697ef48c64611975e97200c55f6f1fd0c0f7114785baf3e051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
18KB

MD5
1a3d9f926858eb85cbafd57ca14fdce2

SHA1
4b17b0d22bacd6ec1dd4a7be8a485c97bb1cf8cc

SHA256
ae6991cc6c7ae1ed36ef14383cfccb68b2383d301879a6ca22d8e4371af2e511

SHA512
7d525504f18880acfea373764294b37fba75b438488df7dc26facf5dc71842d50674884170c8f51fc0072c4c1c57b15136f91a349cfdcaccce8ddb6f1adb3ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
67KB

MD5
e01a4cd8fdcc7c74dae0b1342fd6a77e

SHA1
bb9b55cb8791e907bdb0500362b1a8251dfbac06

SHA256
538e014ff67894b859e7e60a034a23c4f27e8096de94c2fbbcd8ca1c9020165b

SHA512
c8446fae65ac4f7ca0d126cd0e9e4b48c903fe4ea6c7852863b99a2d5dc2e1004af0a0e229906f8cf227eb1202e6dd062b659b0fa02f5b4dbfe0817765efb81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f36c5230c25a93e_0

Filesize
2KB

MD5
5cf5894231c508c31e8e2b5fad4d9e5d

SHA1
62fef08d4fdabc8df75666828a1664bc6bea4690

SHA256
ab1c7074c10649dcc8ddf7036e79e449a020cd56ffe05e90090cbf52c7bc6adb

SHA512
1c72e84d51ef8a8b1015f25519998ca45324a1b1463129075c200aa50c2cfae113877a99aff7fde40732a2216c9d38ae6ccebd18903d3acd7798d8161dcd7831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2311af0fca936641_0

Filesize
26KB

MD5
289842f6453abe81869b97f5ee0c048b

SHA1
bdf7f0185ac268938b398ad09044f7973059fdb5

SHA256
293f541eb850eeee396253eb95b7514c80b1a5df196c56c7eef6de8914157ce6

SHA512
8f0c776f4cfd84768cd3174ab00c895bd6863fe562e86dcf6a33b45e05ccdd2d4940e19aaf03051b2b2ad4948a0c42479478102d611782a01c516af2356ca1b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3552e3a94b35b185_0

Filesize
2KB

MD5
e2fe9a22f486fccbd90c56fc433e3617

SHA1
c03ef449cc63b125ef64c2139714d68c7743cbc6

SHA256
f7f0230b03b035bf634a6e1be48401c26d3a609869f50d042bdf15f4e8e9cd1a

SHA512
8c0b592f9e79f4c8f4fcb14d5f5076b2dae2afeac52aa25083b08bdb81307817c0fc056bb06c10879625354b1b55089b8e5eed1f3f69560323bc5c11ce548f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\491bab6916334e81_0

Filesize
10KB

MD5
f4ddbccf49d31d49a5a72e9fce203788

SHA1
e7f60e273ae13b433d55c7c3ef1080f5f6534d82

SHA256
0a10aa4d8682e0001883850c212b8e0d348422a394056bd3f832d34655c47a64

SHA512
812d9d0de1f89c8ef00925b7e214487f12e4e1a9d8683eae1fb0154d4bf678d24191bd234a58720cf2b9b5fdd595e74c1a3ead80396e6289bf4823b74a18bbb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\896e6fc204dfff63_0

Filesize
4KB

MD5
42d5db27c908ef38863e866cfc95dcbb

SHA1
8c7c00b0f2de5fed71e6098790bd8f04e298511c

SHA256
74fdd4afedb4daa0cde8225377623117b7b265f605b9c6decc63e0a6a81d1ca8

SHA512
dd3aa6323d84f8cf6cb0ecab78602091db8c05cbc16f2f1b8ceb3feb396f71ce1c8f613f7440ebd4dbd8ac639e6ada02a2d1827ef64398563c4ee500f8554e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91f0ceed804a8a89_0

Filesize
2KB

MD5
90381c72fa42372cf230f07bfdecbf7e

SHA1
2d6a2c1ea2773245f278a70042962b1b11b309fa

SHA256
1b1a9d1477787ddf2dfc1ce1c278885073e2dff1e4c6b938d5cfefdf2cf8aaee

SHA512
daa405f3952e8dd93a5fca3b52c4d058b1e84181c76b95da1c49ca8c01fd9b5431a24b406e4c46aceef0799552a226682bf91d57774f725bf3ea3c48546c7404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e388174f596eb0_0

Filesize
1KB

MD5
2decd5e232ff1d9e4c6d218524fffde7

SHA1
aa63525b9a530a70ff95bdb6bf7f0459b9ec8c70

SHA256
2b0900257ea96ff4b91c507ecb79d592541fe867090e2e62b685002b7aadb796

SHA512
f2c041ba8f1cd8b425989cfd30552cfcadf63a6a5a9c881a0555bef6c3623a18451c70c0ce671756ab2709bbd9013a0bd6adf96f8dc46f0c4ddaf37f7482959e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf7c13e7fb1ffb3e_0

Filesize
1KB

MD5
0337986dbfa4e88895c651531c7dfcb2

SHA1
839a04c4717184d0296d4836d7037c7fcfb2c42c

SHA256
1d90ff427db0d509966948450e9b8c47fb7271879e3be1cc58658088676be57e

SHA512
0ae73b48c912a246fd744ffaf5c92427386b3aeb80ab4d92f9078e417ec465d20c827028e1736e4b59afe721983b1836d4d7ef9149c90e3889fc81775958eca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
be75fe5b8878ee56e949ff8796495ba1

SHA1
8189ab85b1ede9a38296b4ee5ee3cd12e0a7278a

SHA256
f46247c7b9ab5f1e05005ce67574a6f4b5c1927a7dd4ada1ac954bc1afea6526

SHA512
bf5562edf4d3ad5af3a8d171b540cb7eebe3696f86f3fa045b84e834ec5b14dc983fb96b474727b32b9e51745b24551bb32d9f3da62147db9d81aeae3c36e892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8cd620f521b913282ea595e69c8d6231

SHA1
c62d42d6a5ce07d2e73ce6a9d71af2406b3eec00

SHA256
87a358a4dd7fffdb3c8d3d5c321425b0ae61b29a81481ca00a5c595c18dd51c8

SHA512
8932112417342ecf225f372401ffc32f8c16db4160c7e494fee6952b42e1997bda08e01473d036e15614c265afe23c6f7cb0ab6947161810a286c467c0e878f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c212d5d0284a151e23001ed6ed378447

SHA1
3ef0dd16e48374e069fc0f03ebbacf0c11b5e970

SHA256
0943398569b70e9ccc69799680036c7825a1fada1ae9b99f9eb83efd66879989

SHA512
2246865a5fb3499db538190cbebaf115e2390ec147e0ba1f4153a277517b411df5daeac29e59adac899c049b60af24c4bea9e6515c9addd5ea2dce2f0e425d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bd8d88a4d0eafa0b93582abddfcc6ff6

SHA1
d97f6f198316b8711dfab873ed3ff932c74952a8

SHA256
b09d58ffdc62f907423c2ae2f964e91074b2ce89f1368c2fe9552b833ef132fd

SHA512
e490f0b2f8c488f87a8009f0c6b8c03109ea2c240e469b3641cba469d3fd3acc51a9443ec878211b504a278dce73a3bdba5a884dab68eb127462824af5aad859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8a771f7ff21fa040bb475fc3308318ac

SHA1
a50ae76050889e68707d3f135b3e2f4d1e84af15

SHA256
9cafebe2d61f967c69f6ea89d9a8f2b36fcf3f971897196f9fc01c9066a6773f

SHA512
64c4999ce53bfc243ac9557eec1d7c643dd9fe2fa3839c9019ac5da35e4eb5b947de00ac53d48b3b0f5770f434247bf26957cb33fa7a02bd12e00abdc0078ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
35070c2ce221c3ed5bcc88839ba6faa5

SHA1
831d9c43514373ea475fc75a06db3da0867f29ca

SHA256
a3e23a064c3b0fb38c2649d95d690ed472266a1ca408f4be2436cfa7ce6a6024

SHA512
0c026cb38969a997a6a102d3ea47efad2a985bde92f2f4790ba0cb13429c2ad2a2fff2867e8da9cb0bc4e21d2e98ef974bcb4aa387834019470dd4251f097835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b96dae13f03524c5a3f80808f8c053b3

SHA1
2cf0e2fa8395f7e9b2fd1cae14b520df49e6d05c

SHA256
087550017654eab43e3f24ce9601912d71c1d84e1849f5dfa9c648023e1661cd

SHA512
0c62d4ae20b53e5601886f78f3713214230daf91fed5add7f9eb2f2b1b328e5803c138ef64dba8be5c70330e3013a6d6aed05b7309306827331d3180cd6545d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
23bd337cab3a09f417827e5b7ded1dee

SHA1
fe74036e1bedf4dac47540ab8b11f51198c15fe5

SHA256
daa9ab9ca6b8c41ca432b08d095d6e8d30343bfc66d2382bdeb4361703269598

SHA512
8435de5d07e833d0aeb942dbf55950054405939a8652191979547545c6ec74eeb1ba1ea9e47073d15f3a3bf64eec80b4c8afff3c4f3e924b8a8a0e870b76ee12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72b09655415a22760840d28ebf68410f

SHA1
e5885684bacdfc0f84ea29a54fea1f9651abe559

SHA256
2efedb066e7b35089822b75d6e58f65d835f598e23d0152c2d6c81385ffaeec3

SHA512
bd0568e269e571d0099bc1968bbfe38eacc1c201a7ccde0aba1813683941b5fe14687e9503675e97b4be485f4872ed4ac276354552acf20c754ad791e754ac3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c0921dcf965545db4ff3baa4825ade8

SHA1
6eb969a3f6cf87297eb9686a27ae78c21bcde790

SHA256
1f6911383ba0d000c826f12584a38b0fe025b6b0c87358c2097636018f067c2a

SHA512
e4b92d0be75ff2eeeb519de966bfb65840c6206b84e0f5e585c849bebf61f5c497a014d7662763c1e4c834e5795c4f19ed9edee8c012ada536eba7130922234c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccec626aa059844e87e0bd10928aa79e

SHA1
6f1269e07dd00248f9cd20fedb18e8cf8fa31482

SHA256
568d44208d8b340fe2ebf2ba0c941a1a7dd48f3a55f740b445807fd573933b8b

SHA512
8435eee53dc56d3055cd85db39d3ee49d60a620ec4406abf26cfb0379b54304f6fd967fb6decf3636b8765190065ef0562cccf5cdbf6f7e3b4409ac98f6512f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05cbaebdac8c610ff1cffe079b6f03d7

SHA1
f7d0e3c00a26e2a87f84ac82d9708c101634e21d

SHA256
644bf54b22bcb2ee9e98e9871f4fd77c7f776c048106e1c6f84b436d0ef41da7

SHA512
5a888801a82a703682fba880c688112850ed573a69b4b177331ff4808bea02e7f6dd1960e02527ac41fd831308605acd9856433335f59d1d37355445c62ed35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
053ef74e27bd3fef705f19f7440b5a47

SHA1
9db41a20c007431e498d845ec6ad3f8702a4024e

SHA256
2301f734fc4f9bcdfc35a496b01a909ad1d0c792ff85a137dbf9606245f117e6

SHA512
1152d1fc1563388e052bab76d4e61389a826bc3e66c6970891d072d19f86a9d8d1135bcc01cbfb2230786eb6369709361bd727d82121abdfeba082cf1b62849e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5792e2c8f2f515d2294759edc389fcdc

SHA1
58adc2282ce48c8fa045acd0a09ec5deb47022d0

SHA256
6457bf40a5c4e29d18fd6b7f6f716b6878cf1fc1b1988e6dcc5b6da2f3a093d2

SHA512
6c52ee3ce2fe334203ddfdc8fde82daa688662b69da4fb8aa1c47bb7036ed086b28a0b93396b6da7733e3e520342eeb38aedc99e2a32c403571d97466ca6a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1f7caa38d5fa1a132afb32b5958ed56

SHA1
934cc928efe6231b7f3012ee2285c6a7b07fd11f

SHA256
d824b540b63db2d157f9beca0bfaa8510169aa491ade79c90b19bc2ccfee02ed

SHA512
10ef64206da60858f4410f91a1e2337206071dd0ce43c088b018d2a9a4432502fafb90a8c77585bf346ae85584c5d81badd0582221647bde44363cb53a8c7134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ffde68d61d6ec93db35cca5c9f39de7

SHA1
bcaebb0c9ce19a8b07638862ee0deff4b87fbc7f

SHA256
043ab41a2d8ff036f3f3d6229979b3f67eff1cc6b9eef1cedd08f8054c5b9c74

SHA512
34cfa2c270b080cdc19aed6d24e7a95fa5784554d9bb4229119b2bb27e4a2edd36b3b8c7680b6f5d35872e8849c1c014042639116202e95fbd4a4c6e7be1a36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7337a650713c2c70e5f31d817959b32c

SHA1
209199638b34ad4c9882ffb38998b25b3462ce0c

SHA256
38959598e9f5f4fc9ef43b8831176d401fd95550fcdcc4c1c6fda86c72d04083

SHA512
eb13c88a62a6d9f06c2e2818e4a969593c2597315ec3fb62ce8ee022dd83d2b7f96c8eff641c874178a2d2e4aac06c242f93176e293956795ee38680fd7f414b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d66dc50096c3b445a1b5249686d1191

SHA1
a8f738df743e4829a8c1f9c222b1f795b115a516

SHA256
2a85d90cdcd91f0ff2a5ff268b7cdcac1313848ee2c1f1f15129bb1b133a24fc

SHA512
6cf37e891c0dc0e7fc1e505c4e2cb31f191dffe5d7571f59789bfd880288943b273d95202fb69d8f5daca0bb8a58423bab5404f3d10efb807ae2a9a498b64d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4a7f5fa6ca210de03d7246ac00a57df

SHA1
7d7ab5a9d7f0f831183238d378e3ca8e3de82999

SHA256
79d95791e6682b6323f06387ce457b78d44a36ccc2d80505ae9ed56736ee33c6

SHA512
dd3c500a3e3fb958bcd8cf7444ac459fbc72f4f36239a8e56173640942067648e97572c55b9318c07fb1a65fa49ee4325320667c36c26de291a3b5bfd122c484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6f75079215bec3d04c4210856d4f360

SHA1
e71f92bcefb51602fd05f76168701dd82be994d1

SHA256
6e9a15f9aa3ad145d239774cb85e26869dbb3ac6a07bc828c50d91f73b81818f

SHA512
de6b0c24acf0d74846050aa6d027d67d54eb584229af3163f9e15c0d7ff343eef1c569882efea4662118d61f29b05c25c92052915dfb3971691aede2f8d3f1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
054137cefa52158042c91bf430a35dc2

SHA1
9d83d855ee463acd1975f7728ffa52ddc54a88bd

SHA256
926e32cd2320540f1e504478c2d67a4c0722c321f9d80449eeb4bb43eeef795a

SHA512
9e5a85c133d70d3f90fb33fb421d2d55f7ddfcf63dd9f6164d3e03abd332cde5f385cb1923b063375311bdbea23b558e18bf0e7b547aaa3bd6eee5d6a8ef019c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29ab2d27e629cfbbeabc5f529d06e8b5

SHA1
ccd7bdb87333029d1f8c90eb8ee4da20b8d11bfb

SHA256
0f3f1fb32d9968a5f24467e698259d38f8efee1643c84ed8820dd60cf2973577

SHA512
2b0d42027d1827913ed04ff2b06edbb12b91be447e185d7eef0eab9390203e4ab42d08965d10192af165d5745e5767198207e8ff496f8c6504651ebc68120e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
063dc4b59acb75e2f9005163dbb10c30

SHA1
55036d6def97903bb816d36cca9f8364fcdca258

SHA256
7781fe78e4ad0ed1272755218e68f9ff72b65020c60523882c87915aebd8afbc

SHA512
6c0fd2782ebb0f961d23d15f5c3686bbb645f49680ac388ede785d7a050d89da00320cf496c9dab64391183b184e5be8d4f7ffc105f944f9ba4e582d7c9fdba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
879b9e766f8d4feacd7fe56e2501a18a

SHA1
41ff36c4065aee5f2691bc2706f04b8be999694a

SHA256
0587ec1255e09f66f7765e5d7adda7a4b514e763b8b2d2f764f02b2934e06ce0

SHA512
0dad0140717140fade7a3d2dbf0fba0cc8041498e569662e81923de215931dbfc760c73e046ce1a1ec74f17252966cc12dba87083c9f386d41945951c658f251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce26c965064bc6e2411dbdf7b4cff9bc

SHA1
1506eb0d257e4f0cf1d3b15a56ea52053a106011

SHA256
3ef20e1098a29a399d541ad4d5ea562f7ea78baa6907b8f2aa6163cb6e6e529b

SHA512
c0d8d1e6855a47e8637665915e69d25a760133a91fdbeda3b950ffe1a52f59db320f12c00c4eda3033c85922ab3814af596edda92ef36ee076b1c27656077a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e0a43e4836be7388ba2eb3aba8cbe5b

SHA1
0d3f44d0bc88981f9a6a66e51b333563e83dd861

SHA256
a8a446c80741635f71b10c1e350b8b6ec9273a226345b6194eec47c21a3952dd

SHA512
ea9681f0fcf7fa5b46bdb0e5d2d4ee9d5c3dd2a1090b406ff80757376d29f8c0f815944cd154bb3fc1668369f3f7f914cd562e60cf14777e326a32c1f2d8ae7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4a8e674a8fa5e8a6e72829b220037e1

SHA1
725eafcbd29e7e9e152984a8ba092c0b761b4441

SHA256
30d3c606dcf2e091022eff72247869259459d75fe8d647993f934437e8067215

SHA512
148c640523a25595915e3ebba25a88d221c7f48b39605bd772ea459c00ea5a09434820449a2040227a3400720baf73eecabc6d5c8a4ca9d348b4eefc7e215264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
788f4de53cb308e129137ab1625181c5

SHA1
92b58ebabbca4b18ce0646f2e7cd012cf9f71e0f

SHA256
854f74c0c86171c103b0812fffed23935293b8f05e5b0d4e8be63f94d0885fc3

SHA512
0fee38b2933ec64ae416b8334cfed347856ba650f5038f4e7be17e976336c8ad2f6b7ecccb1d0613af49c0ef298002aa1f899b2cc1f2ff53c43e37b413d9b04a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c0120b6de150fe3f5b62a12e90b308f

SHA1
9ba89d4d0a6063494ffaa1ed7d808e2f43f363f4

SHA256
eaf0f52d017bb5b80dd87411c293d1cdbaf307d85f56546dc39beb6761f5ab23

SHA512
2503e2606ae455c657cb6f1966f3c7f1d0059875207f05f96eaccffaf98bfb5bf0a8834f665d9a4984095a45f6eab4b05a9c55569e54ca73067bcd774328e92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
353797176135138781033fd80508d387

SHA1
0f7a934f06b2e9df73b1ff0cdb54ea29517cac97

SHA256
fc184abeadf163fb8391f5b063955df1fca72cd1efaafd2f52136cb43777bd46

SHA512
42b8dbc22e38d9a298f7184ec5d1ee6cba6b83bc1d031b92c8243e5dd8cb0ddf5cc5f2e3df4412e8f9a666573e432f53e04846021d28b4ede6fc879ee2cffa15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65dac9f5fe63b56e31670080c023ec84

SHA1
07e0ed5c34db219433680e6a639a58a91a142e83

SHA256
862b27885f9fb15892098676770cdd2bf597a9382f55649904f065d86e5ab510

SHA512
3a85b16eb08575e35e375f55817792f6c3f0ab3db8dd7cec989937ed06eb17e38e1315bcd99b68aa73fc7c77dfdfa7f688461f60b50b7d0ad4463638b7daf9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5bdb5c7e91e841cd5c2c84477b0920d0

SHA1
7c3a55cec34fbedf28b82890b4d7731142ab15ad

SHA256
103cdeaa8e723c6b9de9b5b03e2c8a4b6779fd1761d15f57c29342a158b4bb1d

SHA512
107b5baccb39f89b4299b1d09cd465522024c7d9e5d8dd77aec4c83cc4f166c174bd79629f8c132137615ea59cf3adcff577c4c94ce27979868cae44d5e67636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e04e.TMP

Filesize
538B

MD5
d2d2589f456cea604ead56973bd05f0e

SHA1
ef5c254767ce06a9bc91df6025be4e8214258e06

SHA256
910da3f03f47416d263ee657f416e483ed71d123e6ef7fbac42ee857ecc58da8

SHA512
5749734f9f2d0d4df453b0cfcc201a661cfbad4d1de726da5b26eae643d39e3c2ce0744b7b8fa892a6894561ce5671a36bda917185d56d5127a8d3f2cb7c77b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97902601ebb2e9379b0f6112649c1ea7

SHA1
1f8619cb3506fa47cd30532724610e751180b8dc

SHA256
3e0cbe5bcb83beab545626e0ea69e1d46211b6b27064cb7e381205c5e34d1e88

SHA512
36da97646a1e87361fe7b4d35587d1a149e2678986500f1ff48cf2d07afdc708600334f21dd0b016414cc31dc5a41a8f77deb2a0182bbd9d192da24e290f6323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1dafbefb56dd71d5405d9ae394053003

SHA1
c87681f8a2a23de2e44fadd355b9840d78b26c4b

SHA256
ef11774b8de42a25b62c33f372a2652fc5617e60512cde198ddb87969b4c1161

SHA512
6bd8e5c66f66f737869f71eb2f0ac63dfaac981212cd748f7dc3fb5fe83dd93e4e1617c38583c45ed7254544aac737cfd408ef59a2d250653f90fdc24ad2716a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP

Filesize
6KB

MD5
7eccc259af24ba7a5a0638562536068d

SHA1
acd3e0fc2e10dfb2e57efa608a60297efb32e54e

SHA256
2e682f6b72fe7f464da31c01cb4769c8fcf556957405740140394282d4fe0db7

SHA512
7fc719c7c0499efc6eff2594e1e46390a421db4ae6c36c5f8822cccca52cedf6be4d9282e49db246a9533fcb929a70cd4e7a25e09984f69db2c922f6c4ba6f8e

Download Submit
C:\Users\Admin\Downloads\BonziKill.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\bonzi\BonziBuddy_original.exe

Filesize
126KB

MD5
ff8e3bef2b1c444e59d21d5291c81d96

SHA1
a838dc974a49dc0fad824cedcf794c8c9651d410

SHA256
50a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e

SHA512
b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927

Download Submit
memory/3568-1685-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3568-1687-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3568-1700-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3568-1688-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download