Malware Analysis Report

2024-07-28 16:26

Sample ID 240628-cr3n9swcqg
Target VineMEMZ-Original.exe
SHA256 5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
Tags
bootkit discovery persistence ransomware spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923

Threat Level: Likely malicious

The file VineMEMZ-Original.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery persistence ransomware spyware stealer

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Image File Execution Options Injection

Reads user/profile data of web browsers

Loads dropped DLL

Deletes itself

Executes dropped EXE

Drops desktop.ini file(s)

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Checks installed software on the system

Sets desktop wallpaper using registry

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies registry class

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Active Setup
T1547.014
Event Triggered Execution
T1546
Image File Execution Options Injection
T1546.012
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Active Setup
T1547.014
Event Triggered Execution
T1546
Image File Execution Options Injection
T1546.012
Defense Evasion
TA0005
Modify Registry
T1112
Pre-OS Boot
T1542
Bootkit
T1542.003
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Defacement
T1491
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-28 02:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 02:19

Reported

2024-06-28 02:35

Platform

win11-20240611-en

Max time kernel

930s

Max time network

910s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\tree.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Microsoft\Windows\CurrentVersion\Run\DesktopXmasTree = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\tree.exe" C:\Users\Admin\AppData\Roaming\Data\tree.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET15B2.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SET15B2.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET1516.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET1513.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET1527.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET1511.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET155C.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET1512.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET1514.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET15AD.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET1515.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET1511.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SET153A.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\MsAgent\chars\Bonzi.acs C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET15AE.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\SET15B0.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET1512.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET152A.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET1516.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET152A.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\SET15AF.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\help\SET15AF.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET1513.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SET155B.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET1528.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SET1529.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET1515.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET155C.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\fonts\SET15B0.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\help\SET153A.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET1528.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET1514.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET15AE.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\SET15B1.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET1529.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SET155B.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET15AD.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SET15B1.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET1527.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\0\win32\ = "C:\\Windows\\msagent\\AgentCtl.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent Flat File Provider 2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CPeriod C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD5-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentAudioOutputPropertiesEx" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{1D06B600-3AE3-11CF-87B9-00AA006C8166} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCommandsEx" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CLSID\ = "{248DD896-BB45-11CF-9ABC-0080C7E7B78D}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ssa3d30.ocx, 106" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1\ = "Microsoft Agent Control 1.5" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\ = "Microsoft Agent Server 2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ = "IPanel" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F6A-055F-11D4-8F9B-00104BA312D6} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLSID\ = "{BDD1F04B-858B-11D1-B16A-00C0F0283628}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus\1\ = "148628" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\ = "Microsoft Agent Character File" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentPropertySheet" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F96-055F-11D4-8F9B-00104BA312D6}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon\CLSID\ = "{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F8C-055F-11D4-8F9B-00104BA312D6} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ = "Microsoft ListView Control, version 6.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ = "IListView" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ProgID\ = "Agent.Control.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ProgID C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2016 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 2016 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 2016 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 912 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 912 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 912 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4504 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4352 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 4352 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 4352 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 4352 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4352 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 2628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe

"C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe"

C:\Users\Admin\AppData\Roaming\MEMZ.exe

"C:\Users\Admin\AppData\Roaming\MEMZ.exe"

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/watchdog

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/watchdog

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/watchdog

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x00000000000004D0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=smash+mouth+all+star+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xec,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=myfelix+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=john+cena+midi+legit+not+converted

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=grand+dad+rom+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=smileystoolbar+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=stanky+danky+maymays

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Users\Admin\AppData\Roaming\Data\tree.exe

"C:\Users\Admin\AppData\Roaming\Data\tree.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=fuck+bees

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=succ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=bad+ass+mafia+toolbar

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=free+midi+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=cortana+is+the+new+bonzi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=snow+halation+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=cat+desktop

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=animated+christmas+tree+for+desktop

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=how+to+get+cursormania+in+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=cool+toolbars

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=limp+bizkit+mp3+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=preventon+antivirus+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xec,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+bonzi+buddy+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=mp3+midi+converter

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b663cb8,0x7fff2b663cc8,0x7fff2b663cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10877184230306130723,1919859115379031236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:1

C:\Users\Admin\AppData\Roaming\Data\Installer.exe

"C:\Users\Admin\AppData\Roaming\Data\Installer.exe"

C:\Windows\SysWOW64\CScript.exe

"C:\Windows\system32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Bonzi\run.vbs" //e:vbscript //B //NOLOGO

C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE

"C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE" /Q

C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe

"C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe" /Q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE

"C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 20.42.65.94:443 tcp
SE 192.229.221.95:80 tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
IE 212.82.100.137:80 r.search.yahoo.com tcp
IE 212.82.100.137:80 r.search.yahoo.com tcp
IE 212.82.100.137:443 r.search.yahoo.com tcp
IE 34.252.234.228:443 consent.yahoo.com tcp
IE 34.248.232.248:443 consent.yahoo.com tcp
IE 34.248.232.248:443 consent.yahoo.com tcp
GB 87.248.114.11:443 sports.yahoo.com tcp
GB 87.248.114.11:443 sports.yahoo.com tcp
GB 87.248.114.11:443 sports.yahoo.com tcp
GB 87.248.114.11:443 sports.yahoo.com tcp
GB 87.248.114.11:443 sports.yahoo.com tcp
US 8.8.8.8:53 248.232.248.34.in-addr.arpa udp
IE 188.125.72.139:443 csp.yahoo.com tcp
IE 188.125.72.139:443 csp.yahoo.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
GB 23.73.138.209:443 aefd.nelreports.net tcp
GB 23.73.138.209:443 aefd.nelreports.net udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
GB 172.217.169.78:80 www.youtube.com tcp
GB 172.217.169.78:80 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
GB 142.250.200.54:443 i.ytimg.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.46:443 youtube.com tcp
GB 172.217.169.46:443 play.google.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
IE 34.247.143.155:443 guce.wow.com tcp
IE 34.247.143.155:443 guce.wow.com tcp
IE 34.247.143.155:443 guce.wow.com tcp
IE 188.125.72.139:443 csp.yahoo.com tcp
IE 188.125.72.139:443 csp.yahoo.com tcp
NL 23.62.61.194:443 th.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 cerebro.edna.yahoo.net udp
GB 87.248.114.11:443 cerebro.edna.yahoo.net tcp
IE 212.82.111.17:443 v-cxck22f5h8.wc.yahoodns.net tcp
US 69.147.64.72:443 v-afboex2bgt.wc.yahoodns.net tcp
HK 180.222.116.77:443 v-b258festfj.wc.yahoodns.net tcp
HK 180.222.116.77:443 v-b258festfj.wc.yahoodns.net tcp
US 8.8.8.8:53 17.111.82.212.in-addr.arpa udp
US 8.8.8.8:53 72.64.147.69.in-addr.arpa udp
US 8.8.8.8:53 77.116.222.180.in-addr.arpa udp
US 8.8.8.8:53 ybar-afboex2bgtreport.wc.yahoodns.net udp
US 8.8.8.8:53 ybar-b258festfjreport.wc.yahoodns.net udp
US 8.8.8.8:53 ybar-cxck22f5h8report.wc.yahoodns.net udp
BG 212.82.116.201:443 ybar-mcdn-report.wc.yahoodns.net tcp
IT 87.248.107.201:443 ybar-b258festfjreport.wc.yahoodns.net tcp
AE 212.82.117.201:443 ybar-afboex2bgtreport.wc.yahoodns.net tcp
US 209.73.190.78:443 ybar-cxck22f5h8report.wc.yahoodns.net tcp
US 8.8.8.8:53 201.107.248.87.in-addr.arpa udp
US 8.8.8.8:53 201.116.82.212.in-addr.arpa udp
US 8.8.8.8:53 201.117.82.212.in-addr.arpa udp
US 8.8.8.8:53 78.190.73.209.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ask.com udp
US 151.101.190.114:80 ask.com tcp
US 151.101.190.114:80 ask.com tcp
US 8.8.8.8:53 www.ask.com udp
US 151.101.66.114:443 www.ask.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ak.staticimgfarm.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 151.101.2.137:443 code.jquery.com tcp
US 2.18.27.73:443 ak.staticimgfarm.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 114.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 114.190.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 73.27.18.2.in-addr.arpa udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 23.73.139.65:443 client.px-cloud.net tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 collector-px8zofp9vf.px-cloud.net udp
US 8.8.8.8:53 cdn.aimtell.com udp
US 8.8.8.8:53 s3.amazonaws.com udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net tcp
US 52.217.85.190:443 s3.amazonaws.com tcp
US 104.18.4.165:443 cdn.aimtell.com tcp
US 104.20.95.138:443 www.statcounter.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 96.10.190.35.in-addr.arpa udp
US 8.8.8.8:53 165.4.18.104.in-addr.arpa udp
US 8.8.8.8:53 190.85.217.52.in-addr.arpa udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 t3.gstatic.com udp
US 8.8.8.8:53 t1.gstatic.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 216.58.201.100:443 t1.gstatic.com tcp
GB 142.250.187.196:443 t3.gstatic.com tcp
US 8.8.8.8:53 cdn.aimtell.io udp
US 172.67.30.225:443 cdn.aimtell.io tcp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.30.67.172.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.187.228:80 google.co.ck tcp
IE 34.248.232.248:443 consent.yahoo.com tcp
IE 34.252.234.228:443 consent.yahoo.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 8.8.8.8:53 ask.com udp
US 151.101.190.114:80 ask.com tcp
US 151.101.190.114:80 ask.com tcp
US 8.8.8.8:53 www.ask.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 t2.gstatic.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 8.8.8.8:53 help.yahoo.com udp
US 8.8.8.8:53 r.search.yahoo.com udp
US 8.8.8.8:53 news.search.yahoo.com udp
US 8.8.8.8:53 video.search.yahoo.com udp
US 8.8.8.8:53 images.search.yahoo.com udp
US 8.8.8.8:53 guce.yahoo.com udp
US 8.8.8.8:53 finance.yahoo.com udp
US 8.8.8.8:53 cc.bingj.com udp
IE 34.247.143.155:443 guce.yahoo.com tcp
US 8.8.8.8:53 sports.yahoo.com udp
US 8.8.8.8:53 uk.pcmag.com udp
US 8.8.8.8:53 us.mail.yahoo.com udp
US 8.8.8.8:53 www.preventon.com udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
US 8.8.8.8:53 www.totalav.com udp
US 8.8.8.8:53 www.yahoo.com udp
US 8.8.8.8:53 geo.yahoo.com udp
IE 188.125.72.139:443 geo.yahoo.com tcp
US 8.8.8.8:53 guce.yahoo.com udp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 consent.yahoo.com udp
US 8.8.8.8:53 s.yimg.com udp
IE 34.252.234.228:443 guce.wow.com tcp
IE 34.252.234.228:443 guce.wow.com tcp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp

Files

C:\Users\Admin\AppData\Roaming\MEMZ.exe

MD5 5761ae6b5665092c45fc8e9292627f88
SHA1 a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef
SHA256 7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2
SHA512 1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

C:\note.txt

MD5 910efec550edf98bf4f4e7ab50ca8f98
SHA1 4571d44dc60e892fb22ccd0bc2c79c3553560742
SHA256 7349f657a8d247fc778b7dd68e88bc8aba73bf2c399dc17deb2c9114c038430b
SHA512 320de5e34c129dd4a742ff352cfe0be2fac5874b593631529e53d5fe513709ac01f5d1d3dfae659f36a2a33aae51534ec838f5d3748cd6d1230a0f3d29341442

C:\Users\Admin\AppData\Roaming\Data\2.bin

MD5 8766dce04feb646bf62206d64d6eb0ba
SHA1 91c5d588028c6c949e9cbcec950bcfaa35a791e4
SHA256 f87e1ab69bef059744ee9244f37b0f21ef7d7b06fc5245094cfa22637ef6ae9d
SHA512 0bc8fc880bb94ad55a732f2be207d88a6bb0ae8d97f91819e889d04420a71ae5d91af21861bad351c5fd7f4e944c1899b17df326bf19d310cc31a95fd38ee6a3

C:\Users\Admin\AppData\Roaming\Data\8.bin

MD5 5ada580c290b53327fc8db29d5cd66c5
SHA1 a504aff6a9fa93bf4ccb69df17b5238804c659f9
SHA256 5dcf1f4b285a6dd70ec7acd77eeb5752a3d381a8a697eafd394fcde615f3ba63
SHA512 36da1958e7b4fad5367b257d9343c4eab59d50b01c610514d48eae2d0eeabf7efd06dd8fc63551a0a7e11df91aa3ceb063003cdd9c30c6755431ba218524fd49

C:\Users\Admin\AppData\Roaming\data\12.bin

MD5 9e0ab3181d32ac9950dbe1026b197207
SHA1 d8b53f3a93d5e2df9507b6256f2e414712347256
SHA256 a3091d14161d268924a4d6195f820c64b1811d6afbd6948dde29e267ecb56cae
SHA512 424f8f0a6e945fcd831ca0d0f73f898dad0214f38cc477cb3be8b161836e349cd5d629444033e134e2fd6b8c85cae088f177aea4e26d7192a4f60a5739584c2e

memory/4352-48-0x0000000003DB0000-0x0000000003DC0000-memory.dmp

memory/4352-50-0x0000000003DB0000-0x0000000003DC0000-memory.dmp

memory/4352-49-0x0000000003DB0000-0x0000000003DC0000-memory.dmp

memory/4352-51-0x0000000003DB0000-0x0000000003DC0000-memory.dmp

memory/4352-52-0x0000000003DB0000-0x0000000003DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6486ee9e961a437dadb68ff1544d18a8
SHA1 05f4daccca0bc1ce73fe71ad2325ba5dadd3df25
SHA256 9a98b4686c9e90672a548c873943b3027fb111f7992263111d912318429f5834
SHA512 ee3659f68a46f37f340f98b85a7aa289e700c5ced2a4f0104673bb5f18cc82d1e9b838ec0278407213c6ed2073998e7aad78a7a39390b7e460c8e26dfa91d0e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2dfecbb576ee9795c5284da8a2a3c7f5
SHA1 f1f0a6a97850aca2b4ab267a017564af02f24948
SHA256 dca6901942fa748fc01339192c0738a06847d8497c9c61298f1e5df1f8352fb0
SHA512 d664cc261113427810dd0b2d32763ddd08611a528fe6b285782d6b8ac03304b72a90fe7f3f7142e825ab8d948d5c9cf52f420546f3796b2ac23f3d00f3c17389

\??\pipe\LOCAL\crashpad_3032_XNHFLEZZURIMWMAW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5cd399179521c019f2273d9941b0b33
SHA1 c4728e30b056ec2d5dc1f299e36ab2fc2f2d05c1
SHA256 9f23c5fbf79381510a37e4b4141a7fba597f6fa589bd19253eca88eb6aa243dc
SHA512 92a4cf7a91a1a9ff1e2b7d61cd24454ff5c1509ee6941ce4878eaa7980340fee669abe19b33e19c343e4d0fd094db152c9e4734e5a58e38e41d33ae105369800

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 edf8cb7a9d0b00b7b7515d05b305f729
SHA1 3a924c71c200727147fe75d50c718b0a6446531e
SHA256 a6dff81557cec5c3e5d1c24b18bf6fc5989d66f2ec7a82076d1ab8823f987d38
SHA512 93d5911e94ca95b52ebd9a33222c9c6c26b3992276001f74a7c4741de757421b2f89fe075033a7122df577c600b93cf9a959c7c10ff3038b37d1ce90f164e191

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50c3e19ece448ebf6efcc29c29a7426b
SHA1 58e5581d9ab98d260fb667797f50f571ae10c124
SHA256 6cc0b9709ca087ffb11750db4f7455e820d60ad9cd880bf49f4aa951e05e4820
SHA512 4963268bbd69f2cb637bde7769ffe11ad1c2a7f1020bce6ea009c889fabeedfc3c5099b0e55b5b218f79c9198d7328b6cd4e00c3e5fb354f5bab01fb78a1ee27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 921c4a900c4a4ba7e7298cef36dab47c
SHA1 beece450b2a7b67ac98a481ed1ed12bc57bf0cf9
SHA256 f00fd47eb1560499ca2b79ee060e13651cbaee09b71c5249b200613bc51b872e
SHA512 69f2361940de73fa2b4ebfea33b88daade073974a5781d98f8ae0f4b8bb93dd8213fd1eb78b924c539b6fad09331974a6481be88aed99048a679eb226f316230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e7ae2dd329ff73b355e1110599690dc4
SHA1 9d3c8fc78a65a4f90223d48163b6896b1a67e8d9
SHA256 d5ec22c709770ee72683fd0eac44970ab9e7489f4617de2da642c931b49c5456
SHA512 cdbe4fcdcaa33534948dffd72fc64cefa125bb322d840becb9d1e7c68d52de3d4532d8915450ee56a34d9b7b75e47bb8fb0981cd9a60b4019cf4553a590abe82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e6d1.TMP

MD5 ca6ef76d6ee00f626569a0d474e2be3d
SHA1 8973936a790a709f4e097987bd935fcd23a6c143
SHA256 d34ce8e2fa7948ef313029e4b58cce227a6630b2fc9c52eb820f86ed8ae3c408
SHA512 8331f5c19db78f718e9cdc046f7925c8fb571a8df4c161d6299b33ca63a11747c08689f3e114bff48ab289463928a8ca5f9848832f1646220358a87558ad450e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8559f8e90bb0baf481026d054992b875
SHA1 f0d08b440877b2a65ad21c2cab335268206684e0
SHA256 7d4209428121fb5278c50ec9b25fbdf04a0eabd3a25f45fda651f89e64419222
SHA512 395a81e1d2604172b98229142ac19451b3685b0fad81935d85a4c9ed848fd6dfbe3581ea8349e34134904cf2ef28f10487dce2990ca8e8657595942733eafff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9d69db8bcbed7f8774dd15a1ce2c34c5
SHA1 623dd9a89bb4117686399ce0a9c2f4eee2bbaf80
SHA256 4845c72b13fea6f9c4582c871627f483de5bb2ac895f747d5d3cff7c7372140f
SHA512 e086bf54473616429b3cf56a49a8d5b66c80a1bc6db001138389586820f0ed09616f95ba62add5b2dfb9bf7d93fde6dfd5a4e2c09b50345d49e5400aa390305b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6afc34d32e89e4b101dad50ea15170d0
SHA1 37fcd5113c414e80346b0725a49cad4d4d5e3579
SHA256 398273449dd2d2ec400cab0e9aff3f15c5e36db750b106c7fd72524df9b30984
SHA512 4fddb1e5bf34ac5c44407874b9c1a993a570d81c63c883b457352fdf1b5cd97d1825fc915fde592085525d84e24834f264bc30b2008373f71b1f570ddd2cb74b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 33e0053d4abacc64ffe816e498c58eb1
SHA1 be6e8361421ab70b4e6c4fb50baa50811c52c849
SHA256 22c23d578a297e90085f3a1e308ef505a8ea2e6aba93711dccce2a3d1baadb3a
SHA512 27c2835b0a32e7084109175b22b34e83c29fea3ee1c950a01e5ea0635a5a56e225e9baf92aaf7cab695458ccec533301300ed26499674707e6e5a4fe377db4fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f8d16b607506ae52e4774b8facb606c
SHA1 44ffec3f27b8800ae163739be5c86161762905b7
SHA256 3d48a380b5e2beda88a00beee33801f2c2d767d5ce56e495c3d7def349782136
SHA512 ab084ca24b7f3380df8e59864e1aa02b08caf32aa2f2e71e2d06cd6889e593bfadef803599531e91e43f9cb5b769db45b085a7b783cfb444489e1177533a32a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 32dd5233796d4caf486e1db185e2d8b3
SHA1 f5f3c9e6baff7fb22a9856a6856bcc5e8d657059
SHA256 a84d4ff66ff8ab58610188e6c8856378a713f61af7507032ae3900dcb64ed1a2
SHA512 4d4850c6c47f30d7b33193aa613606f8615f2f3a374c1c90f4c5cd5c7c8238ecdb852bf1d5e2a1b25b7693e93aa8879d967a76286da4323fd9747ed949026a43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5948d7.TMP

MD5 18d6d78335ecad2909d29cf415e34e73
SHA1 d94ab9ddb715cbc456425f1ec5d94da9391cdae6
SHA256 194c466c379765fad73f84eaa69c950d573eb41713b18e832995faf482b97074
SHA512 fc4efb87766b47a59c084071f16a8b2ff613ab09772391b1317330a76276c052881ab8940d40b9e1f9e1ba2dfc6b30529393bc37285342b581ee2cf4c3afae6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d22b8736604f5554393d88185a88d6a
SHA1 b246d1b1546301eda47c2f31ee96b8057da85e24
SHA256 a600f43073c054f40ac507876bc5a0c5e645d187bd73e9ebc33d3860e5421eee
SHA512 6038c45fb6e1531027d77476d0444cb42a58bda744e895f95de5d3ca834fb105617f3d77f8b86cc827785b472a5e47aa85b0533c9249c380d6a624b14e32e901

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a49910c8071fe0ff01cfa8c15f45ddd
SHA1 674c4ce3ad0d11aa3b3cacc6444cdc3cd3c558f1
SHA256 b35a26a7e9bd69a60ac9e1d12eba5ee9944797516a12d34de7e8267fd4f5b6be
SHA512 d5680476e86512a727e9bed697f3863d47032df52bd5833bf83571a8a6971dfd9e2e9539ddef1c37c46f94a8f68e33e1bcc6159101594672da2a9244e4839bce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\982a7bd1-e09d-4282-b3f6-a204ff23e772\index-dir\the-real-index~RFe5951ef.TMP

MD5 d2e355ae486b0b6bc0505bea04ab8f7e
SHA1 e743081809831958064f991a3ee2fd254e3cd580
SHA256 0db9e5cea669fdbe6ddff9331feae1bbe83b7d65a574562ed7506af8db55088d
SHA512 84c0497180005920049ef856c3f6d0390a42e913371ff3b683a7e3568557ae27b9e55e05a28c98be6b7ff3fc2b299e91b1382881db073989b8c322c11e3a3883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\982a7bd1-e09d-4282-b3f6-a204ff23e772\index-dir\the-real-index

MD5 7477de1f60667022c982c0ef33c6c4a2
SHA1 3d413e92e3ac5a8d73da0e01ec2ad5c406dc9cbd
SHA256 7bb7820836219e25e14eed54e99a8be0787ca4bdd54866e4f90e4c1b733b6534
SHA512 100eb577ae0adf3880c7efa1bcf8f73b1b7a99717d9afdb7e5890582ecace302956a9aac3e715788081296c64778f1a4a0736dc8e3844dc9ce143e80c8cc3481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4aedff497761ff3270de114d63d29817
SHA1 26aa66a49314e67238856084fe47a2376ba5ba25
SHA256 3f8230cf860faa8450db7a6fefa0ecf3c34ec488d5b06edd411597de67a06035
SHA512 57283af268836bed5487909f7514500bd216d10723ec94303dddd7d300351772992a2289b20efa403379d7107eb6de37770b688109f83bd3588a67c6cc2be176

C:\Users\Admin\AppData\Roaming\Data\9.bin

MD5 f0e3d4ad2f1d09acf314a9e7a92777ff
SHA1 958224c3c98945c38f4e12ad6d1c64c4b91e189f
SHA256 b897644e314b31e0dd5159d061b9e77a512178f29a9f36076ec105e286212bb4
SHA512 28ccc056d2f5bde039cc3502a584cce3baa5cf9700fda8775344935438a6951989b3a24903693ac5e5292ff250cc27f338b783b29191948bed7ff4cc8038c8ac

C:\Users\Admin\AppData\Roaming\Data\10.bin

MD5 a2f47c218e2507db3b22eb7e6d780001
SHA1 218a59915bfede4b5cbf2427200566709aa05bd5
SHA256 5b60fc854544978a715bcbca8f5a3abd28bcd0bd8b50fb953318640f7a266d37
SHA512 ae7152c080773d3910eeb05a47cfb551875e65dc5d88734114d03a6526348164caf179f2fc3b743850ed90b4fb80542e8b36ca31b3ef8168302500fbc0a701ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 4f6875803e0a9a11f922be9475faca68
SHA1 b12a9805a4f1a76155714c1fd1cee1428afe9580
SHA256 0638fbbd994d7bccbe9a0d05cb3b031d3f1291ed4c70d4f1b08ea687b8b30aac
SHA512 a0492243a8891d704e8734b4f9d002fa82fa2b106ab09bb233f6e9542faf0beafb117d015559784285141d7e05975032edb77158f21a961c957cc91b773844a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 4da08e95702be2c98662c6e62a19994a
SHA1 b665be7a9177147ef9b72870fdfee58d4daedb80
SHA256 69fed175cc1393b9c0fb7a21b7b80d1160d2b6d02502d02cd97e9a5c2dbcd803
SHA512 1ece99b45362786fcb8e7aae6cd1273013a1049cf2657e568d9c2d5fb36f446fb18bb4b42cde12f07d86bc934c36798ae6b87e460bb32d890cd9b5a9dbcf5752

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e49d439317491fdbc18fce1fafd188a4
SHA1 5aa67a7171f6d5104acec0e2a711309757c96ad0
SHA256 b0036d55287b44c76ccbdcbdab7e1dbca6e315d8f6f6b45f5d7245e0d6d55cca
SHA512 88c9258d54c6ed092b69756d5a3f06668e20f4f7c1bf6b5663d0fd5132ebcd018a93cb7b734ff706a7da94b891c6c68baaeaf376d159d3aa4ca539ddb01fc00a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29e9110f9863b0bb9724ff3d077dcb43
SHA1 417c5670e947f4a99a196237a18c7b8828516831
SHA256 f756eda232cd76993bed35c6d055700c8c4393c2702ee2ceadb512fba0483ccc
SHA512 e9be7470dbb414ebfc3505cbf094e3a8e976c8ead45d974b9e2522b2d2026176bd8b929cba52ce734d86fb7279d879a2febb5319130038ce42025bbc0d146f5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ffb1a5b522aba7455a3f61a7f69d59a0
SHA1 5beb8590a2bc57300f539dd1454d26f388d3795d
SHA256 6e812ddf8752243cb5e04462205859342af8143788e42e91f342c300494695a2
SHA512 36cb86d8e57b1b3043ef5ec16a83957deac8d58039fbb6bffbfc4b64d58a0e3ec019d0a13905b1fe13b25949240f3fe803af8aa808330f7e06fa93207afabc0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a458cb46590fede34599946d116b4ae
SHA1 a4e8319ea2905d035d08a41d333a769832ecf8b3
SHA256 fa55817b0b711a9190370a569eb72ae7b7f64cfd4c8e0e7d97159fb956864276
SHA512 20e95e77ef0f6054fdf2b52f7f19b19beed46a833ee20ebe83bc9a973226c2d837f80f5d0015f6fbe57e3c5fba7a689193a515f235949d72e8eaf386e6e6baf9

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01fd783ce5fa7c8e036caf7231d6c086
SHA1 398664fef2a6b537adb64e402efdceea1cc1a090
SHA256 7bfed64835491482413503b88dc7e687db704af427d6fbd0720d034e72c8ddbb
SHA512 7f7d87bc66ffb4a074a3c09905f2b8a432e34a6e0747b5d07e9450b8fc6aee8781470e08dc14ad13e4c0b0c7890f01a80293566d66fee8f287e7cfb087ac00bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b31c6d067b16a58b17e2aaf1f9ba56a
SHA1 564cd3a1616f7eb3eefbf9dc284c1d3c9a38570a
SHA256 55094b2c2e4f9d6dcb9e1722740afa43cf6c7f76e46c2cd4028fff38bf7d5567
SHA512 ee69483ba40dbc6bedfd16a3600323c01ae2e1d4798b9c086e903023ee22a3fe34650952ca2238a581b4f764f60b86cf1d8919433307bc96741f0e147d7b4fe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b15016a51bd29539b8dcbb0ce3c70a1b
SHA1 4eab6d31dea4a783aae6cabe29babe070bd6f6f0
SHA256 e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a
SHA512 1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 874b361adbc012383cb85dec3b1eec7f
SHA1 d2369916a35e5560153057934ab928ed37d60b20
SHA256 2a3e989c7a1b8eb9050f30eedfe0f099768aef2396306a221bab2ea4dc680e6b
SHA512 f724c8416960f616ed616ac814d146f68affc09d903ee3fad0c48af2749efebf22d2963196fd72f587b9afe985e2275f2dbab83e1c5ce35d7d6e80a8ce96140f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f754b0c784313a1c8aad10101fb7d99c
SHA1 cb41016f00662059c8325fcc2f57ca4f761595f1
SHA256 409ec37ad59fc1808a93f6b1a121f691cf91ce18bd96fddc890a7c9789398aee
SHA512 bf0ca723c8ea53926defc54c64e0c540a0c94d43751d3f3483dbb1434734b29b75dd96ec42e7d932f445da2a2beed5ebff7bd6bfa85a910abeb2acf0a3d2762a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89b47515c40d45fcad988efd692abe78
SHA1 a4bb6ad967a3f004d4859f3448c29c3aa6d2f9d8
SHA256 61179002386eda1a9659e38ce233542c9f9ad92565c1ab307a281aceef803bcb
SHA512 0bbcc971135d323299289ffb716984f96c3342c59d306745c76996b62ca1e77a3439348b459298e9f79e3328284cec152f0f5445089f9d8e5ba7cde4b709beae

C:\Users\Admin\AppData\Roaming\Data\1.bin

MD5 0b3c41fee3a69110fb58554519cd4639
SHA1 9537cb0405973ae630c3d926cda6a2825b9288c8
SHA256 587b3d5078538290e49d2a8fd1740a8fc7960a0faaea4d5cae0959d99ed14fef
SHA512 ad2eb4a04db685649d70bdc521cf59f570d5407d284f5bb419efc60b94802d91a755417ba4bc44bceec78b155295b084fc6edff31d4760c08058cc04ebdb0008

C:\Users\Admin\AppData\Roaming\Data\7.bin

MD5 22df6fab4552241b0a7d650a15a336d1
SHA1 1e2b12c9ce52e5b433413d28d96be0974f6f7390
SHA256 d47f4fbfe7d145a737cf2e9a6c519e38510957a2ae663d4295e00ce0f6e651a2
SHA512 505a53580f7f76df021a466fdaec6ad8230ba04acc7115286d1a801d51a686fce08a23aaddaf0e134e94ce822191892987db8541edbefaa6928a2927c5508292

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd55e7522641153330a45fe6ad6eb4d2
SHA1 db2a57e26a9ead17f13be15557151ed2c8255abd
SHA256 36d51a421e5d1d780226e1619aa08cb2262787978a55a6985026581a95147d80
SHA512 53036c39bffe2837196a05467af6f3b91d6e7a579eac99ac30fb984d7f6b0adf9381406752b5790e6601b49c08a9ddbe65446e596134795b34b721f238692e17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 02a72df91f424b895d8c866ec0ff13c6
SHA1 d0ed4853b4c516123282c6ae902b8595e50b237b
SHA256 efd2bdafb5dbc272f524f427b7034e7eb0805d3d53d5931eea3dd8e540b699c3
SHA512 8d731b60c61b2a72575fb210de82d415465f74febd801df79467ad1f8412d1aa62243e17f5f42ef979e9dadfe9b2c835893923570bb879c70b678f25b2686d06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 40897b6ca5aeb7fd864f9d7635760245
SHA1 87253034dda4cdd6238e89ee996cda07a11955fc
SHA256 b0459aceb241b25d03cdbe573db496671392c0eb2b122f12f38411d553e27884
SHA512 16f297228e4ec9789310a4869c738a958cee2d8e1a91c5cd37102d0c786f61761a7708576656198d22d2bf0c5c1940f9c37cdeed5038f5e035366b812b57cc97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25de1eb133c2ae6e_0

MD5 345359ca3668da6eb1a3b7c8ff7f9e2a
SHA1 b428b8da56682308c3e71f347ec1491bb6d381b2
SHA256 6c95de329f81f37926822b69351119863f75dc105587eec74ec3c7019354413c
SHA512 38f14dca96982241518e1049d2cd9c77bdef439c0c0e80bbb456439703bf0076e23286a4be082a406b4821054b7344d65564ec816168e571b66a32c92793fd8c

C:\Users\Admin\AppData\Roaming\Data\14.bin

MD5 e80a37c42ca0d2bc7f004afc4b822d6a
SHA1 f17361409ecb19135e3b4292199fb69bd4b012c8
SHA256 71ec6f96779240d530ddf16fecb1df97661b9e1ba8201135459729c8d4d2bac5
SHA512 b3ff7e71af33dc3368a198de8aaa4cbad8daf7ae90b3d398fe9f2cde490bacca07e6bcce08f6afec5943b634a2ed0ef9b121b89a68992d22bf3f831b6f33efed

C:\Users\Admin\AppData\Roaming\Data\15.bin

MD5 3948ca5e92fb2d019a8f16765f7a5e40
SHA1 5290a66876ab0f62ba34b6b524a0e7771e31ee3c
SHA256 ca362bcaf0e62fca16febafc2d15cbb1ea92e2ad6cc22fa5337316ab8bf2bc27
SHA512 ad56d867e1040bfb5b2998a2d62ffc508989a5fc501f22ab775bc9f715f1cc2d4ccb0a899f8b2a82e7597bf715ad70b6826875e72e23273ef306f5bdca47df03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6815f76f831747027467ca9305b838cf
SHA1 efcbd85470b320b2ef4f30c252d1c4ad40d91661
SHA256 32f4b1ade841e61a8170476efded7342eb4248c887b4be96738f7c575b9013d2
SHA512 be3fb1fc16d558b908253c3bb86390e80688a76fb8811295708cb8c61444d205734bc8e72a64789aacc48571a4f6d3c1d6925eef3ed93694ccd53a1c3970deb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc59e19f318f342785730cdf4d4ca03a
SHA1 df8cac91ab0003198b934a92cf7c2f77fdb056ca
SHA256 b54dc4b3cd832487e073cff43ebfd483f5f36c34eb7acbac11bc10f75d1f2c19
SHA512 7e31f67ec80486b7b9c9d4f1df40fe1b8e5dd058d0a87eb968b813f010daf327bbdf022eb6ced9a75c514d1945bcf9b263529d89dac2a111a745b8c78bd16386

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5c072024995f09eaf34b9fdcd4d918c8
SHA1 6cd05aa4d8de3f2c29324b2f7f1959ace2a0aeb2
SHA256 1d5118d871520d874a8fa4ff50cb9f6b649ff6e4cb6a0ef38b993c84fc934811
SHA512 9a144a187574eea063049c0d66ca7c758dbf41c18c687af2ceef9698bacb7c2ca7930d2cbead16764bc30cb42f608213b0c911aa734affc2ca282a3726f9f99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f9abaf6eeae6dca82fd758561eed9e0
SHA1 576f9a38deca49199011e3a418deb8d79ac7db2c
SHA256 90855627c04ba564cce77f608475df435e04e073bacd61be2c1cbe342eec78a1
SHA512 0967dd2cf630af890d978b275148c93ce79ea2d775fe1e8ad4d22c8dcd206c6373c5187ccbc3e9e51145cb076a7d6f3d7cc1c7f70bce829cfce131041db58f71

memory/5992-1184-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-1185-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 09612fb4361d4842fc17d560ed3be2bb
SHA1 420d4e33731d112e06ca499eec17f509386f3183
SHA256 0f2f00229bda6dd5f39f08575ba9c06e17414e4312bebecb10cc52ff259f17e5
SHA512 d3db1c5b1a4c32286b1ee34b01733cbd6bcbd22c508f81546c338f7a00f5b7f623abc48b1362f49e95de239413a020cf8e5608dfb54aab281bcdbf51b8856c8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 f52acfd2430b4cedd65f99b8f21b1676
SHA1 64f019049e45aac47706cc33d90b9058154512ff
SHA256 7eaf4f599cd97991a9e108bfa9abd1536ce11b8a31c4a056590d359966956a64
SHA512 03ef4223b349ff52fc162fe024da0a0c25db8fe0e31c37a79ceb1f7ea0ad252c0c90bf2f971060d2686f61a00c495a4a96fbe44cf6c7c2f8596b71c959c93bc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 d2c299586fe5d9ba67694f9721a4d1cf
SHA1 72d4d8c3f08034c3c14a4bf04b51854b38ae970d
SHA256 a245918f09af8647f24313833134d3ddbfe2a282aaf34a06216b49f6faa73873
SHA512 47315588220ec8ca7d10ac83c7e2eac41f5788b49299e8bd06549b21641e1c8333f2f1c19a17722987ebd563d2abd1a82985184b00aee283b3b75d4bc38210e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 c913c1ac5c6585265cb16555e6a3cddd
SHA1 c7f21225d998b18df68c1fcca3f0f1189703eec5
SHA256 72b6c596e4d1cc78e3707a96ba316d62cd73ef180ad39717724cb9af171ec215
SHA512 e28d92dfb85f439cf88f5fb187bb7415511881da6b95e32e58470bc83c3e3c7d1872117ed22f2040268be5e9b3f3f605cd5065d43206e9637b976ccfddd128b4

memory/5992-1339-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a13c1e14762cc752d04273b2f226ab5a
SHA1 7668ff5d37bd5f9c8eb5b5d4e3fdb030f6be4d38
SHA256 6990ee8ee4cf0f5523f2864b255e8b8dee5ddf610a61e45b9e5258e10a697c9b
SHA512 b2fc60e03c7215d9a9361ec189f3b39b4d1bc94667a4de535e5125cb6268f69dd8a4bbc4465811734e006f4d2ae7b9bfcde289a702cb5703d606e5a02535444c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae178aa06b982f955b1ad370961b4291
SHA1 26e6fa64cb0b14863ad8af1a4e264cd05a75fbc7
SHA256 fac93067b68ac67a05df6a7e5e70cc18afeb3dc623badaa9adb0167a1486b9e9
SHA512 f2b215d6b77784ecce953da86581eb3d80938364949300f2c7cdd57723324c6d906a58240e29cd4905d9bb2afd6a051e0c38ce95ca26e93378ec4f1efa6800c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 1a589276e45f4a781a3a93a7ef73eed9
SHA1 fa17f5613d74fe9b8ee62df80f8411e449efe16a
SHA256 bfd44a774aac4a43d6106a4217c941b0d8a47114d37bc6f577b6239acf9f87a7
SHA512 5ea4a49c2976495839689b5c01cfb8c0daa6fcb70aa8106da58ef207aec27a523a8e77e108b3bba5a6d70cc07b1f90613b7df5f45253019476429865de3fc765

memory/5992-1491-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95b046812bb2684adc62242914984357
SHA1 e0be9834eab2fe3c77204c7e3acf184174ca9ce0
SHA256 cf5999b778158303ecf599e3edb95d00103968c4cee2899b30a9c78914f0e4e3
SHA512 a1c9886fcd8d4e97ee9910a1b2e07fe5e084663b05b9e6174b9ecea99965179081264cd5b331494bacec52545ce8eef433c955539656e9546ba1c81d18b145d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1d9875257cf7861264144acfef40454f
SHA1 d7a656741bb37413cdef59141341de7125abebbb
SHA256 d5a78674b50ae9701f2a55d8d79c97d1c4602f980e9054d2364e50a044b18d4d
SHA512 99b42efb2486f45230a1033d7ad62d826cb1d353e11a6d9c3b91aeef6f43eb652884fab6e44d40a8ff03ce8adf422fbf4493f2af6280d7f996fe6cbb4b00d468

memory/5992-1539-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-1596-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a65c80541404f04447a283e8cf2b571
SHA1 20975ae4a0c82f6f0b7ea4df914df48a99a75abf
SHA256 20468561c9b1a4061e9fbbe3bb9f7c0b01850a4aa3516e356b24fe57b1d0f05a
SHA512 30b2903b030a37b31ad859a227acaf168765613d5507de62bd35624c0e37b8c8ddfa70375fa7515827f7acfcd3d559989b3612f3d2c5b4d26c65d63d02d138eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e7aa29fe21c41f45c447be8b8772780b
SHA1 178320cf4b9e4748038212c94ea42303fc4e53bd
SHA256 5b6637225be475b4e4a2cc9149481e8a5b4e16b1b1391b12915b3d9721a79d5b
SHA512 16a6db6caba51a451f9b02d03582eaff26565c56016adcf251840cb59a4077e1ed55d61cde0ee68f5b04b746cdae2d4e0e6404aeb11284ff0950f43b67f8f992

memory/5992-1644-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7030a855a6d3fd72_0

MD5 5bbbf716037742623be65f7158469885
SHA1 48f69beb00f7c3db2e4e7d5d7135173e16eb5fba
SHA256 1d37cdeebfa05f89b36ff35c9f09bce1ee68bcd6b1bf3c8bf43168e66a34aee6
SHA512 afa219a97fd8bd6e380eea2d2c57ea231d8d85985df2576e4a25c19415e7d8be5de612527444447d774a431f5a925e3676623f0914ba75a23b878fe51edc66c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 21eee9c2adf5cb36708f1c2b82be4839
SHA1 8350ab21b187e60c6f50b20446fca5f06abb4813
SHA256 4c61b89a2f040b6ee49cafb4de5861716cd8cc99f1bc3eac0c9cde7422604267
SHA512 56839eb4f96578c0410dca902d2a7a55b0046a479969b9ffd85f7fbab8113ec499516a9b748602a8bba052fd92b6701ecf50839e42e27992eac3991dcaa7bba1

memory/5992-1681-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e59dc978b53296791727fe5a91109ec
SHA1 e2dcdccfac323b3a3b012943dc54ed6e2ead548c
SHA256 19a71683b0f7342f1ee666c24ce801f0de6841cfa7349ac318bf1f723745fc06
SHA512 7cc50384c8185ba65bb92594c2c22b63d167559de02775aa8fb0326484aff6ce6dcfc4c6a2435e9abf59cad59a4a2ef8a4e66a558b83b1619fbab2f31d3f148c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 77ad32251762090ce2ef292b3b35bf33
SHA1 487031dc87bf5059c813c7b09dd872bd3b8e5c71
SHA256 27160892d2bebb9a0c3e17ae320fa9a6fb24a4da51f781421ba623e36876f254
SHA512 b7e155aa3874e903a4969c8d9f904f86111a59ea74257a6999b078d5e5d8c6afe1fbb35bf6a8d932002085fbf04afe27afabcb149b638f865bc3a8c5fb52ff37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

MD5 555ec759d9a4c008d271321338f86f1b
SHA1 9d9ad2f9753cc18c9afc3becf98061241d256dc3
SHA256 b88fac33427fd4295a9b504e6f536e3d25df8ac0ed34b98f5c3ab5b786b882f4
SHA512 152f03d6383a7411f36c8a201c899085ee2aa7114510a7a50cc0070fc72a1d048308d5bfa06556e75ac0b49ac2faba1afdb2683200ee4d174ed78ce48994adf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 2a064e4d1c101e24c4900058c4805b0b
SHA1 b09a1e4a7508a61192ff92b5767e105b4120fceb
SHA256 2aa62e1556466e4e79c9aa2d0ee3ed5048ab246fe9c432bbcb319b8c99911d03
SHA512 01cca70bbe08d827a5e812b308db867b9ce99488e906f99ec471192d64ca8b2bf494e64f787d9f5768e7a2b6bbaf6b49f7be0c92d33b9621264cab3911512ca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 9feacf92d5b39765bd54c5df476d5674
SHA1 8fdc49394f41182dbe1de827190a6e5dfb389fd7
SHA256 24242c34871e491b9acc956b106214ec793d6f9b660719f9025a968087dcab32
SHA512 6fbce8b2603f41c8ae124138a713a19a947524e0beddfa4568abc659cc29e39a5061680af55a04c78c43b91b87891ae4165f3adc31770ef1977c7edb3b8a2d57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 957d9407e2a7a6490235cf35df79f1f9
SHA1 045f5cc9d9825754f2f2db76ba23e88619d4d2cb
SHA256 69e41ec0ae6f1453e787b384f7d4f28bd74de3b214922bce7c0822f73f1d8ead
SHA512 e6bc65fda5d4e00d7d96054f35dc036a87a9a737067192e78521c9cc2f741f416c461b287fff1567b8657fef4403d6ea9171f6e90597096c455202e0c02987c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 39cd68c17c5a1ed0c0c750e72840d3ae
SHA1 cad1108898a056116ec32151772ecf711e907239
SHA256 72868275a7e955e6dfe11bc1a71923b1cd6f6542c5f8f13123ac3fba8b29eecd
SHA512 93893d55e7c5fc44fc433459e41595798e90e494c35d6e42e9a8642bc8042d35a622bed37e9197979920061e39dda2a990ac13ff1821c8910091ff2f1777dbed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c035c55e661cf4e0_0

MD5 ecc8913a4da2e270b33f9f7bc92744b0
SHA1 77c6ecf5600f55f81e5bda89fb1f2beababfba0e
SHA256 e5eeca7a5415bb902d5712ee6cd88ababdbb09d7eb461107f78ee9b7944586d3
SHA512 480b19b896bcbd18e23b046195cc8c882c335598364c8c4e70dfe2c9cb0950aa04300c2881e67910e0c019b01e3738d540a91880c242b7d923d81f162a30c709

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 76fe8279f3d3a52c95b8c1ee2e36cbce
SHA1 e2405226382bc0e132f0eebeee0d3681c05af56c
SHA256 cd6b45e5855ba3e8411f7ff84daf2aa13290ffb7990892c4ef45f660f6af3edb
SHA512 36d4a2ad1122ad74127e0e3dd8af5bf0b016ead6f0af088524e17b13eb78c49ce0650b652daa86f509eeb236b4d531c363bdf0acc899ff4df3a4523d138e770c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eafdef011b18f148_0

MD5 62d70883b2498cc5e6c110a345a88e26
SHA1 704cc5e0d19210ad858c7b0fc3a80b118f05c556
SHA256 0c57c0b088747aae3a51d19731239b29c953be3218a21f43646fd1d375e9ef82
SHA512 dcf57ce463a809261278603b771211ac81856171a8d9f7e74175d492c81dcc29faac4549bd64ee62da0f5af0d98d5ce735593a543e19be4d1d3568af26a2ac1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 a287fbaeb3a4740d8b3a1f74df2f0783
SHA1 b8cee93dc5dbde7c878a9b79c0819c4b42a5f98f
SHA256 1913032dd8ae3e2f94fc0193b49e559b6ca8809c5cf8e574f3245ade40458737
SHA512 82aa3e1fca9687c343ddae38b508d92a0f4c2210fed3d4bf0237c1b22be5897afbc91ef14d63bd72c593dbf8fccb44f9fbdccb2ed0062621e8f41b61f28bfee3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57bf00dc1c5251a1809510eaa41d9176
SHA1 c1ab6bac80aceae06603565b4c318b889448be79
SHA256 81683da5bbed682b3635d230666aae9faeb31f18a497b3cce561d43d020420a0
SHA512 cdce16cc9b264ed1faa1f806b9fbc3b2c7c4b7c58f5d669787e7b16600dcf7630100bd54807fa7e1c956ae493d71f2ab93e1c280c51c3216ba54c59f1767a761

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 815368d512b19774cfc2c9bb6722c61b
SHA1 8de1ea2d7abf2cc6cd6ce6ebb0dca6caf3d6c3ab
SHA256 4b02b069c277b3dd9325142d620d48ed6214a63004d3e73d13be4d2baf6209a7
SHA512 b914040e6cde1a374b8061b881337085824c3e6f50debe402c1dd4af05ca69808e8c0c04618b0bbc2be973c7594801adf59b610bcf6908f67e6ee7a9d57583b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 9bf410d53a8da0062ac4c2492587cda3
SHA1 8cbc3ca898040b1654eb505d80ff93f32607be91
SHA256 72ea147d2ca8d87cb399ac89fb0697c0591bd168f8c3089acd46fa77d16ac7f4
SHA512 05786fde8f07f94bb36891641ac7b8b01557ec6f4939083be915cd1526f615dc66ca426d3fec5a7bfeb57d7eb9860a65378775192d250270064330f2328ce89e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

MD5 2c5d4cee1e919bc5cab1ed33e17ccf3a
SHA1 b4fa92ba7a5ee4ca6b8798f7234cc5027b1097ab
SHA256 dd5efcbfcf45c8a38a6ebe1a72e0357d401d829b4be4057d3e115af5a487d983
SHA512 3ff9d895dbb7357d3bf83172c8748e8efa6d56692f80a0ae77fdb671f2b1b4f006b4a07ff6b89d4684885512c5d11e3915dd22468ac392a2b511c535ab6d5193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65a17db215bfc27c_0

MD5 6fe1909a2650b471a4f63093ef2bea33
SHA1 b976728f1a47fe9bbc58cfa3fdd861c79f8b2c8a
SHA256 77c9958557db3dcf9f495dd5e213f9dc49dd3ba5d102792c2fdd0d0bd86b3464
SHA512 9b00c8a4a1b86657c6181a7d63b608696eeddc79dff6826b4afdb42d22e19b52ffd552df24e52635b2a854fa38faf95e419a4faaac3809f22bff2693c051e699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

MD5 08da12f398027ec6dbcb9b5f07326711
SHA1 2a47d2c4be993b3db60fbff6770ab356b7f489e8
SHA256 0ef3d0fe63f62da936ff531b608c536131fa68cdc69901e865c135f3914698d3
SHA512 e6a9f741b186500366b5fb85955bdd79c6381c7f5d06132af30dc5f6695e3985b7c7001ee8dab9a7fe1851a8edb58ec4a261d148ac68f699d92d00eaa46d31e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 9ca1d7964b9b9fd1a2d08ed2173f46d2
SHA1 cf34de70defc26f0f7eb79d08b4e6d1aea56d6f8
SHA256 63d73332920218d47aecb65bc3be280aa726b3feb9923a06290ade1c96c1140c
SHA512 797fe33a2ab6799cf3e07a3c2873523783945ba8c3e4e42fa8856ce1923fe2c2b00fa55c6f64b94e5c9e35c104e113776a006635a257d442f8fd4519cee7907f

memory/5992-1853-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5032715d5d104169_0

MD5 02b02c6f353aa9009bf112de1a6af659
SHA1 c13a87fd0a9303799b7d13f4cf19428392fe5cd9
SHA256 43722a7d68eedb79943de3794f6cee87f8391f80ded70e5d4bb47cbbb34fb94b
SHA512 f0b467a79414d20abe4c88991aa89c984a7ee95ff3610393844911a787b2cae15ea0770fed3493ee0fead39799dcbc259cfbc989a5171ace59a95601c6446d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

MD5 aa14d2f7beee8c7b3a3c4049b776d9c8
SHA1 460937aacb1c66648f4a8cf070d4c0a33641fb37
SHA256 313c1262f264265b43ca4742de7e6fbf966c05ace8dfd75b4f6d409b7805491d
SHA512 7c25c22194fa17437b9d8715785263d24b69c18b4f88ea510dba47f9b5eac30b45f6d4fdd79daece28d994f8d6841d1552ffaaa7ae6f828799b387d15db9e48f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 6de6fa0f3a55c062d12ceec64bbb2935
SHA1 05a84892636926afb54756a021071a27fef2302a
SHA256 4242d9d4da7b5e71d6b20c6cf71b606823f8a0b1a44647cbc66cde80f862a41c
SHA512 14ac235124beac804be33f832696d0b8d817687cd0022f82e3fffe6eb6220ede2f6acaf39aa6403197ee8974625579594766196c3d2425775423a76979958f55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 b724bb890c415eb6571c40ed66877459
SHA1 8353b7123a62871bfc04e81ec9f971854be97d1e
SHA256 67c42ee0de26d51451537733d9bf6ba0f6d35888fed3a0b4ce1a1af57a55559f
SHA512 4b9001750b34d4383cf2fdcd7080d4619579155bdaf8fea6f18931f6918a46eb8d31b4dee404ebd72c7425a27a81e59dec2c502a7373950c4993bb6239dd8785

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ceb88c56dd50d3e6_0

MD5 30b33116929424da1857a94686fe90a4
SHA1 fe3d7d0c6f2b20eb413249c150f051ffaed147a8
SHA256 94b5d95d4b197f387d6425008d276cb8a87bf392d4ac188c1dee1514f55ff878
SHA512 cfc3328321ba76dfd744cd2e95d34d03ab872d5de2239d8e1e2488d82a2ca4d90e0d2cffa8c81c54b8315f183c4f2eff61988c5739fb8a5140072684289df136

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52e13931ab5accf8_0

MD5 e6d8670392e2124c65fd12b307f17752
SHA1 60a0ee20df08b0f975278fb2d3202cd02e16228e
SHA256 221fa53ed5eda1adc86f46b54ced4ff1013743b37e3995cb878eab752f8c1fce
SHA512 abd1f6f104ace7b7ec5eeec4d2c77714478e51504106fa06fd87fe6029a1103eda4e75d2567895aa800af8ec541f1b16f6490014bd01ea36cfd0d26045de19a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 bc9c350cff3b52c1a6921754e3ffc442
SHA1 2042ffcd9ecb039191c5a94d7caa0499ac48d011
SHA256 5a00aa75c785e28ad07d05bb0696a64cbb12dbe6f741480fbc97afe9602af6bf
SHA512 7b8f0995912292c5c4470addb3552dbfb05583fc4a43ca305387504c66041bd18b0c02ff238011f6df75b9a6592a51af554c783a2e06923db6b33df23dfb6c8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 282e77fcd02695de471e1276146e4102
SHA1 77baca307ee0bc3da5f1abec96821569fe91a757
SHA256 c8a5cf21a6d3188045b4136e111099840d32fa0b0b068feae1b08ccba7d9b95d
SHA512 e44f75e7544620f6a014cea707c04be3e305b966f03256740860d531e3464088086892ab5d37273172056fc1643e06edb95c627f1f859f9842e73b701b0eb92b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8efaf556838c0a94_0

MD5 f6040bffc8066a12c04c3d056422a2b0
SHA1 de0fefa94835de236635ac8831217971e724c43a
SHA256 3f6b04ad31b8854621bb3c756d73a6df2380169aca4250dc36f1ddc50c12ae0a
SHA512 683af44f235770d0b31da824cb3ca3e6ebaa0738e38fbc9f291da25ac9c02f732c0fab57960ca8b1ab9a5a87a93480b48d742bb930943b8c1ed93487d9c3f08c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 4e90ef48ff27f8359c8217cd27b28cf9
SHA1 a3fd371970d798bd8076aa5ea74adf0357649d17
SHA256 4276ef4159629d9094119579eed1ffe24882ed4b94b980e2103aeeda406f2c1c
SHA512 195bcbbf8251aae096c8b5537b71055638fcba938dbe6ab4544bb3389f19a2fe082fc75ddd9df9d06978cd930bbbadb4c99da7c6ddfb4f6ef50a6ad5f32836bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\85a03f0172a89db3_0

MD5 95989f532601108eca1c205bab06fbd5
SHA1 289771751329bfb04dc625f6c000157efd3c4583
SHA256 c698d4f821682855a8c84e69667b845a62fa4820cb192a430460e721f32612cc
SHA512 5a5adc33b5e6f893dc7c3e326f972e3707e7b5c9fef041bd902c8d1c5347f6242ebc580cbfe87ea85303109dc13f94a4708b7e547764dc7bcbea8587e1d5ddf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

MD5 6c9ec86a47a950702ed50c4a72ca5391
SHA1 db5f62a143de07fb8280cf56eb844683bbdfa66c
SHA256 f1058efeda5f373deefce83f2c9cb621c128c773173844469ed41c242d55dda3
SHA512 ec874c41cdaaf1e87e9aba8b99a7a840cbce601da10d78ccb7fd9448540f1a3724954ecb5bbc9b1e656d622a1916dcbb4651ea8353416c56dba5043d883682d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

MD5 ac70337d3acec36fd377e565b857239a
SHA1 36f5c2f2a346dd31daeba2c8e8bc205f2f635f62
SHA256 7a4c925c82570dd533e1dfe335b76907b9e9b4fcb976dc80a332f4864e6ff937
SHA512 8fa094277a5b0b188b625039336a9dcf9685776f6eee6eea1869d42c127abc460f28fdccbfb2742bd10f93bb47ee9f7ddb21f1e6b2864cabfe70f8d652321597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 de32737d7b78d59d3b3ac1ed86b8b75a
SHA1 86b082ea420c675fd208c4cf2151404743d22d0a
SHA256 3132bf016f202031778eabca678111d34eecb06b3bb3ca9b3ea4a6eac72fc85f
SHA512 f708fc1bb918ef94db3aeaf64827494cb551556db098e2eee6cdb3de600acbe1db89e0e2b44399ef5904b1f6de7da815bd800740c994aadb89f73e0c729c99ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 fcbb3632a19c6bf635af1cecddfccdd3
SHA1 c7abf81dd25c64d7b83da3a21e338a3ac841f52f
SHA256 c83794d4779a3b66296acd7fe86a2fb30494ae2ae2966983fcf56d0754554266
SHA512 6e3b231959f0562e8ccbfaee693bc3a0d2dfe93805531858ca837a0cf52b2e4856689a3f48543b955a6b32788f6fd43c0dbbb442c76905ed700d1d7f175fd875

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95e4d4088a582378_0

MD5 cd22fccd932add254c0806695ef57f4f
SHA1 cda966765a48818806f8715a71916046331bae0d
SHA256 b97b7eee5f1a647106d1ccb645b834b266b15a541511f5529b781bd080acb8c6
SHA512 9b8bc61765b06d16ff6ef21a518f335be4eede5a4e25e96c7b13a7906fa93bda589352031b568cff64dc4da098294b305be3077278e0a4c7025e2601b99d57a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 117298a8c8abde0b6829580e083589fe
SHA1 743418019964bb5e2b80a8a7c6466fb2010d8cef
SHA256 abad31e292318abfe9382ee137b6382357aef3ad0814570c46ca87e9366ac3c7
SHA512 25e168040a018be19931ee0350f51717bea150054619116d390b8674ff76865d55d50ca026563a5125cf086aa6235ced02c0aeae8f67fc4baa48b62099f2643b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 34d94fdec990e576665070ef4d2fe5f6
SHA1 a6d47ada4809854bf6341cb01d20ab375f0d9a3c
SHA256 939fb2730e0117a75f42e2349f797b0ba5fec1e1f464a15e97f0269cc59b92a9
SHA512 c80204c40a0c2392629c2eb26e398463fcf49da71b0fdacff2e53efb233195cd287b4cb4b82767b2a034f8ea3c7c32901e37f166e178788e53ac70010aa1b1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b9a8f1b0813fa7b_0

MD5 2545cc05648c65881ca7f1e12110a464
SHA1 f2730231ec924a79d3bc3c878d141b37efa6c5e9
SHA256 1a79af7ef891565be2f5605e29530906d44ce0540c7bdcf9317d84e3bbf85335
SHA512 46299ecdf0d1598e48b1fb7723c439a2a46c46f9750c05264c027193e1bd61f73505a8bcafdea0803f883c38e60045fa1ca03d9b49634ae154c4ad6cce9663f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 de2e7a27709efc53ef4cdf7be7f55d46
SHA1 afa5fb1e309e93793213852acf4c3f0cdb1f8f59
SHA256 7e7a648f12a4169341d4312e60de52c134f356de21abfbae8c4da142ade14059
SHA512 7a48d34a049c674997a3d5bf088812222f6f0e618faecd66f77fe9176cee39d1450b079eb5683a433dd44eec7d73fb205003ea5c5584b9d5b4b344ce3af24a50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 ba7cda92b08a9cce667df945efdcf6b5
SHA1 90e9fdc2362ced1083eee9c3aa82e7cadb96b914
SHA256 4704f286acdc77b09066c0a7ca10f39dd23b1d67d2d70ea11b8d4f325f6816db
SHA512 879d9a7935df73aca7e712190dae6061ca82c3322b250850719b8d57e24a95a68e7bcb77d93b4408536c1d6f3c3e0581c74f7e8c840b99041a723a45dac00489

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

MD5 07984bbad895152abf8449ce7021389e
SHA1 fb01f5b462b202e73df7138e4524908082283a30
SHA256 3cd69e3bc10fe2a4466ae4c1bbab790a0652be4faf6db19c6eb65375e4ee600b
SHA512 31ab7b6145d3fa93874349f8698800374613b7af112682e7da4585a6c43a10f1f55ec484a4eab673053ff74dba1037e257a4f10138a23a13420293b01847107d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

MD5 80094e6d4919695fbc1309bcf805b565
SHA1 cf759bcd66fd5ccbecf5c7ae2bee89bcc85569ab
SHA256 58267183bf4801717b9bca50c314ea064802faf8f7be8a2cece1a076effd1648
SHA512 d9fc28715833336715aa441f69589d18c91e90c80c2ceea8983a23d40fee571bd805cf5dd16f2a81fa2bc67df6428312ed56931a9e552b652bb6e11d3a9a61b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 a3c5021a6614d2b2237083729d9bc4cd
SHA1 0ec56dd0a517e090dbdf74007836139e957ef4a8
SHA256 c83787da63f1d12ddf1f733193d1109011cd51e1fa2c5f7d18b40a2b1d9472bd
SHA512 2418188ffd547d0928e4c35955651f214f2b440b5eba90b585a3aff3aa4325a851b9c01d17e7577e0adb5a1bad397db126e15a96d08b519856b3f2c39e623de5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 155cbc400257286a4b5043b2411eaf80
SHA1 180703e0b6b3ee0e9e2407a26c03884fdc4fd870
SHA256 40f9226bac57f54b30c036c8280dc65a15c99e4ba9a4d17a2dc62b51ead59f37
SHA512 73969816bfaae2eec3daa87c2f6803bb6ea3404cb7c058476970f7c81479989d9f43eb95ede7bc852846e8fbc835d05407c2ec44849b36abb2e2ac808b7206cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\33344242e53a085d_0

MD5 d8db88768dec7e16f853b6b835cafbeb
SHA1 fee5f8006faea6eafb12365f27ffaa63d307602e
SHA256 965cba486e65074f1f1988096c982d339593bf4e2ed49f4475cdc8f6dc318a5f
SHA512 efd3f66cf371e97e20bb7eaeef1a073977ec867f3cd0058436d876d332ea84e7bd9f005e769692e72d1b47b5e9d02b5aee09afc4eb09dde851d905c9a47e504e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 f6e11e385af7dfbc06e3493f6e200a8a
SHA1 14461619b4005c2bba46a988be5826d7fe353e58
SHA256 1c046a3a7c5877595216dff61def32eacbea83efaec77d8322419671b657a08d
SHA512 b263c967f8208a1a70224a4c69b5df0d84d2b47c88276edb728f9ff58a27a250171731f70742ae1c94cf4aa82a7f71011846aef145bfdf3a01f49bdee7a64e12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 49f9770bcf77d3e83737712fcc5dea5b
SHA1 7a39d0b3d45212b9e5f0ec7f403c8f005f27fa35
SHA256 c4f5f466941e95ae32caeb4d823cd7e37735b88a42cc3ae63299f1418b3fda1f
SHA512 ce8dff7f6ca73ca211db847064adbd7d87e4d6ec8b3db7b54f8c8c88f21d91e96ffe5f255ee830c94a6c08a66aa6fe2dd0fff05453e2b0cc4a1baf07d638f7ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 0af0182581332bdd610a23f6fdf064ee
SHA1 198ff85746b5c981c103a704471b803ff667803d
SHA256 15c1032b0a2de4df6cf6d29e6938e039ce724bea783da9568f4c8b5d709fc4dc
SHA512 b6616b16045d008c39ea5914bb8befacf313bb475b521cd8868f727b99008711d5cfcba0583ccf3925534f38af4b5ca79ff2ce07600a7ae276d0de135182b567

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 ebcfba7ed0c0d44146b1d447cdba9812
SHA1 2de6b7168fe64c3859569b5edc485cacc55ae1cd
SHA256 eb3e43ee3182978a00bd4149316f99f51b2c851d5900eebc7bedfa5626aac162
SHA512 284dffc116349c9d17b77e7d2aba452ad4d3c46f9b4d9547ccced0bdffc11cf2d26e9a2031641e56cec4bfa4ad6079b7d75a7af7917d767053eff2bfe171b570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ef7e03acd294b44_0

MD5 c05d3cbf4ba49878503934fa65426e5f
SHA1 c4d1e159b6cfbe1f2878f0da72e7e1725c4786dc
SHA256 7f3701b9002186021564e108d65556f580d7872c89202af7b08dc55c3779826e
SHA512 c1ab856d6b9405b54a35dd7ae8a0c37c3e7e0e073d1b4556436c1ce37c14a8f23ff99bbcc4c9ad035f84b494d0e1639b759b330eb0b68bf7cc22ce707b018718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0

MD5 3e179d1e9e35a6805701a7decdad0a46
SHA1 d175da5da89b90642684fdcefff31040db356eba
SHA256 9d130a182c0979b8be443da4058161155e41b76c62c64ff1a118ba0940cb02bb
SHA512 0cdf154698f29eccb395081b654689e24cca079fbb5ae3e2c21328f63d7494973c9a1430aca5f515968d8f5cda73cee99ab7b53d093550a7af689279748b0fe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\980811a96f4b3192_0

MD5 c1100228926ac915cc010f19ecf633ad
SHA1 6442aa5524b87ad7d336ac9fd5d746d361a31b3f
SHA256 77c0d28d2fe07779e9c1fb01acb4391e057ffa576434dcf3ec2c89d30ada29d8
SHA512 92389c90945d91e468c3b65a8553fed63ffd7493a511fcfe0fcd63959fdefafd128e84e11d5c35f759de8564d9ec276d622ce78f14a5b3d94b31553cdf932b1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6555170fcde345a8_0

MD5 8d00869c88a01e855ff609b0e81743b4
SHA1 5f8cc8cecdc43575df663a6a5a6ff1a33936e0c7
SHA256 72dabc800deac836096d4a772834392128050e9f6d9ce97906f5f748f858ae2f
SHA512 0f3b020533da8d33af27c6303e669d79bb73c067cbcb5530a02dc805c9fb9ac1e17b977063a01c85ac2f952482b2d4a89bef2a7df4ef3b8b69633986c8e44259

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71cf33e27b57a88e_0

MD5 20e3e4310afe591055fe9bfbd2e8675c
SHA1 c5fb88fc52db214006b5a8c3130b56b79e251338
SHA256 df8c96eed07e1cc403afb15baf14cb4d9f3f28b876acb426c2bbe04de7151ced
SHA512 4ede287739952a7cad48d15e5c015646d92fa4e40190d33e0a2c2e97aeb6a0a1b6fa067ed29119447623ad7de1e822bbf2852e76b12506714aa4197fa64c5571

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 f94aaa18101ab5bcd6e8d7b574048f2e
SHA1 a33cab868ef06afcaf28d49280e3e47ea367df74
SHA256 30901d83cabb00e042de72be2762ecadafd0e1a38a6d4fef432502cf4d7bb64d
SHA512 8e69588a390058a7a4f805dffd1913a50b9fd5d6bb41002a5687c575342a1b5730cbc79d838b20701a8a61b3e6f481cecb2133a6383d76ddee6ab6d17efe6d6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 5218b429ae952ce712ae37c0e618ca10
SHA1 34b6dff98ccadde5e733c80c9ab5b76211c8f677
SHA256 36affeb7c8e2e4d22e79466041e8e51c3f09c099938aadc25c93a5f8a9017915
SHA512 5d3fab395060c8849a11721e2ee7d3b48251a2717348331bab1e7f76e5256785f1018bad799296431ef1a8ff89f27445a34faa480bf08bdf70455961f9a61a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

MD5 b0ef5a09e178138937ace62cb5ad9a43
SHA1 2887ac6061516276cee143f80530e81428a2aada
SHA256 61ccc418b52b3ff364e64769064f697ae2f8cce01bb3366458ddecae20d1a02f
SHA512 15ad9d695c42cfeb45161a1fc56602ea6215e39ef13ec5a1bec9c9774890215cc22f80ecb94cb464cf0f0a0f4c1d23c8bbf4952e1c5ac2867fc56975a7a0164c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb54ea115c7ad0a20072f468faa097b5
SHA1 3b096c7741f8a48224a754ab275e4af68b48cd35
SHA256 3aeb3fce4a0e0b7af47968d33092c2ea85f420852d983514267ee63b73e80105
SHA512 30a4e642956d714bfac509862f94797c402a615048104e4bb62e814863aed5d57b8ed430ed6ecfc47e245c59ff3bf194fad0f3b568e74b9ff127c555b57a8cb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

MD5 46e63a590e31dc9409f9f7fed0b4303a
SHA1 e9cf1407ec5c6ba5776ad99ca9690a6766712144
SHA256 696f6293c21391789b10ffde3480b998056c64b37c16c10bccfb33d0df2289f5
SHA512 e754d787630a81dbb3b5a630548dbc3bb26b20e65e0482e98bff2753c4d0d15dfc239e09e195e7e58e9a9664b2d46c114acf97b660d880ffe184c9de22a5665b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

MD5 3eb02b167ee7446a7e48dbfca9ccfa55
SHA1 dd6de9131d5d16037ba83a09d114c760b115aa7a
SHA256 4372e8d4d3890d1413faaf24359f1324b850c824b931385f564273c2f0be197e
SHA512 381c8fc4ff995733f8b58513902a94d16f7677964fe41bc040d6357bf0473b8172cab889ac4ac59212351272d80ae751a3217ee7e04a60256d3df3467740aefa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 1ddb4105404583cbea6000b72cb2d08f
SHA1 1b67aa35113e61b82bff336d279b035a5f9e6e31
SHA256 e1767d2cbbf0f52cc9127432e8d4fc6601b69f4db974f2dbc5c57710cee3b2bf
SHA512 e916d102f9535cff32c5f54767c95f5ec2579ef2588bb6f27aa6b399499e6695cb0a00f9a735d7dfb37aea2b10ebde65021de246964867f54207737fe790fd3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b462fc8990cd7fd_0

MD5 72d814685d41592eab4a4240aea65589
SHA1 9827abc1c933cedbce078b603e5e8ca48728bfa1
SHA256 4581eabe435557be834b7505352ec34f6fb0bf66e97c30d553e1b159b9165fc1
SHA512 b9e373bc03cf024c1af7ebf68b9d7cc23cf2e1f21fd24125ecec7e152ac01b6769321cf7204fbef25f21b420bf7699b59a15e377756f2a39c1644bc8858e5cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62f20db8aae8f96d_0

MD5 0303c3ca6c47e04313d02b457691836d
SHA1 6067ca1203d82bb2fcf063df411876004bc7f477
SHA256 c2f9477d60a7ba927b983e8168fd82c0d473a7c6b02f79c310a6b2b8403882fe
SHA512 fa79059aac1a5c26a988314c547de832fdcf53d8e6ba060793da6d1554f6a2e18c9f1fe1987ac5c246bca8f4e859ed16c445f831057ca09e02a86b4271bb70a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0

MD5 8312bd6620a75f6da5a17267293fe620
SHA1 be2b88684d669e48be61bea8c729f0465848d3ed
SHA256 917c3a51fea3aebd18727f30b4b755e936bf1329bbc963c396b1ee3b7675f4ab
SHA512 b6795fce4f310a867eedbb54206900c073d1088a5fadb70af36d4ebb944197235ff1395e0b8d81ae4bfb9b064216cc471488dbe44656de01d80845fc4ea563d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 ae41a57ba3ece80bcd4cf1bc9009ffda
SHA1 4d65fe38198c1be5942601ad91cde302a43b4896
SHA256 ba2c094323ab61c93aa18ee48d489fe9b40b6ab824ca73d4d7f239cc25273c0b
SHA512 e23e8506cb59b19b28977eaa56432d4328a31019b2e5fb60c1f1c6333f7bfbb9f1448c7ca5dda875a5e5a99378ac42271d2b39484fa883b7653e6efc39b1df15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 2a68728fb84b8e5a9f11554cfe32b50f
SHA1 91cdd7bfeb6e76266d39092724f606c085a8404d
SHA256 453de816764d1c78171cac0a5e999f661b7acfd16a188a899aae574d1a658780
SHA512 ed4d8cd87b1dc2733175883bc603152be5466888a1ad49ce8eed13a987b69fa1d219d8f269951468aa890f25ede6fd48dc99dee87a7f449838076006d2316ea4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 d670323a21a5e0e8762ef746d611b48d
SHA1 6f4993b2178fc283db921f8387d89ce810a0d402
SHA256 6ca82af0c79abbf8c173ed138ca5a346ecfb8032fcbef7c3126609b8569deb3f
SHA512 78e70be0cea4828a4cf98f1db059c1067568ee2cefea88c21ceb61c783e5f000ab1438374bd3826675eba4264898ed427a6a81dbd0fbac6996978b979f3ae114

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 59f5fe1d143506f7f9ba6839b9074a5d
SHA1 0fe2c2b89e5da4a9bce400093f059c5567ded473
SHA256 9465744bf7c0eb7257a524deeb8da2a1794424bc184945ccc3c0dda3ccb3d747
SHA512 b1e110f6afb18ee15fe7aa69d7723418a848491efeff37076b525b3601cdb276c84d5c2bbc844c6fe448018b0241e4105aa0278b35417f690f3b4473a56930d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0

MD5 fedce917d06dafcc96212dadb163b145
SHA1 948ea3dcb893c3eb502b962fddb113a7a50a1423
SHA256 808fa1a484e33debdee52a6dccba8f44ba6032c20d3e51749107f1db58a77b8b
SHA512 f701222fb6e1d95d3492b45de2bc8a16f208ff2ce1a77cbf745a830d32d095e2fd34305e542b79b4bace376b5b5d9f41dfa14ce6aa8d473144fb3c35a3d8565d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94f93ada55bda7c3_0

MD5 34ac72567dcf3c7a6be94afabb63a176
SHA1 b24c3cd9cb211794ba87db49d2c8f24ae5e42999
SHA256 4b8391a1705d19503ba1f30e12733c4e94549ea957ae1483024dadf567921d26
SHA512 7497ac144dd3ab1d4eb274dbfd5693d0181f18df5b9add796ac5ae538e2ca11d94ec1c16c5c9a4c379f0da1ee6e51a597268f595bb132a5bc4b13981a2ddfb9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

MD5 4925ede4fef2e5d2f57814aec2d5e778
SHA1 22d4ac2e456e9b44cd77d5f86c0eb399da167fb2
SHA256 39baf0b2a3d504f0d259dcb25894986a4b7461a3010e088e870d693f0671bac2
SHA512 e32c9c85343d9eedbd97e3ff406fe802b73ed8c48a3e010a76d5be25d47ceef78fa9cdb3277602a99b4feaafe3c3ce46fda721a21d9118c88b213dc5084441de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

MD5 73ca4ccd1fe590f745c88ec8afab5efa
SHA1 2d1d88e52ef9e56c9ef4755f40cd01904b2ee82e
SHA256 6c0bde2873d3cfed3be0d3cbcf3257c2c5639c8e759b9ea79b10e7710b65ae0e
SHA512 bf13237801044bb22cd8c6ec03c611f94395d73d15d68dbfa74ce3f73ef2b14f862039ee9d46b6ac2f2133a23ca701f7e451024bb0f55f9110dd3fa1f3f30545

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\603d2267d522446c_0

MD5 a44defc02e29d9f84b6a5807e303e622
SHA1 96a8f9c667ffc3c3d5031ea4040ff309f1670739
SHA256 cc72ad3595cc36f52ae43b4086f7cabd9080bad9fd93e730a473a1c633147618
SHA512 6b714c6d4e7dabee535af7a962347822b00ced709c5c2ae9758fa10146022cf6c71afbb4a2d16b50523134bc1526cfcec27bb70c6716c095aaa2500c88f110c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 d33be189bf6df26416d92ae3760e8256
SHA1 fc33759f2351ace0672f2c523dbcba694f9910cd
SHA256 a9bfb33a25f339e11da1fbe8c48f071132d62780fbccaf4d6bb7fed268951c66
SHA512 c895fcb872e75fb567861e1dc437adc57c601492979c3e8c9dbde8b16f92f0cd48826dac15b795870150593109da4e9e818c45c772e78354d50fc5b0da30c7dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718cc3a9e092869d_0

MD5 45854a20c72942cf8365949137c3f7c3
SHA1 6c855f7a1046e77292eb41e6f59ca0aa4c67275e
SHA256 40a6263625b18149f264e4313cfba78c8048f2343e6a2fd4953f483de63cee51
SHA512 e4981166b9d47b7bacb44bf23daae4474c026cf193c0cf7d7bc45c2241977fd73e94c03fe8568755778ac4bcd24e481196b89c3cd2334d937e6b0cf8527453e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

MD5 a7e728d64c9ed0cd38aa49f0df17fe34
SHA1 4955c44a3b0782ccf99ec6561eef69838b1dbf3e
SHA256 b116735ffc8ce013fee1db0bdcb7be17439dea10020b4f6d88892182a67ccb36
SHA512 fe573e20e0352b8079d3f7d5263393a53aa17e77866be8891c91472cb3a48ab7999e18c3e191f09173d364d1dba2f2c1492ef4272cb4eda22352061bc2b1f635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 914852d8a6133d5e931f976b2c18607e
SHA1 4375c865083b62c5d62dfc09619a8c5fe79fd61e
SHA256 81f15e3b25f665d5f4cbd09f47f3a38aa66dcd1c6675eb4ade541003dad9fcf1
SHA512 da1bda3165065a61237edd7353aa5655f54454dac88097d39fc240d72f79b820dadd00d5874925a0cd008390cfc0fc935886e236bf7f7364a5563ff8c4b29a2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 0d33f3b68490690d8b9a44e99df6eb3f
SHA1 c9c6594c4e95bb5007e8564c89b2624e33696bd7
SHA256 7ddd2f2bc57b7eebdf507419c091d69920e02967749e36c8d871d5c65a6ddd32
SHA512 9060285720e4c6a70a0f6e55620b63fa8c58af16b9fea07f2ee12e01713ed0da45bb3cee19d31dde22269cd2f39cbd197358827e3015641bc9a97e56265e6ba3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

memory/5992-2035-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6992f672bfa5161f_0

MD5 8087a81f73aed924b6e094b74a333ac4
SHA1 9b7beaf4711faf7680364694b76058e4ebead293
SHA256 96115f1b54d6c7ccdb723a652f218c82ed9bc7a4f2b9273d5f2ab969e29ea2ee
SHA512 b93cb9108a27ca59b6fa376bc28b27940944500721f71d405ee5e6a18b13fc713adc9fe16d464d756603fdb999a7471acb6138c0cf0b6e8377d2f028f8d8ba8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30caf2d6cb2d3ac2_0

MD5 d81cbdb819ef1a15352fef40bd65b1d8
SHA1 e7207d63bf8c6fa3ef23d502a11cdb80b7b7b500
SHA256 ee772cb8e77e0dc46c738040171f1d5a7137e7ff7a92e7aeb6ffd8ecc5a47d03
SHA512 b0e5401d2fffb3c92d04683a007e47e99316b6fdaeef8f18f257f39509f1ebe1bff8e551566df164baaf06a3d01795b224c040908ecb3b38aae4cb85145440eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eabf1abeab496083_0

MD5 d2d101ae373ee370fc76fbc9563441fa
SHA1 e80c4f2d93a10cb1edff1086d1bda6ec59f16b29
SHA256 b280f2412f01378727cb72b38fe4a04f41ef6d05f01fe7a48cd8a89f9376b4d3
SHA512 20f686a87189ecb20266b1234bd265ec81a43b2dd32bcadb1bfb9b3ea0b23de8fa4cb8ed38b753accecbf4202786fbc042f766e70985b32756fe0e600bf569ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ebf7866f2c21266200e8811a03f9906
SHA1 858be778a5bc547f966d06dc7ad283bd3a44edf7
SHA256 df07de8493cb30b80890a49870c7c0a059a31f3c718284981e19b53b0a0b5622
SHA512 0f04dc152b38831adf2df4ccc58d7f98aff6e50e23f489c6e359133bc2af0c07286b1d4bb3d71701822abb5156c23d25a1e8a0319dea89ccb7117751afff32ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0

MD5 6e99ba9bdd97be82a975cf3f409672bd
SHA1 c192d7eaa66b90f82c6d4de4fe227e91fa3f5d48
SHA256 9d35b178150ffea9958561ef041a8da1214a0e00316870a68c8a2a528a76e382
SHA512 63d924dd1839005e319991067881e8b233aec8f1a2b56058d00d9a0a68d08caba4a487f500162863bd0e388eeeead504532468bcf8f3359554e3fe576c509e8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

MD5 1482a9557029799e80001c380a48b3d3
SHA1 c36dbe12f2ccb1364e3e8b6d5f0893430ca302c2
SHA256 ccfd5519bb681438efd55d666d4514a98a8bc081f0064414633e5547cfb818da
SHA512 f1536a8e88e5cd7b281edaab89cce9c7c3171d9337732020b9b069058be79a445268eed1ead6db3f9aea13d4ebb86b3ce3d2fe89722a7af391eb67815684faf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59fc8adf66a76ab9_0

MD5 f321e720075a99c8f320b2532f02e63b
SHA1 b8f2f46c094dc3e7a81b0420f1dc30859e00e7aa
SHA256 bc5a5bc00ebe882818fa5e3346577fc6c3799e172850cfff62820e0734364a1c
SHA512 eb1366b7d63b826af4b8264cdf9dcf8610ba77d734bb7ff1557d339cd7b71949d6184e35fdb9a27d15794f4509fe63b0fbfb7b653dbe2216a77cf11839b105f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07f53c03d60c350_0

MD5 d7061b0ffc5b763e68f74be5107d3b0b
SHA1 447f983ba77344c41f0abc07a27cc51acec2484e
SHA256 89be792fc8c16b1f9a4ecfbd3962dc7dcaf4cd5161a9102a32161cf5202682f0
SHA512 330961ce25e90e82ad17d889a3a5e85c61cad29c4661f5ee5fbe63ef1464660aadaf1583a51065e97e9089e3e2244630e10bb26f5e3e8c08329d0a1451361733

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 e21bd2a83b3c6f98170a9c970b017667
SHA1 24d21dce652b7796f49939b65f4d894b0147c6bf
SHA256 750f6648d859eacc51b351dc000418c6f76057feb8e8effcaadd8fc186e8af79
SHA512 c518bcabcbc961b896f74ded230c7b135dd17ed7a64c0a46071f4a1c44a546a73fd241ceb64868adec7563f81150fde59330511bbd9b46ad9a553e4c5774bee5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 588bffb16765aa2e18c3b70caa4260fa
SHA1 c0838164f874ca1937e904d16208e40c098a5eff
SHA256 32058eac35d9b488bd097437a938777d285dbd3663373b3c4f7f329faf841a88
SHA512 b175c92be6a12a3d97a179a06ce13ddb075c8c41287ba549a4c98cdc797cec6dc95890d63846309fcafea9008936cfe2e2a8a699fab45f5f0536d4d20ff30521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

MD5 5ceddf2c1e7f82f8ee5a5f6441ade756
SHA1 ffc0855f52df74bc70c0e6637596b3f4905c3e85
SHA256 ba332fafc9926d548dd9bff84c4d6c61dfd22b9dee5d97770eb0c8b5329fa410
SHA512 b039a00cab34cfa74cb4054594096d4a337c400e00a793462a6c52eaa530a1b0d98b748e7bdaf6e58f49c1bdab2af1db3cd4baa62b43b50cf8b4fb573761294a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 ed05909235fb56f91d4de5a6f54c3f5f
SHA1 4e46a653c3db05ddd5eb16d9dd633f7d379833ad
SHA256 cecb5c1ef6c8054b221d439c81cbc41bf17877942a62e8f238a80e3279b7d580
SHA512 bbfbb6b07b97f18e58f3fef1334d460422387b01063a44b1ed52a43c6febd65b4f39d650059cfef6df3eba942df89069243eb57abf843060ed87672b938c0236

memory/5992-2211-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 870bd954b67ca553319b048a9ad74ed9
SHA1 a1b0f34f04f7abeb16b199dfd76f6ea818c6c6ee
SHA256 093be3283ba4990bd580bcf8b6d023882c611bf69d44c9d3ee42b6e005268d01
SHA512 1283c78cf62d56da7becc8d724e9af6cdf5f81edc3ac23583149e52d99afa1690e055cefaf276f4386e355747722aa917018e94a1275aac901613fa90636ac59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 ffc507ab662c24424f3fcb9e8d2eecf9
SHA1 f447984c038d8ece67915c0492e8610894dbc255
SHA256 0468c9bba7e5bb67ac35bc4f4609a257e6fc542e4faddcb494e285e60e9bf170
SHA512 6cecb73607062e2f7280b2cd0f33c014b1fc5190c34120452bd297001b0ed585dc35a451fda300de6864098896a76006a6577ffcc98fd8c0b0d4ed7f961ebece

memory/5992-2319-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f84150efa0ce5025d35d2aaa99ee8346
SHA1 eeabfb109e41706fba8573c978ee7fd699c0f831
SHA256 6359a1d422a4eae8806d4170976d8f2590a8f1b22a3f8863fd7a3c007b140d6c
SHA512 a8f3e2450b4ddf2c3dc5a7e5e1e15fe8f02926270a04185aaf93852ad01ef6ba2d28e9e8ed9df90bcb2997d3222a0b39f6f21dd361ac274b14c6ed799ce7703e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4d545f295c34b3254eb28959375ab259
SHA1 f7889c45de18c6cb4ed42ab46c9ad961a85a0b69
SHA256 d0680c2157ea6e1a3ef2689a097afc9f81e934fddceffaed2631f110f5a61e48
SHA512 729f3cfbf9cce527673bc70b9b2d6565bdb840f2f99f507af0f2e2d48a355a704da1c98d19ae08e16d9965eef6232cba708f54be8ecbe845b8c66208d08081ec

memory/5992-2386-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c08ebc849c2c0cda_0

MD5 e304bba516b82bef84c36086b5c7bb57
SHA1 c7c70536ea245f634e948a78aa7aeef466826175
SHA256 883e81b673dbad83188bdf91f6bb7eb0eac2971bfa60afe69e92a007528653e7
SHA512 fd8ff1c8de31f9e15decbf4c354972edced3f7f8966b957840c42fa1c945a637f29e6376e6c712a36e493d2dd1ae894bf954f3f9ff9b24518f54629b7818caa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb0e8925a3b55508_0

MD5 ec7b835b835601194bdc68980ad96eac
SHA1 33ca83610ee1f00c7541cab31e67c583db55744a
SHA256 2832580eea063044d0b349a9e31af93a6238c68719d83cd6994a1f2949b05994
SHA512 7a78b19b6e42ba841c91c896ef5a8d0e097f275f5228fd88be9a45264f84eab1022c3bf03dae7fe3e7b681711a58e65a79ec881fabe488c0d288c3aef71b37de

memory/5992-2410-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d7ae03b6d161eaf3672b6990c6bf43e
SHA1 3af0adab74d656c3785a6e42e0b050f7ae93fc4c
SHA256 ed3538a3a53ac251c8892829ead2a4522ae60d14617d41009b5b268e0fdc4d65
SHA512 4e4df0f401701a2210995bcf2f42b707e0ab6e4c481dfc40b1cc5259c292f385881d0b5197fd2898be9649b4f4a2ce4ce99d8b518ecd52a7c8f692b56035fc69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 61fa83498502261be86e09ba62c73c57
SHA1 5b29d3dfcba0486958a20d0f129274cc10d345f3
SHA256 3c8c7dfd34dde82372ac321001905484a90986e382ecbf36cc6fafa485346574
SHA512 d46468a9ddcfa5bfd4462446a9ed540c9b64b94e3b3f67a204f531b422246b16a1445703cab559e244282023464859f19ecf4b980d110a2db03b1ceb7cbd063a

memory/5992-2444-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dbf866acd6c75629bc4b1aed3053cfd9
SHA1 e7bda51c2b30f89d8b8c93ae2b5d30ce29546523
SHA256 a1b63e158e424007286b45f43fcde4b45e804d5c667f8532dd754a62f3b24e09
SHA512 9a65b6523957962f2bbc52419c8941b53fbf9f7f8f2f7d6df5462ecb7adcfaa100776af53d8bcc3a612a8cd86a5769177a7cb1a131fe0c164634966d57d616f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7c7f1e82b318168e8e2af0b32049262c
SHA1 f303968e91235b4d9c55c20e4b0d4f4b7572a041
SHA256 ee3bc2d5f88255e6cba9428e004c1c072b6cdbd4c5354dd1477e1545e2736b89
SHA512 116dbc8b90da0b22bb271bbf25b260fc091349e6e6622f94c76732e5bfe91351f5b5c879a217100915ffafdb64a85bb57fce88db1078f0b3fa8d4001b7ab17b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c553e7874c696bd33ba2c7e593873c6b
SHA1 2ff4ccf82fdc804d30780fa5bfa2d016d3b54fbd
SHA256 0e4b99820bc5a9bfd12b64278244b6294e50c91a772413a3da019e3d15648e36
SHA512 fe7359c51690f4fcd07aed9a985cca7095dfb664caac2b38e904600734d3f7ac51aa4e49cd75b9b1d48d80b675d1c97515ad6543f5ff83e66393dbd979a94224

memory/5992-2481-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93dded06e2ddcaf85f58fd4f4e6e3e7a
SHA1 51e663d1161992f43b83a3daa9b1db7ac4856161
SHA256 c6bb296f754d9803bbd1b38cce57354941b9d422123872e8569de3fca19b612c
SHA512 ba85ae8384ec6b32d33b26f0b36c6ae1494a4ebd0e20a7b1b460562912b0a1d06245a6d2c8e5b767b3a4e7855a1a5b4c45e093ecb798e77bf938c5f14fe8c5c3

memory/5992-2487-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsxE8A.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

memory/5992-2892-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\nsxE8A.tmp\nsExec.dll

MD5 132e6153717a7f9710dcea4536f364cd
SHA1 e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
SHA256 d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
SHA512 9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

memory/5992-2936-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2937-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2938-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2941-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2942-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2943-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

memory/5992-2966-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2967-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2968-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2bfc64db76c326ebf298eccfc745ad8e
SHA1 ec829fda5e188a2726417bc6abef01a48d069dbd
SHA256 673d92fad98b4d5a6f4bcbcf39141477647c9739f19ed56b0376bababc9c8caa
SHA512 d2a65c70d3f5c7c41d4faefadf78b56718fef936079db7adec94355ca24bf1286cbd3677d6ced853c09b14f71ddc916c5a19a7cc8cbdeb7bbb7cfbafb1b8852a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5ea007.TMP

MD5 dd759774bcc1a38f06362b2cf9638578
SHA1 1fa9a8f6794a2684a771cd9d43e3fa877f21c092
SHA256 cb1f756498f44251d3603e361f9f6bfe823ad21492415379391187278b3ff73e
SHA512 572ab328b25f5ce0decf031398ce1904c6296a3918c7b9c4d36c813963739102a63afcdb1671fa969cfe8264cf3e41c1939a70bd18c7f054f766d86561a7e9f5

memory/5992-2983-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2984-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2987-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2989-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-2990-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3000-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3001-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3002-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3004-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3005-0x0000000000400000-0x000000000047F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a8029c4c86f6950134a01dd550ac9676
SHA1 edc3e4685a46fc1c1f6793d7218180a0d41e0a83
SHA256 1ad6ed2345af5f10ef2a52f5c9f698d24f556ec66d41cdb2aa590aa2ec5e3ad0
SHA512 f23f052f7e94446ca95335e7113cc2b497da844037e09db5082ef11e24fd5dee7e617cbb265a3d8c3679e4e49ea22f887320f361c5a3c0db8199e399ec6799a0

memory/5992-3015-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3021-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3032-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3033-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3035-0x0000000000400000-0x000000000047F000-memory.dmp

memory/5992-3036-0x0000000000400000-0x000000000047F000-memory.dmp