chaos | hxxps://download2339[.]mediafire[.]com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit[.]7z

max time kernel
501s
max time network
484s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-08-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2339.mediafire.com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit.7z

Score

10^/10

chaos aspackv2 bootkit defense_evasion discovery evasion execution impact persistence ransomware spyware stealer trojan upx

Malware Config

Signatures

Chaos
Ransomware family first seen in June 2021.
ransomware chaos

Chaos Ransomware 4 IoCs

resource	yara_rule
behavioral1/files/0x000100000002aec3-4289.dat	family_chaos
behavioral1/memory/5428-4291-0x0000000000C50000-0x0000000000C70000-memory.dmp	family_chaos
behavioral1/memory/3600-4365-0x0000000000400000-0x00000000005D5000-memory.dmp	family_chaos
behavioral1/memory/3600-4370-0x0000000000400000-0x00000000005D5000-memory.dmp	family_chaos

UAC bypass 3 TTPs 2 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs

ransomware evasion

Inhibit System Recovery

T1490

pid	Process
5364	bcdedit.exe
4156	bcdedit.exe

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Deletes backup catalog 3 TTPs 1 IoCs

Uses wbadmin.exe to inhibit system recovery.

ransomware

Command and Scripting Interpreter

T1059

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
4884	wbadmin.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000100000002aaac-950.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	svchost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\covid29-is-here.txt	svchost.exe

Executes dropped EXE 15 IoCs

pid	Process
896	BonziKill.exe
4000	BonziBuddy_original.exe
760	BonziKill.exe
3732	BonziBuddy_original.exe
5196	tv_enua.exe
3448	BonziBDY_4.EXE
2992	BonziBDY_35.EXE
5892	mbr.exe
5428	Cov29Cry.exe
4236	svchost.exe
1884	Cov29LockScreen.exe
4372	HorrorTrojan123 (1).exe
484	HorrorTrojan123 (1).exe
4396	HorrorTrojan123 (1).exe
5368	MEMZ.exe

Loads dropped DLL 23 IoCs

pid	Process
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
2008	BonziBuddy432.exe
5196	tv_enua.exe
5692	regsvr32.exe
5692	regsvr32.exe
5708	regsvr32.exe
3448	BonziBDY_4.EXE
3448	BonziBDY_4.EXE
3448	BonziBDY_4.EXE
3448	BonziBDY_4.EXE
2992	BonziBDY_35.EXE
2992	BonziBDY_35.EXE
2992	BonziBDY_35.EXE
2992	BonziBDY_35.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3600-4257-0x0000000000400000-0x00000000005D5000-memory.dmp	upx
behavioral1/memory/3600-4365-0x0000000000400000-0x00000000005D5000-memory.dmp	upx
behavioral1/memory/3600-4370-0x0000000000400000-0x00000000005D5000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 34 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	svchost.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-661032028-162657920-1226909816-1000\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
208	raw.githubusercontent.com
209	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	mbr.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SETFD86.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SETFD86.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5y8oadi6c.jpg"	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSINET.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\empop3.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\menu.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Intro2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg	BonziBuddy432.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File created	C:\Windows\fonts\SETFD74.tmp	tv_enua.exe
File created	C:\Windows\INF\SETFD75.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File created	C:\Windows\lhsp\tv\SETFD72.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File created	C:\Windows\lhsp\tv\SETFD61.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\SETFD73.tmp	tv_enua.exe
File created	C:\Windows\lhsp\help\SETFD73.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\INF\SETFD75.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\SETFD61.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\SETFD72.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\SETFD74.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BonziKill.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 32 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziKill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HorrorTrojan123 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mbr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HorrorTrojan123 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HorrorTrojan123 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy_original.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy_original.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_4.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cov29LockScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziKill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tv_enua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_35.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TrojanRansomCovid29.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1960	PING.EXE
5504	PING.EXE

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
2280	vssadmin.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4992	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\VERSION	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F67-055F-11D4-8F9B-00104BA312D6}\TypeLib	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\ = "Slider Appearance Property Page Object"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCommand.3\ = "SSCommand Control 3.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\ = "_DDateCombo"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\MiscStatus\ = "0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322982E1-0855-11D3-9DCF-DDFB3AB09E18}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D46-2CDD-11D3-9DD0-D3CD4078982A}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{07D0E280-EF44-11CD-836C-0000C0C14E92}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\VERSION	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSPanel\ = "SSPanel Control 3.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{643F1351-1D07-11CE-9E52-0000C0554C0A}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\ = "BonziBUDDY.CPeriod"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F59C2A4-4C01-4451-BE5B-09787B123A5E}\ProgID\ = "ActiveSkin.SkinEvent.1"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\Programmable	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6CFC9BA2-FE87-11D2-9DCF-ED29FAFE371D}\ = "SkinItem Class"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{311CFF50-3889-11CE-9E52-0000C0554C0A}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD7-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6}\ = "__clsStoryReader"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsDownloadManager\Clsid	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ = "Microsoft Toolbar Control, version 6.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ProgCtrl.2"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\ = "_DYearEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\ = "ISSReturnBoolean"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComProcTextures.1\CLSID\ = "{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon.3	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriod\Clsid\ = "{E26DD3CD-B06C-47BA-9766-5F264B858E09}"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{311CFF50-3889-11CE-9E52-0000C0554C0A}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinEvent.1\CLSID\ = "{8F59C2A4-4C01-4451-BE5B-09787B123A5E}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip.2	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F4900F5D-055F-11D4-8F9B-00104BA312D6}\1.1\0\win32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPopup\ = "ActiveSkin.SkinPopup Class"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{972DE6C1-8B09-11D2-B652-A1FD6CC34260}\TypeLib	BonziBuddy432.exe

Modifies registry key 1 TTPs 7 IoCs

Modify Registry

T1112

pid	Process
5312	reg.exe
5296	reg.exe
5140	reg.exe
5396	reg.exe
5364	reg.exe
5380	reg.exe
5388	reg.exe

NTFS ADS 10 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bon (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 665409.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.bat:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BonziKill.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Covid29 Ransomware.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 147816.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 746067.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 39263.crdownload:SmartScreen	msedge.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
1960	PING.EXE
5504	PING.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4236	svchost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
2916	msedge.exe
2916	msedge.exe
4848	identity_helper.exe
4848	identity_helper.exe
4628	msedge.exe
4628	msedge.exe
4764	msedge.exe
4764	msedge.exe
5048	msedge.exe
5048	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1440	msedge.exe
1440	msedge.exe
4876	msedge.exe
4876	msedge.exe
5796	msedge.exe
5796	msedge.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
5428	Cov29Cry.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4236	svchost.exe
4564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 55 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of AdjustPrivilegeToken 57 IoCs

description	pid	Process
Token: 33	580	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	580	AUDIODG.EXE
Token: SeShutdownPrivilege	6088	shutdown.exe
Token: SeRemoteShutdownPrivilege	6088	shutdown.exe
Token: SeDebugPrivilege	5428	Cov29Cry.exe
Token: SeDebugPrivilege	4236	svchost.exe
Token: SeBackupPrivilege	2120	vssvc.exe
Token: SeRestorePrivilege	2120	vssvc.exe
Token: SeAuditPrivilege	2120	vssvc.exe
Token: SeIncreaseQuotaPrivilege	2508	WMIC.exe
Token: SeSecurityPrivilege	2508	WMIC.exe
Token: SeTakeOwnershipPrivilege	2508	WMIC.exe
Token: SeLoadDriverPrivilege	2508	WMIC.exe
Token: SeSystemProfilePrivilege	2508	WMIC.exe
Token: SeSystemtimePrivilege	2508	WMIC.exe
Token: SeProfSingleProcessPrivilege	2508	WMIC.exe
Token: SeIncBasePriorityPrivilege	2508	WMIC.exe
Token: SeCreatePagefilePrivilege	2508	WMIC.exe
Token: SeBackupPrivilege	2508	WMIC.exe
Token: SeRestorePrivilege	2508	WMIC.exe
Token: SeShutdownPrivilege	2508	WMIC.exe
Token: SeDebugPrivilege	2508	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2508	WMIC.exe
Token: SeRemoteShutdownPrivilege	2508	WMIC.exe
Token: SeUndockPrivilege	2508	WMIC.exe
Token: SeManageVolumePrivilege	2508	WMIC.exe
Token: 33	2508	WMIC.exe
Token: 34	2508	WMIC.exe
Token: 35	2508	WMIC.exe
Token: 36	2508	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2508	WMIC.exe
Token: SeSecurityPrivilege	2508	WMIC.exe
Token: SeTakeOwnershipPrivilege	2508	WMIC.exe
Token: SeLoadDriverPrivilege	2508	WMIC.exe
Token: SeSystemProfilePrivilege	2508	WMIC.exe
Token: SeSystemtimePrivilege	2508	WMIC.exe
Token: SeProfSingleProcessPrivilege	2508	WMIC.exe
Token: SeIncBasePriorityPrivilege	2508	WMIC.exe
Token: SeCreatePagefilePrivilege	2508	WMIC.exe
Token: SeBackupPrivilege	2508	WMIC.exe
Token: SeRestorePrivilege	2508	WMIC.exe
Token: SeShutdownPrivilege	2508	WMIC.exe
Token: SeDebugPrivilege	2508	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2508	WMIC.exe
Token: SeRemoteShutdownPrivilege	2508	WMIC.exe
Token: SeUndockPrivilege	2508	WMIC.exe
Token: SeManageVolumePrivilege	2508	WMIC.exe
Token: 33	2508	WMIC.exe
Token: 34	2508	WMIC.exe
Token: 35	2508	WMIC.exe
Token: 36	2508	WMIC.exe
Token: SeBackupPrivilege	2412	wbengine.exe
Token: SeRestorePrivilege	2412	wbengine.exe
Token: SeSecurityPrivilege	2412	wbengine.exe
Token: SeDebugPrivilege	4992	taskkill.exe
Token: 33	5888	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5888	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
4000	BonziBuddy_original.exe
4000	BonziBuddy_original.exe
3732	BonziBuddy_original.exe
3732	BonziBuddy_original.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
4000	BonziBuddy_original.exe
4000	BonziBuddy_original.exe
3732	BonziBuddy_original.exe
3732	BonziBuddy_original.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
4000	BonziBuddy_original.exe
4000	BonziBuddy_original.exe
3732	BonziBuddy_original.exe
3732	BonziBuddy_original.exe
2008	BonziBuddy432.exe
5196	tv_enua.exe
3448	BonziBDY_4.EXE
3448	BonziBDY_4.EXE
2992	BonziBDY_35.EXE
2992	BonziBDY_35.EXE
3552	PickerHost.exe
1884	Cov29LockScreen.exe
4372	HorrorTrojan123 (1).exe
4372	HorrorTrojan123 (1).exe
484	HorrorTrojan123 (1).exe
484	HorrorTrojan123 (1).exe
4396	HorrorTrojan123 (1).exe
4396	HorrorTrojan123 (1).exe
5368	MEMZ.exe
5368	MEMZ.exe
3212	PickerHost.exe
5368	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2096	2916	msedge.exe	80
PID 2916 wrote to memory of 2096	2916	msedge.exe	80
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3516	2916	msedge.exe	81
PID 2916 wrote to memory of 3440	2916	msedge.exe	82
PID 2916 wrote to memory of 3440	2916	msedge.exe	82
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83
PID 2916 wrote to memory of 776	2916	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2339.mediafire.com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit.7z
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff8783cb8,0x7ffff8783cc8,0x7ffff8783cd8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Users\Admin\Downloads\BonziKill.exe
  "C:\Users\Admin\Downloads\BonziKill.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:896
- - C:\bonzi\BonziBuddy_original.exe
    "C:\bonzi\BonziBuddy_original.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4000
- C:\Users\Admin\Downloads\BonziKill.exe
  "C:\Users\Admin\Downloads\BonziKill.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:760
- - C:\bonzi\BonziBuddy_original.exe
    "C:\bonzi\BonziBuddy_original.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe
  "C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4372
- C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe
  "C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:484
- C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe
  "C:\Users\Admin\Downloads\HorrorTrojan123 (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8896 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\MEMZ.bat" "
  2⤵
  PID:4296
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:3624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff8783cb8,0x7ffff8783cc8,0x7ffff8783cd8
        5⤵
        
        PID:3680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffff8783cb8,0x7ffff8783cc8,0x7ffff8783cd8
        5⤵
        
        PID:3404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16879757720963316092,5180298926103259068,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:2
        5⤵
        
        PID:1160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16879757720963316092,5180298926103259068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
        5⤵
        
        PID:4320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16879757720963316092,5180298926103259068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
        5⤵
        
        PID:1520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16879757720963316092,5180298926103259068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
        5⤵
        
        PID:3860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16879757720963316092,5180298926103259068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
        5⤵
        
        PID:5852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16879757720963316092,5180298926103259068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
        5⤵
        
        PID:1708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16879757720963316092,5180298926103259068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
        5⤵
        
        PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11232848756022732886,9899685840003000581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004F4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Temp1_Bon (1).zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bon (1).zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5132
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5196
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5692
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5708
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
  2⤵
  PID:5856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffff8783cb8,0x7ffff8783cc8,0x7ffff8783cd8
    3⤵
    PID:5880

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3448

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\Downloads\Covid29 Ransomware\TrojanRansomCovid29.exe
"C:\Users\Admin\Downloads\Covid29 Ransomware\TrojanRansomCovid29.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1871.tmp\TrojanRansomCovid29.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5272
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1871.tmp\fakeerror.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1044
- - C:\Windows\SysWOW64\PING.EXE
    ping localhost -n 2
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1960
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5364
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5380
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5388
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5312
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5296
- - C:\Windows\SysWOW64\reg.exe
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
    3⤵
    - UAC bypass
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5140
- - C:\Windows\SysWOW64\reg.exe
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - UAC bypass
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5396
- - C:\Users\Admin\AppData\Local\Temp\1871.tmp\mbr.exe
    mbr.exe
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    PID:5892
- - C:\Users\Admin\AppData\Local\Temp\1871.tmp\Cov29Cry.exe
    Cov29Cry.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5428
  - - C:\Users\Admin\AppData\Roaming\svchost.exe
      "C:\Users\Admin\AppData\Roaming\svchost.exe"
      4⤵
      Drops startup file
      Executes dropped EXE
      Drops desktop.ini file(s)
      Sets desktop wallpaper using registry
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4236
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
        5⤵
        
        PID:1092
      - C:\Windows\system32\vssadmin.exe
        
        vssadmin delete shadows /all /quiet
        6⤵
        Interacts with shadow copies
        
        PID:2280
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2508
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
        5⤵
        
        PID:5380
      - C:\Windows\system32\bcdedit.exe
        
        bcdedit /set {default} bootstatuspolicy ignoreallfailures
        6⤵
        Modifies boot configuration data using bcdedit
        
        PID:5364
      - C:\Windows\system32\bcdedit.exe
        
        bcdedit /set {default} recoveryenabled no
        6⤵
        Modifies boot configuration data using bcdedit
        
        PID:4156
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
        5⤵
        
        PID:5140
      - C:\Windows\system32\wbadmin.exe
        
        wbadmin delete catalog -quiet
        6⤵
        Deletes backup catalog
        
        PID:4884
    - - C:\Windows\system32\NOTEPAD.EXE
        
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\covid29-is-here.txt
        5⤵
        
        PID:2560
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /r /t 300 /c "5 minutes to pay until you lose your data and system forever"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:6088
- - C:\Windows\SysWOW64\PING.EXE
    ping localhost -n 9
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:5504
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4992
- - C:\Users\Admin\AppData\Local\Temp\1871.tmp\Cov29LockScreen.exe
    Cov29LockScreen.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1884

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3552

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2120

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2412

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:2864

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:5660

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Covid29 Ransomware\covid29-is-here.txt
1⤵
PID:1460

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\a3b8c429de1245388039d5a77dabc2c8 /t 2892 /p 484
1⤵
PID:3808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
1⤵
PID:5532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004F4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5888

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d42683335720470299eea42db1278e82 /t 2108 /p 4396
1⤵
PID:1412

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\95634172a55c4c858ab92e69d172bed6 /t 4876 /p 4372
1⤵
PID:5628

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Direct Volume Access

T1006

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
068ace391e3c5399b26cb9edfa9af12f

SHA1
568482d214acf16e2f5522662b7b813679dcd4c7

SHA256
2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485

SHA512
0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d8469ff1d3e0e434f33a1c8550900335

SHA1
c738b3f5762b739e36999d080c3fac734318e21d

SHA256
b2b9f6ad2c8760dad312347531652ae864d3a9ee6e3872f267568ffb17f7bef2

SHA512
b407e04ec6ce1b2d231df394eab0cb9abc0e7deb58ebbdf0ccb89e273b097e396f42fa545eacf07c7c796f4b67976d9779bd686a0c65e28de338db5d0873c449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
cc6a7af85ef808b23fb0d7856ed6aafb

SHA1
9c32e7d7b33e9769211fbce53001a17848d546b5

SHA256
0d8b4860b16e4ee74beff0e2034bd195352dba61a455efdeb35d6ede7c4c7391

SHA512
d9e9086a0d6827ba073028b67a73e8d0936ff9813238075af53dd75af0f7417b56dc4642417ced05af36ec9e66bac671ab8ed9d0f73dd7b84a6695026ba2abf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
47KB

MD5
fd1f79856510e1cddd8141f1d82aff4f

SHA1
659aa5c13b63adfb1480856cf8da6acd4fa624f4

SHA256
d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4

SHA512
7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
229KB

MD5
aebe57422e9de65bde7cc46f4c717e3f

SHA1
30196d2984fd3b1205bc0210d45f5ab3d76871f7

SHA256
1c13f46d9f059ec811a2db7481b27e5a84af7d2d4fdf81e85c58f5fd7743537e

SHA512
f7df7d9b6026b8a987df64771c8569ac366cde7f2b8f63e4e0db6fc13213fc1f248c391c2da1ba8f9bbcd41d40a99a65c0312e346086bed4b3b30dd0232d86af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
747KB

MD5
e28bef616cb360329b8090ce08fb08c8

SHA1
238bb9401cb8e00306b4cebb42641dd87003e40d

SHA256
35ecb2b52d81b75c460f0a391cd904afa2864e9e008ac464269a39172dd37317

SHA512
4c05bc41ac672c90fc779990e842eff4b62aea197e9a39d6c489565caaaaddfe1d1f04a91982ff132d6dcd5bcf0db395a277db054f744771a28c30f6b35e6d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
32KB

MD5
11baba444fe6e52672b5c99c6a0d1f6f

SHA1
b8569340b6daea652ef46fa995900e66f819ad6a

SHA256
7ea0876f833cdd63dfd82723a277dea317b1a0e6172ad97b1df0f754a4c229fa

SHA512
975b280abdd1826c44a75c5cd315b75df151485bcc0cbad25fe12be842b5ac9bd99bffac0050a3610af0398e2662b8298fe1557c1bfc356bd7b9ea0c73b9b9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
32KB

MD5
6fc9442f866c703ef95d3f94f8724e07

SHA1
274b02589d7959b0d8980d9cf156ef0283b92cb9

SHA256
9366424be6711ecdbe31e004dc9d352d59f1d0211aa91019114182d3ae084201

SHA512
551a9aa98a580749e06a80112e8d2dba0bce430b037e2039ace04dd8e60ccf9d3ae8908af0f38224f517c8975e8162dc34d905cd245423d2ae56905d35f5e8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
20KB

MD5
644f2b0ee81b56ac7303031ab3ca10e4

SHA1
7ca67423f0ded5ff534f0a0d42df416b44d36805

SHA256
dda33f363084c0f939d6daf5e648ede370fe5be24bd408a6ea0e6bfa1042e6cc

SHA512
461b910c1c3d43d5e62ca18d8a2ec7c9a3db196d649c08ca56d92a8a5e39a991fa5dc53ee20572ecb93b3315b0ba2e2a0ba9f5644c61b2d2c81ef74c05abc39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
20KB

MD5
6959c9f88b6fb8554e6f425dde0672b4

SHA1
b7b9f19568b87b28475a84e85e4b21ce970a8dda

SHA256
4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15

SHA512
f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f6cd93e099c529da_0

Filesize
255B

MD5
dd2b99724632dd8c63a13f3823fcc47c

SHA1
3a4c7d605212a1b93c9dcbc3f347d3cff8dd57fa

SHA256
58498bd4746d9f12117babb014494f6c9b9629701d1a5bb950fd6ed60f38e3b2

SHA512
0e7601e6a1ebce4ddf29df75e2f25d386cbadd17be5a845fbb5ca92432da58516e006a194c763362f0212c165e3c36a4e5d53955d27b878d74dfce25f53d8622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bf2fc9a6790f77b501474da88c5d06a5

SHA1
6d8168e39f3c42e1b85ed022204e3d0d1e0b81ee

SHA256
38067794f967d2914f0a239b30cd4ede25013a6564e670efd9f49a22b74bfb38

SHA512
5b9665a90547e20de16b232e554068a14198923fa33f0661139774ff497d02b496fa49cfd1f894f8393138a868f6e80a39fad78a56cc2e4f91fc8146a2874a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
86b24a84def138aaf6012e531a339099

SHA1
7bb748733e8d98be5f7667afa04e3f239c4754c9

SHA256
84ffbe3e6a6d5de61e31a6d0e6e6666d9ae025d8f2db605fd55628b7e80b3648

SHA512
bf56dac59be0e6864a589e49bcb2f25e29bf11ea1971598a180e9e830f8d7e5d3c8d7d10f87a9e7ec546c293bd1de5db09eead7290ad5e6532bf933f1c95b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
55b1aa04a0814de4b5a28010379b0c21

SHA1
9ea5f25b9969bf7a32d44a75af1dfb344ea28a99

SHA256
df81303f008c866c34ce03d6ffffb4abef983758c0c530a69002800896a62143

SHA512
d9d9e80e55ffa091379e9a77db48cc162c5759c1c42d87d69e200b1f0e9ce4048718e16013d3ef874dfa20fd6ee95b89896c4366dc0327f2338ff3503cb798d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
9e54adf3273693031a9284c44509cd16

SHA1
d22067154863eecdbc063a2b523b3533f4843557

SHA256
210bc04a26f752c999cacf124c339d473fee2d86b87ee0f7a7c1a90d65a4a6e5

SHA512
5548e1a0566ffe64351b59c041ce1650e93abe4e3fa6241a6da195a72f6ee348e3cedd661a5873aee32a3028593a77f4e7c2339ccb5a0836448347527733f4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
cc378a6e1dd882d5a3f06e0a86f2cb40

SHA1
1864ab31513475bb583a843ca8cc2cbe0250e688

SHA256
618fbd173ffcd6e55360f10a01cfe6002656fcd3f7d231ff54c4a8db3fba0a5f

SHA512
146232e21f8ac1e3ca3f4c9973a09ff127a0de99b4edaac3741ae6e377a56ed80f06adebd339370f85e137ca057384776beee3555395c3b96ced77d72dbdd61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e8f177f6e374bb4b671dbfe3dd5995cc

SHA1
57a9e83f47d430cff66daab3bcf10bd68499f26d

SHA256
c6462ef430b1b99a19078dddca8f98ee90dc2251f8971af95c242baf72f21db2

SHA512
2e52e7294a569435cfdeedebfe03e0ddca12f0385560fc2f5a008bc1533a8b0b1930278bd3c8742bef99c8cbac0684544f7026923a040adaa770f63ca13d182c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
df962b8541da668f3b18531c2bb840d3

SHA1
e638e83d48cd23c11fee61629fc27aa027076cf3

SHA256
79bcfa03766d9b72558f8823e504ce0ff8c0812d35d1e00f272af500e897d2ea

SHA512
b23fdf80353f050334442244c92fc236a9c74bbb3aeddd5af8659683b83634f5fd37ddefdd1d9f697d5f6aae400ac94151d0c79da9f467f737aaaebf8d74c994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
a53be73b8458c140751ac22b83cfc6a9

SHA1
2f5e7bb08235c2ee8422c14c3f0c58c9663e1940

SHA256
711622b5b9b66f640ceb5580c177c6e07d9b7909db038df0920605238e220da5

SHA512
46e7f8f870f4f77a782a48154c0f1ed0145fbe5e7cd2e180104860c7a096ad002ef6ce2042fcc1f953b75860fb50e5f91455d99e3b398ba6d934e5c77a90e868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
07fadc6d405d212b74c9447fc642e2d7

SHA1
9947b9d97a776c04c9785efb6454fa017ab70815

SHA256
8f8d04074f1c0204702aee5ce3b20997e5a00a5435b7fa83c27888f3dd53dc45

SHA512
475d0744dd622becb2baf81c2d739ab5bba4c955dda777d6acb9b56b9fe70ddbc263687b288be00314a562c6aa9c66e912c4ae3a191238cd09e4c5f690b15b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
215fb38da4739381369d484d8ae64ead

SHA1
90de5a50a8b45e7d8bd652f1ac17d3cd7221576c

SHA256
f05b2c9d637bc4cca622d64db8454b8beecb73c0c6925ab376a3fab9de04be51

SHA512
628d25be7b213139578cc60d89a2b873bf72f838400554a7a85dac7decb349eb7e02fa9077fbcb073c2d0eee96def25f2ac25b3c5962bc539127424b34160364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
614baeeb106cc869300595ad1795e6f2

SHA1
96a105f13495209de77b8f2cb4341f2441e1630d

SHA256
7c7e34d87f705c1b3b9f6ba9298e7cc3a16cce9cfc0563bb8574e74246408c83

SHA512
cf3936d10c9edd3229e03f8c49783d11741ad504a549f2c4df4607b6e08ce521e70ddd05a31988d5389f1d049348dd5be05717032341cb40b5b58cb2db5708b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
596577c9410f6517a5c29292054d8d41

SHA1
7ef1e2a058b52ad4edd79a001927af2a89e7c708

SHA256
f34c7aa64e6f70bd3e767d0030ffb59f17f3e07c370bc0379b413f31094228d9

SHA512
1fb64ced930df3604a349148b8c02818e6627138be036434ab1bbd6f32605380ca758b98c857f3b2807e8a540797aa95c4607bba622132ae63d2e38e34a0f14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
075395e5e0809a56d29520cdb081a607

SHA1
fe6b797df25f345ee174d0f5b1bcfa4eabda256f

SHA256
33f8f3eaa4191e9c646a9e8cd41633435d4794ba5d63bb3068bdb7229a9a035c

SHA512
46040126fd6f1b54888434d965481498a8a779515940a58f82389a7104d76cd6da00be8ab0a1b86f0d5f0e650a231fc7e996e473618303889c151629354202e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
a430e29c958508d22384e2ddc793627b

SHA1
0edc7459d7e0cf3703a4bad0dafd66f983d7bcac

SHA256
565fa07b5a9ef3b1e800543c34aa4969f1b691a013b7e37a219425940e3eab12

SHA512
dc69829d2ea3c95b2aae39b6e2095b609f4f4e6a1f626971aaca07a8c9995f4c60d17136c8d2fe115eacbed0f89e552c70fc76e2e8899253b245550eaff696de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3808779eb6c5ef80c0da0b11d7679e1c

SHA1
46a94df311a9d9fd811be2100a1a5a14b806edd8

SHA256
46e702ceb83d71432b941764abf1d939098850899ff5d6f0fb043d058a19075f

SHA512
ef8dd6ba90723dd5ae863831aee28ebfc2f0d2ede21dea1d1f9c1a8ed35b2dcc38cd6031af90844c482f1f5518eb8854cfe3bca4b257ee4c14e50b526860b9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ead9b097299afa54021cd6364c6a0799

SHA1
3986dc4df93c112a41d8146d1d01788af813a0fb

SHA256
3de612892dbfa32e1faffedf7ac0d64c63fb10301bc25ab2b8c145b1e85421a7

SHA512
e2ef505784a970d7b2df495008ee020118d86ec348991ec98dca65ee111dcb0a9b7d8c549b6dd3692b243e9b4256152e1939fbfcba097f533e9a4896c3d02018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
846bf1e2426198d9af2807e5cd119c5b

SHA1
62115f29a81eaa58f541b1da598f62093cad973a

SHA256
36562e522db79459baa9d9e0150eb4c7a0b5d091b84fea67185b4d06ba9e9493

SHA512
afa9afcb976dc70fae4417b2466849abc3ab75b713e9ec7f3a3c3421d7ec0567f9d078c2e226a1d27a8fc7bd24737236646e7b628ed5362114c143e0feb413dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6ee59dd07b0a51f5cf2e0fcc3d81b428

SHA1
9a0a9772cd8eb383f1b237914a3c7960aed1e02b

SHA256
0a34ffeec3f10e3c12d995baad1c935a94ba5820bd01b8a5c9e2d25d765c646c

SHA512
d81165dd0ef89b44ce41ae54de5b67484d6ab5fd8b9186e8986c13dd98159ad908c6a63ff7a684c8941f4271c0be1d0934a502055d4e23bf2c6fe0c6827db0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ab3794fb8e665e76a201deb263bcbaa1

SHA1
395b9f711744020853c80c62b2a89273936e8ae9

SHA256
ddd2d5abd304391347557a7696fd141faad9af331fac5eec337b6ddb46d87a39

SHA512
8efb0f4a4c3c0c46b99b07b7d9730016d31e8a5abd7d3cdb28e9a49724a156d1c1d8c0e719e8f59a56958c9a91d292658c2dbc28f4b507a1e686015f67f7da5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c7ca5798a38d3745d0edfabda139fd41

SHA1
741ca96a91ca5a3e900d519d622ef6c1597baa90

SHA256
0a38522bed512289790b1afa8631bd01c15dbc4efdd53bfd813c02a822be9f1e

SHA512
07821eec5cf6d08b3fc9f7f2ce939032e735b47b36bdb16a4d8bb84dcdfc3204e25114d6a45a3810ccb450b70f6f78f1ae5479d4d717d8c39e67a1c3bda06da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
25900b63844b6987890a974bdfaee6f7

SHA1
011479465e2be2e46fa2239ece3f819bb750b9d3

SHA256
89f67e009734f0e3abb2122e4306ca5e32a52e56a9e166247f2593a6e7fc33b9

SHA512
b6bdc8d12b2a13e1f243b64336e8c01aca1cc057b0a9d36059d0d17656e5dc59ab0562a4559fb60f3499825079efb622ff7251ca427b6d755ac6b3259010780b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bcaeec193d487bbeb7b1b6f383377e85

SHA1
40c9c088afe2bbf510ffcd05ae879c195d4c6ffc

SHA256
a81a97856045be4608caedef0f0d9de54537954a4c504e2c73b4c25637980bf3

SHA512
44a46ffedcb83508dc82f59dffd6e994ae525f21294d7a6bccd66bfe9b1d3f9a90e7de10e8558bffa1ece1345b27deb5f419fe58ef51e7ec691eede74cf5ebed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
79d189b67f70009c0f382c429d891907

SHA1
ca30c651ae9151641b251f1b59ab09364efe26ad

SHA256
0ef6140e8645d703d661c2b39fb204de405f3bf08b8abab12594c3dcc30aabcd

SHA512
39387298520cd7c5cacdaf1e906a1ff6bd1176969f9f380abbcf3ea25793e467b35a9fb204fbf9dc2a540f88f233326e6fe1bdac250ae077d0157fb3e20bd3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c9a9f1e1defe4adf9316b32f0e1cfb9b

SHA1
b7dd76196c468489088167889e35cc1a1aa125a7

SHA256
8f470e87c120714b4f8ac35d4bac6c83095418141f25f9d8114de87be31e3e53

SHA512
da6f72a6410d19b8670681bcc0ca7a4315e2a9d17ef43c96e761de1ebd52c31342623e4060adf9899563d00873be78709ce60f37b4a1255eae71a89fba0e1d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3d3ab9963081f95f6d296e9485081a11

SHA1
6f250eaed4161f63ef37e03d9036ecfeb64b74c7

SHA256
7cd0094a82343b47985ca1895bf036aedce32df02460f20aea80571ff0fef393

SHA512
47d47238aee9c2e5be515e82fd7f7c7b575e36fd39f958deeb57af2260a68757f3272b2b115c3a2f5f7802b9d3c268e18901342f3c0c10900c0ab654a1cfd427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
120bff32d6c6c282a7d7d7eb217fc606

SHA1
401a142142fef7a8824f7b1a75551a629ee4b32f

SHA256
ce5145fca0a222be145df9b01c756fd76068aeffb9275a19d51b66c58479cb22

SHA512
a943fba55712a2985962666eae5b7d49ff083fd7f08106a57c7a566e7fbb82d1ac35899314a0018546385cfb50ea60ade255382ed2b6dc5cc3d27ef751bc4272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e359ab50bc371a6e0b197ed5ea0a8d09

SHA1
654d37df57cd3b01244a63a36f3419fbf210f87a

SHA256
797f3f91afcaeb1190c8bf722447779a03a4d2d20139b77fe2bc14905191ae43

SHA512
7417dfde9feedabbb54c8c070614f195c914d84f0a8d0e48706b401eae972fc6af4a250fe36c64d746ded04fe215f816663bd5e9718e0af35a5e55ea0b421979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\17d47cda-0ac7-436f-bc7b-fcb84059e105\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f2a7961-7e09-4008-afa4-eacb5197a94a\index-dir\the-real-index

Filesize
2KB

MD5
7ddc487cebfbe1ca26f31cf9598a9f44

SHA1
4cd62d2327a6ae56ecd8b2d7c6afd0cdf8665a47

SHA256
b082ceb51cac7342bb8b54b3475dac0741c4cf2610e6f48a349df2527f47f26e

SHA512
c3780f89a04dc401ec8cc60a2f01f63808eac83b10e8645019e9160b85d810ff86fe49c8c6aca0501448683301bb371a1da3090606cfbc548777ba98662ce7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f2a7961-7e09-4008-afa4-eacb5197a94a\index-dir\the-real-index

Filesize
2KB

MD5
2d2e4607e007ec71f7c1312f655bf77e

SHA1
7871cdd3d71c379690389b358b63ff91c6037c97

SHA256
64fd9d06890882f655a4ab501ea8d037f345dd59ca6ced8d5bab2250f5fd14a4

SHA512
e8604277cfdd4d595cb5e9238259fa3d518bd250003232775253e69bafcf7e20e06392868874a2245a2e86a4d2dd7a7752cb01cc50f89647a3b4011ef56bbdf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f2a7961-7e09-4008-afa4-eacb5197a94a\index-dir\the-real-index

Filesize
2KB

MD5
81c06552d8e45ec554def8c98fe81fff

SHA1
a685bb9a51fd55d4f9d2d171dcb86a4fba6661ce

SHA256
7cb02ce89b026a5580ca97fc431bedc281d774152c24c7b12c964fa245182189

SHA512
a38701d022a746ddda446fad3f556fff03fffd53eef48f1e4979cf535883ff7093586bf740495392fdfb1b2c60879a6d1296e3eab212808220265f1dc5856ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f2a7961-7e09-4008-afa4-eacb5197a94a\index-dir\the-real-index~RFe593e57.TMP

Filesize
48B

MD5
5ab8bf7668d1186ed9fde6d7be4bca42

SHA1
1745023585a594af9983a531ffc1cc75fc74ab24

SHA256
25881d9d621d259178c2b6e6e8929948bea78d4c82d488f2ef462d9817b3c55f

SHA512
f44255dbbfc1c7d747d5f0f49615fa3b09edf7938275e3bf22b36bd469b1273d5e012b9fe1ef478d437f73e238a75a2cd0320597869d3cc1ece0663a12098c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\47976c0d-f171-42ff-a882-68371bc88828\index-dir\the-real-index

Filesize
624B

MD5
cfab04b0561262123e1c6de236730c73

SHA1
a490b124f00290ae155af840559b0f98aae9fe46

SHA256
0b2876ee71527b1a273e770e8cb2aba2e408151b5037f4c1df260131cd41890c

SHA512
f142dc918fd76748966cb1baab7ac72327deb829c81fa8d4837cd3a0d6d9c7b80e7c1b342cdae2f4ca79b2c272d503502556d704d56515ae7057491bcab188f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\47976c0d-f171-42ff-a882-68371bc88828\index-dir\the-real-index~RFe599aa0.TMP

Filesize
48B

MD5
6119f5dd111bb94a11e9e9658afe6523

SHA1
ff9d2e204262d4d329bb2e0f7859e906c23d9eeb

SHA256
78bab41918ce9e4b16bde3f709b6dcb0fd8887f534f7c39460d79aa5d13e9937

SHA512
0b8a3d014fe5b662daa69af687209a25917e8fd1078ebff7c5fcc73cc63fe226a668b4f5a35c7924d6914f2bca75050bd8dad62f95c5136b0640ccd607684b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
dcdec2355c49067c55b6e07a0d64d577

SHA1
4d0465b1d0d935eb8ba79b3beb0da2b6a1bdf36f

SHA256
158cba9c51722fb91cc27e6c6a4cc9ad4a0996eb91f1e8dcf68babc7b8da0645

SHA512
12b32dc49c860e8b16960806eec84f7790507712bea3346640db388406db8d32065fa161104635d32f9245fc80ee622df608d2a0bb70eb2bb8db819234aae487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
7e6345d287279fb815f9df6707c1d5ca

SHA1
a41703d5aa1da94e964b924bfd6cd3d50130f55a

SHA256
ea222b4f104881e4da7561b46d624c04bbb2c397078c5b56c5ee8176bf7abf41

SHA512
ff9ceb79a39aff2b4f32304cb14710476058b4a64690d3cd771ad6c40f6c66b27407883001f5e0ad5e5cbc41795e86e48a02bf1f978cb38feca36d8f3a3f1e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
ebbd03c261b60d0f8ada49aaedf3a781

SHA1
64fbc6682142495ec957183b8758f02d0927b13e

SHA256
e4107f40218c8b340e9714e3a3bd202c40cefb77f31f9c10415f77647ef96f12

SHA512
7058eee8e98aac8ae17221354bd4970ac5f264285d6cc11d4c015276f554d75791caf9f66710e14348b99fc9ee8edd92796e91750c45f67962aaf1bab8956947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
10567f046ba4f9fdc23181ad4c4e0291

SHA1
2708d4430f88a87913851f3f61a1349e1d87a0f7

SHA256
d838eb70e81b1c28020b90b33ed2debfe9fd0a86ed09532888909593d26d96d7

SHA512
b4345142453163c71f8b8989f181c8130160078b635fbacf71bf04b260ceb54d59ca62465499c667a0667fda553f660e3f0796aae959f7150b44d9c5df12f7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
eaac0e4140745512ecae87950f241226

SHA1
e367fcf90d2f45ba2ebb64517a4260c7b07f9e6c

SHA256
5a304ae5b19dbef6d4e44877cd0048e3656e1655b9ebd35a129317a83f829e0c

SHA512
b9009a7c11f6ddf3f3092b96ba9a8f88c3cf7505fbc090ae30cdde6e0108f399aff8b6709528b52d45291485b37614bb28dfce5ad2144dddb09ccbc61450957c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
0a65a5705cf1cd2f12e1da3867edc9bd

SHA1
9380c9061f75d28de797beac73a92b5b79e4be16

SHA256
cbc61bbcf0109c8c66e1bc16a3e948cf4715f1b8ec409f0e3afb5d499bc55a55

SHA512
477d525c55c2bdb1ebe2662b088f05f7792b864617fdcaddd0a98a786e201ab804f3ca700c368957ea74d9d1087f6229d354c89d839552c078e13d6e5f7fc34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
f3574a08187b5c169457bcaf824b641a

SHA1
fa499f80b4a821734637956fd48b740729204674

SHA256
057ede26049025a840b7c56c2964acd0f083477492c362e18aac3f7743c86213

SHA512
3017648c199b0b03a28ed4f7e3dbd6e0f9572f3694d11dd6249dcd1bd8626f130a581a18865622bba68e6b4ebe908de304f5914b4d52e531f8b2773700904415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
d6d7121cec8dfa7274dc1f8d65796de6

SHA1
9e27ad6ee3b3aaab533d1788924e74db4cba38c7

SHA256
03014569ca29498435c21b50a778cf370f5d8826b8ee303514124bc92f15658a

SHA512
1bf9c4512988c1ec2435eb05c9602457128d75163d614b5ff3ee8a571ac016b8bb833f627a421d145af6f77f56bb1f35367218ba97c94f3c40ef29db42b4bff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59192b.TMP

Filesize
89B

MD5
12588854d6ab59597cce6d0c05e69fff

SHA1
545e07e80cdac744fdaa953afd8e76489dba528a

SHA256
9e0e1d873fa54f451ba6fc70b5c33c47a804ec9489c138c746d6fc8a8ca34073

SHA512
c3e90b48087641718cb54960615ed7943fef203dee9de1d65fb0010e58706fb0fce082c3131143041160b9f196b654f2d24b70435be00ca06f8d9ab6cfcf5a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
16KB

MD5
c4b90712fea18376bf5a8c26572976cb

SHA1
50e26b5539742cb05bad40440c71b4350653ee0c

SHA256
44cde5536448b5904145f93ee3e9c8273a40bc5e711fefa485a1cc6aef5ec531

SHA512
5dd185c0529f2019b69cded80442e4198317b729baffd5ea6f2d266da4f6d63a6a48000e5447e32e2747d8ce6abb5c77eb852a2ce75b6b882a8da207e5f75407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
153KB

MD5
601ff56d3270d06bdfb5befb6710b95e

SHA1
30e72bbdfa7039b6757b46084fe5b74b6a1fd6f4

SHA256
a5e8d224663f584a9c6198f29d05b0d967a1b306ced8f29505e7b33ee1ca512f

SHA512
adf26c6611a78f1f589a33157ed557a2b7402814791afa472a6e608538b80b1168652895a64a9d876e31b84ce5e72d769b5718f6d8d4a93e12b39d9f9d339719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
349f53ad953d1ed15dd12536c96bac6a

SHA1
7bb715d86ea3f3024dfbaba62862e268611dd848

SHA256
bcb89e84d6e9dfc87256293aa1b5529db1068897b4accbff68c8b5ea9cdaacf1

SHA512
ca05f0e4a9e8771f6cee4e8b833b45120f329b29773a1b7a214792af2bd6f87431aa7dc1c9d80b0f3fc5a5239fd33af2dabfe6dc00728feecb5108f250dd1b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599040.TMP

Filesize
48B

MD5
9b2f9dd8fcdec48d696d2540857e9594

SHA1
9fd214b2ba1e7032f23dcc3d1d651d26a1f8fcf3

SHA256
91238b996a968082acbccbf1b124f7ab2b0957652bbe698a417e7194912511d9

SHA512
89b77f571096a8c7072ffb652e5ca8f124396dbdd61f4b3de8042c0bb07c4365182c014a89cc6d8ed6d0be94e82715d2050432aa165a74fa95516ad969295306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84b3f03b90b076a6c6c788153f47304c

SHA1
38dc62393970a073f0dd72d42e51ab2838d39d81

SHA256
fbace083c3128651736d72e4cfa87b63261c3eba94b5b0e1681184d62e7e040f

SHA512
63bdafd929d062e82812b3387eaec40c09cac4ea64dec858fe7b418b27f2689b70957550f64782026a3eedbf406590383ad258f6beed18834b40b2edf1cd9d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
921b911a37cd8e05c44ef116d9f882c6

SHA1
4e80693a29245dd7106eb4f8c70d028617c3bfb7

SHA256
fd1ff65cedfcba86dde90976e66c731a812c612d9902172b8628246ffcb3ee08

SHA512
4338726e8dc27dbcf031a4dc6ea7631ff583c190c8183234667a670f125145a153a843c2cfd24f112b391f307181b989ec1f5bd11dc012eba9c6783d7d3e1feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8c1959b5e67f94a6ce1e15d280f37f92

SHA1
686f85b41e66fd3f1be0b815cf6b40ecd4d5b449

SHA256
6c8acb0737c8bf5788758c66474dcb5de2a7c4fd53df0fa306459671955aa642

SHA512
ae03353ea1a4fab228258c0e7c65ed1476fe4ce4ae5a3d014c356911198287d345af85ac47cdd7d7d5d15aaa4ee345a5663b35ef1a5b62309e19c83bf1b89c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c2489f1d06c08dbdfaac02fd0275a613

SHA1
96d5324455b2a36a1173ea1cccd265d255d6738b

SHA256
2ede23c3f25c5053da3bd5a1a3381b514506c4dfcb18449a3d3c805d8c945be4

SHA512
f85273bac29ae6d7d0333b09f795f7b4ec80d1c6e83f083c9c076ec216b0b31d5ba974ab681d03c851a62a1a7755cc1529c1c91266c3552185b36d1a48e74f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1d7012ea292a99890fbf45b167fa8845

SHA1
2929f7610791c8f16b5c03fde331af194d29ed03

SHA256
8e62dc703ce9f758af4de16b31c6d98cc25c237d2e6b9c8c971b6fef54a49b31

SHA512
233a1c2c3c4ecd79f2c38ccec4f38ce8cd32f930facaeb1a6724fcae09d21f56817b4d8d11ff1c9318ecee18ae1962c2c7443d8e668b84fd43320fbe8e421a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a69f4a046b35a38e15abf6a4238282da

SHA1
1a969eef21c96fdb4da4e89c51f70f549095aa9d

SHA256
11ee7df7a8cd4d76a1aca36a31736daa688244e3b0ab3ec9ec5c09210bd179f1

SHA512
258e67cb63e543d59a293aefb2b6de050ba9f674a3354170da8f41efaf21004671a78390473c41be657d88341d46562b82bd17efc62bd0c9c4556de3b6487c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5981d6019f0878ca1d5c6d9ef16e46e2

SHA1
6872523969411fcefdf8cda2979d771a9d8136f8

SHA256
49a069f7d1b03da364d633a47d5ab0d7ec0cd62ecc5a3078897819304dc73a96

SHA512
f294ccadb9ea61b02ec81f0d61934ac8b1409cdd73f98f520294260da2de534599ca727e6f69501768425aed6cc345355bdb2a85c4ce7abc5217d956ac8bca12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c51132d92c6a2a8b26924f3d08024d4c

SHA1
b9ab21d2972d81f6866a39f14486f4d4e324e6f6

SHA256
3e7e1527354a3c9579463c1f70b2f14929efacb9cade6ca232253b9092c5166a

SHA512
6c12d54b707625554e96caa81338ef6d0d94205436862d71cf096868143f490098c3f8265a5e991d231fd0993b1fff1abb71a7163f851a239161120e56a0dc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
996e133aaca652b7082dfc5bacf3676f

SHA1
8b3685f9cf965fd4288326e6d4e61e5939d71560

SHA256
bf82b5d144dcc17c55f75d5d0f3adb3932e01450849fd1748925c4b177d86ae6

SHA512
95a61fa2434f5e7dc18efa50b9c831c3a4667b8128f4c439aa005690ec36472d3ffcfe05f6e8654530d6b015887789122d8e1f5d30c878965824c8d04ea58b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
058c241b87278df17f0823809b353aa3

SHA1
04aac0a237e765304f112c011f0b962d61f78f36

SHA256
979b0620e8c402a89d50dc98d51f996d0def6daaf5e508fcd289f6ff78b8de7e

SHA512
149fdd2677923dd37c461b27bd20c2035e07c0d9c009aec50a2acfa93e9db73a662e4f2031f66b2c8dff35a82b526750ed2c58a2b41b507784ea10d38e41f85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2bafb9e7ad46093e4449908dcbd35174

SHA1
1bac4a2eb1a05f1d6d86e48446cc36e477965f5e

SHA256
a24723e2edb166f967f728b15b6b67d11a0cc63af26aa6ac4ec183b5423598e8

SHA512
6506fac042ddc99876907b5f1b8e5cbb07f01f59241441eb86fc088750ab3a82da2a3ba3d2e757c73c4d8830e2d06139d05c0e079e39f5184682f7c091191b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ef4b351fe9cdb00b6bba6cc21b0ef8df

SHA1
c510338b992a53dcdbb68ee83e07bc63aad65669

SHA256
d8c6700041f2dcb5435384ffa8507a7588d82ec4fb514148b27a6d767b3b4b44

SHA512
8f155a0bf8fd655d8c9dd5255eda98559267d455cb0a6b65ee4ffd188b8f450f600594f9c08ea2770137f733a8bfc9615737eace068ad108e0dd0cb701817da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7a7db998aa7c48119fe703474afab87a

SHA1
e44002249f2873452e37963fbb049e955fb2d00a

SHA256
a23b6c93f85351fb6f0f2a9e48c19c54668e4e216deea51790491aa9469d1ee5

SHA512
7422b6dd079dcc867dfd55cf12b4e15c9d4c5c381acb207178e2a7e959bec06409722402f2ddc9224a34cc6c0a798b9f4df1e32c1dee97387bc617951531ab86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
83b5e8fcde85d1b52e11d11876767b94

SHA1
f23ead4ac1ff7e09e180055e9a8a8127e2eb1e9b

SHA256
8eccef978f259d23f8b96960264bee2067363c51534977a86a332663ce33612d

SHA512
cc6d9b1b46d1f7f5cb91b7fd98c8f9d7863ec46f6ca1e544a29906d9a1bc24ddab7e163f788bab7b9c08c85c2171b7d5076f74d98bc5bcbe89411d1e268ce3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fccf.TMP

Filesize
538B

MD5
f320ca101b2229fe23d833d84d289ea2

SHA1
ee6a4518bdd7ed002cfea484938a1f1e8d318e48

SHA256
a5c5ff5dc335024ffe49b4ecd66bc1fc0b004cb36a24a5ea69dbb6352be681f9

SHA512
648871b127ca2f7ee0b5323035493df8734d5f30b3de09673b01609078c596257d60d3a9eb01b99b66726c268cce7dfbf04c3e62fd8cf5db7a0bf182885054cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cfa16f59-bb78-4662-addc-604af2aa15e4.tmp

Filesize
1KB

MD5
d9cd0afc30ce82db5a922f8564b6f50e

SHA1
be23d5782fbdb575de1b633c0b02381b9cefe8ce

SHA256
a31a586dacce5d6781b5fdb63d18d65152143b8a00431bb922b24fe5e40e4d16

SHA512
ac052925a90105026edde0cb98e675c24ea64b562e270818f7e306df5e2466d81ad7064297ab93e0eba8e52e36bb08670d640a12995956e9fbb60bf75466490c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
39dfe371d509a490f8bc37583f552ac7

SHA1
699706417ce2a8277e94c2dc6381da824e1d41a4

SHA256
75ae5d098dc06f965b66710f4499db5e0e6f4cddc7b469fd524722d37f50b580

SHA512
a45db4d73c61996ecc4f59e1db4e931a7d9e8b84339eee6b6ab51df642dc37daab6be3802dc03865955108b3de7f7d6514de6418ec72f8ec8c8f9087e3be1844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3de77ef3a778edb6f138bfb362170c8d

SHA1
31d1227d91af4aa583e48eadbf030f76293026a0

SHA256
15ff62189a1eedf54830c694cab88516344441079dcc498e52c68fe1c4accf2b

SHA512
0c3a641ca479c2b4f33fc436f92c3c7ad996753f1e28dd2b319d224c4b6548aeee3c57c65ee95cdb38f9721089bf61b5511ec2894b49e1deaad326a4bd393d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6c4d7a56f9059019370c1b0ccaf547e

SHA1
eda8575c8d051a046037a704285160d15c5e33f8

SHA256
b0d965c82aefa2574a3b9cceac8db041e71c4620abe89937dcff8d7f0114fceb

SHA512
cc0ce8cba206084c1993ed447622fb839871accdee56c678da7f5d5e436598d0fe1fb5fa3c08cd97c6206ecfc6eef687ef9d635052e997ba59f3e7adf2ef781e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e913d8e04fbcb83f17a1dd1a9ab909c6

SHA1
41701c81a030960b64df16a84369365d4ba39717

SHA256
0945bf8a84befb00824a603d6b02eaeac801fdbb8a59e460ae9ae3ad0ec6256f

SHA512
16c96def111f0dc3f0fe27e46bf1126507eaa80ec64a8c2e104ec0e02d7480088a59ca1d6d183502a421125acf35603f2eeec092a8f810f112bab9822f9b3426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c83adf4ddf5697c288a2a11c4804b2e8

SHA1
ce3b5ab858eacb3f5eec0fb89c1e2f0ff0e2ab39

SHA256
7f63da53b035029d07cb498d27ae80d04aa078f848614d54562ddf8e8c4dca9a

SHA512
09727d0ef2fd92bdc5790dd5cb764d6e427490921c8dfe238292c0b5a6f86e80967e1885c1dac35dfbf95b73bd66423d7772caa3a39202cc55b193dd8a38ec9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c31a70481451fc3ee7e3c840989cb3c9

SHA1
ecf399d679c7cb25676666c31e34e5dc064ef537

SHA256
31a04c90b8d47dedc299587c5a1d64cc8b6e7a81d1fc7ab24a322d13ae6e44c7

SHA512
b12622ecb0768446deb7a68a0701f8e969db570c1f32fcbdefefa96b93075f0fb1966f0127b5c58fc55b4d0e72ec96f0c5e590939b680c0345ae536b619e8100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
470362870aebc446084ab0f82028e352

SHA1
2d8cdeb473c1a9356437faaf2cc88969d4d66d37

SHA256
d1f13e3fd8c08f5f34a12ae3e536c38ecf39b839e75b32b08b3eb2bf044895d9

SHA512
3d1c51abce03b12c9d399b6ac436973b4cf9406c0efdc6d459c385664db3d947ad171366bf0c69e12d8c325a306bc185e9cbd519e088c397be340d9c14956054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e931f9a553337410e881d3a8830df804

SHA1
e8229f731b43dee280841111639f41d05a43bec6

SHA256
4bcc3e9158925ee97d976b639298f25f2252ecb44402a6ad53ccd7c343dd5f20

SHA512
eb884cc12067d3ab7366691dedf27a34498bf7e7f0e3cebafd47a35db89df802965c83172ef884b91dd5bf0647463fc94e5deb4388d057329070e146fd5c0135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
400abedaa14f2805bc588907305ba452

SHA1
66453fbb11aa5ab3294a00cecacdc22e9b0b500a

SHA256
72fc4366f06e95f853778cd1d33e43bd67f431247bcb7a9f33f5550d4a5ab838

SHA512
a9ff8e0c2733fe988022200202316de19ec3dec962cbf75102b292caf9d782a563a47dbd9480675c435620de6875231ae9475a1d43f68e4650b3682b22e89fee

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1871.tmp\Cov29Cry.exe

Filesize
103KB

MD5
8bcd083e16af6c15e14520d5a0bd7e6a

SHA1
c4d2f35d1fdb295db887f31bbc9237ac9263d782

SHA256
b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a

SHA512
35999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1871.tmp\mbr.exe

Filesize
1.3MB

MD5
35af6068d91ba1cc6ce21b461f242f94

SHA1
cb054789ff03aa1617a6f5741ad53e4598184ffa

SHA256
9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e

SHA512
136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP

Filesize
6KB

MD5
7eccc259af24ba7a5a0638562536068d

SHA1
acd3e0fc2e10dfb2e57efa608a60297efb32e54e

SHA256
2e682f6b72fe7f464da31c01cb4769c8fcf556957405740140394282d4fe0db7

SHA512
7fc719c7c0499efc6eff2594e1e46390a421db4ae6c36c5f8822cccca52cedf6be4d9282e49db246a9533fcb929a70cd4e7a25e09984f69db2c922f6c4ba6f8e

Download Submit
C:\Users\Admin\Desktop\covid29-is-here.txt

Filesize
861B

MD5
c53dee51c26d1d759667c25918d3ed10

SHA1
da194c2de15b232811ba9d43a46194d9729507f0

SHA256
dd5b3d185ae1809407e7822de4fced945115b48cc33b2950a8da9ebd77a68c52

SHA512
da41cef03f1b5f21a1fca2cfbf1b2b180c261a75d391be3a1ba36e8d4d4aefab8db024391bbee06b99de0cb0b8eb8c89f2a304c27e20c0af171b77db33b2d12c

Download Submit
C:\Users\Admin\Downloads\BonziKill.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Covid29 Ransomware.zip

Filesize
1.7MB

MD5
272d3e458250acd2ea839eb24b427ce5

SHA1
fae7194da5c969f2d8220ed9250aa1de7bf56609

SHA256
bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3

SHA512
d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c

Download Submit
C:\Users\Admin\Downloads\MEMZ.bat:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 147816.crdownload

Filesize
8.4MB

MD5
2b71cc65cc949cfce47107383f9bce29

SHA1
a57d725a4cb391d4ea02a3c4b5680935f72669cf

SHA256
a513325690cf5bf2302ccc34e2264a8a48270de49a1863c018afed246472e37a

SHA512
158d6e92839b4d83827832e870b4e3d2c8d388894dd5a194abbfcf4ad228fea7e83543b6278cedd6fb2b92801ba102178a962c4d4f0868e1aac62f50d668a824

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 665409.crdownload

Filesize
9KB

MD5
1c33f99e8498b7ddc1a5d2a194b72230

SHA1
3e93d36f70568e5899652ab6e24bec9f75584dc7

SHA256
fb5582429ded721b4853f64f75c157b5e6e3f30a52c9b7b946190dccd52b03de

SHA512
466dbb123cfb21461a5f94aae4898a537f1bd22a0c5112bb79d5462a9c7ce0409c0511aeadbf0ef5ba522703e0bad18dd68d2fdbb1690776b7e69de12608a404

Download Submit
C:\Users\Admin\Downloads\a34e81cb-a7ec-4d6b-b686-0bc72e338988.tmp

Filesize
4.9MB

MD5
25c96f9797e9de5d8f3098f98895e7cb

SHA1
5812c2f5f958ca5fc5b7dcc968b483dc7b348285

SHA256
4af11c445f312d6beff62e8ee59788b1cf1385a4d5539bdd006e5ce59ff659af

SHA512
405f0c73e6a000eaaea3a8cfd49d39d42af99477a416d160f4d7c3b481983a2bd2cb25a19b7aafa9eab25d9f9a7569e9718050cc3d627906ba05100d2ca4f42d

Download Submit
C:\Users\Admin\Downloads\x

Filesize
4KB

MD5
53371420d11f40dbe55ebe0af382b3b3

SHA1
ddaa8824525e8d7a6efc604710a56f511a4afda4

SHA256
ef13ebe0bf3f560e9f08daa62a5ce59c5913b514b5bd0be368bc22fc85b51cb0

SHA512
5216199effae52c0d84984f8cb0574e1360d0b7d243c13a9c482c20c999c43ec8df504003ff2b071a7d673d9e44d7277c40560db41c3f62f0b332860e93bed67

Download Submit
C:\Users\Admin\Downloads\z.zip

Filesize
6KB

MD5
b299bd2ea62a3798465208b7153946bb

SHA1
341a96f1c79fbc6571d73f61b43a7554a72709c7

SHA256
e19b4a5672907931803f20f76445441f9d73a149ecdb43d40d6815dffa401aec

SHA512
9f187b738ccf2890adaa8bb6284ae86ac915ef99c9545e91fded4bdcd0d7dae51be743bd76dda63c11e212cdb516333241770c48911c80df1c048d604e92ef1d

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
C:\\bonzi\BonzVir.msh

Filesize
6KB

MD5
0cf59661f4b25d7bce496b51264cf6ef

SHA1
b55d3d5326f38f3f7d3ed6595754fa69113843cb

SHA256
14ed561155ef917214695a958392fe53295e1b972bd247da7672e7d38cc4eab2

SHA512
b0115fb134a145df36fae74791f30f4e43d24a049b0ad290e807a82574cc0d12ed5ccc1824e6a241fd0346b326493c359978071bf820d30bcb6bfe33f486902a

Download Submit
C:\\bonzi\LimePro.exe

Filesize
14.8MB

MD5
a6ba111c7ea638edac79ce34bb7a3de3

SHA1
903d1af04439189479bbaa8eee77f1503f1c54c2

SHA256
6c87657cfe2d7576333c2887d90f543c8fd4241e50f653b2c3a95efff2c4a268

SHA512
2b32ca91b42884cbd134d3471db74995321c1edcf1b2d579e1f0da4acbdf70ad08e05407bf93d711d966e2c3c5a0e25bc5338de5fd878a5bb0823010cdcdf9cf

Download Submit
C:\\bonzi\bg.bat

Filesize
397B

MD5
74a195bcfa20e10e672d8681831cf280

SHA1
b6a75cbce94c208c6d7f13280788b0f4183b6b7f

SHA256
c40a459f38ec341892f062db191889353b039efc613ce1870da6591f27952e3a

SHA512
e800011130350a3df02d406bfd002f92eeb2575cc5d314ea08111ffb347c64a9e8e04dcbdcd217f8c7d176998d4b4b804437b221d5a945fa5e65942366c3e2b3

Download Submit
C:\\bonzi\blue.exe

Filesize
120KB

MD5
c3c1f4ff433df26b896deddacb5817f0

SHA1
45152ae046f3e2d5e274feb6a04fa6af59a68740

SHA256
bc8f7334495c673dd646d092afdabbfb84edb5282a25d9d8b1d3ceadc019478b

SHA512
faecab59d8ab00cead2037ee30435fffb25494b5889ac5dd003fec5f3a0244a2e450425838456ff5ef11b8c674eb85b21ca68c636cdec593bbef5ecf2aba0561

Download Submit
C:\\bonzi\bob.exe

Filesize
37.5MB

MD5
a7bec276ba3a17576158a93d459b5949

SHA1
63d6d8bd7b09afe34147dff20791deac219d71f7

SHA256
407c9900fe5190df594a3ec97b17fdea941fe801e644013544b52a6b5afc6b4b

SHA512
f93da09998f257965ebed2e8d95f3f4728bbb61ee9eac5e1f428841a23f69eb122d0fc43700165d9a6dc6f3cb22c8cfa8f5953768366697bd00b63964addac1c

Download Submit
C:\\bonzi\boi.bat

Filesize
1KB

MD5
e3fb07dba9803c1f174b725d2a05ea51

SHA1
98fa2129f93fd56493914d527f07f727c2b45ebe

SHA256
a7a14afe50ac26962f92bafbcadead48ca2e8fcb546cb259819bacd8156fae84

SHA512
ab3e817ad01e94ff8a6c58ca89d64a45077f0de49ea8a9e7059509cc7d694a005deb9043897caf060d0a78cfb8cce54ebdb9b3cb0653975771b23340d548dbfc

Download Submit
C:\\bonzi\china.wav

Filesize
2.7MB

MD5
54c052f317d02d6129afd7c565b046a9

SHA1
5ab2014eb65fddb8a5f9c68a6b375dccc45916a2

SHA256
b1ed856b9ab097c8ec91778a241443a660a7e0ed5e3157a181a22dba1e31d55b

SHA512
200b66da2aeaf9c7502857e4e6d2d5d2294e3932f2fb7c3dacc9e161093c479028a3cead0dcbd9acefa46652406928f659b51e95d8bb2f0b0d93ce17eee6b2d7

Download Submit
C:\\bonzi\clippy.exe

Filesize
228KB

MD5
038bf1f54a35164fedb79e2319e1bc49

SHA1
e92cdbb5bab92ea3f2d6b0f8f40a5b5df199c6a9

SHA256
655a8c2bed8e2d85b24525aa426e5d647f15ddfa156967d64f144c497e8c9665

SHA512
5928082b8fef2a491eb84ed4ba01c8428cd96425c8c2d433dc6ef80d9c0d4866bb9c20871c6d1268824e435f42526e4e1eb468fe451f0ef02710edb35c08f1c6

Download Submit
C:\\bonzi\dicks.wav

Filesize
5.0MB

MD5
fba01dbcd05f71566cae1e56928ee875

SHA1
0e387de1ad68776f610e8a352cdb4034420500c1

SHA256
af11d1bf70e77336bc59cfaeaa0ff6f916d3be3154185ac80df59861eb19a99e

SHA512
a6586e6fc7c765d77fdbdfb474408648df5f54707530614e097e06e23320eb610e38768415db3d3d1f6e19e48413d8993983b6fe48c445af5f0df26fb6714003

Download Submit
C:\\bonzi\end.bat

Filesize
73B

MD5
83f1281124f33a31fa88e6ca1c7c503f

SHA1
35f7824bfa87a40083e57991f41abe01dbc6fd94

SHA256
e923637d148d84c9f99bf50e1b1ce8c262c3a40ee2a043d90650e7334cb862f6

SHA512
0d903d914b548969476f541794312febb72e56fb9a0dfc6e563d16ff2e8a74c6b13e184729d1f2254974e0625e032483470172b6cc270c416416fea93bac0906

Download Submit
C:\\bonzi\midi.bat

Filesize
73B

MD5
27d92ebfadfabce5ab3fa8f842e6a2e8

SHA1
2fbbe766c10820436a34ac47dcc49909a52228ca

SHA256
2acb21881a9c9625c653dcf43a79c6f5fb81d65bec36d290f12e1f2a6a7763c7

SHA512
703031215f5b282d9e4889cbfe69a80098a9663d2fe056e05ef58a9f431fd38afc12f6165b1417173856c9bcd263ff92ec985d1624044df2fe64316b2a18c021

Download Submit
C:\\bonzi\netscape\AccessibleMarshal.dll

Filesize
8KB

MD5
41d1f3a566f660af54961e766f7b62c0

SHA1
136f8911db5e2260d21be242c12be32b2f39cd36

SHA256
c10e9e5064cebe3da1e5adac75e7c5275a1887c7f26aeda77b977c5e67498f0e

SHA512
c8d05d38dc7bd1e60c6f157e2b9aa7e0312bbdb6efe6da150060695108204907948f4a33976ae2aa4e50110a35db6c9cc83cf20b272643890e1761ecc91f118b

Download Submit
C:\\bonzi\netscape\browserconfig.properties

Filesize
161B

MD5
2071861c3bcc63421c4552ee2bb7adc7

SHA1
c2cf21a40fa560436999987b0e5b03a30cc11892

SHA256
c80fea75a41531da6b48b13419d358a00adaf622849db5024c0dde020e260be7

SHA512
f7e002e839bc691fa70f27ba432be8ab7683548c29a2144292d1de63fc57da4c953a2ab012832e3a475504f64a71c9f735637a967993b611750be4286389d775

Download Submit
C:\\bonzi\netscape\chrome\browser.jar

Filesize
1.6MB

MD5
c8395710f824ec9e881a4d16fd6b98ec

SHA1
f4f873cc1e21d4e52aa4d94b1a74b18c4293be20

SHA256
3e975f38a5d95932bec15dd8180af717a6bf76206aacf937a0dce94251c8a567

SHA512
9a210c79022140f5a24a921a8514407f964444231d62300270f1eba318e2494ee20eae86445c1c9efae6623b57c5c70e04900c5594fac402890a3f5992f44e62

Download Submit
C:\\bonzi\netscape\chrome\browser.manifest

Filesize
550B

MD5
78f8ac0d911444edd41ee4c91bb6739d

SHA1
66da36d602e7e774043a8b47df762bda13eb0088

SHA256
e94a3fe979e6fbe23ebb0061dec47ffad95e054fe0284ea5f30d544267f409a4

SHA512
8621e082f28ea28fee03fb8e38c9a8df64e1f0dc5046069bdf8d162f06896b83a91f722b338e6f37bd5c0c37d96fa17870b5be2d9bca03fa4954059f893c4f82

Download Submit
C:\\bonzi\netscape\chrome\classic.jar

Filesize
618KB

MD5
23624d88c9a71f0c366b7da0c986c74f

SHA1
1fb9c47c58a497974bf142106136c0a3de3d884b

SHA256
55818d24c66b15a04650bc4158068e5d02329a34d1c270fe1d219e2f53086b21

SHA512
025dc050fa19dba690a135adfd1215c306719243e52e3f71f830517e58351381dea614b4cbddfd7c3ea4c397225d2201bf5b52f86b6d33c88eb4a39a9901b367

Download Submit
C:\\bonzi\netscape\chrome\classic.manifest

Filesize
322B

MD5
13089bf20fa0f5a0161947e2ea68ccf9

SHA1
7b118a78b1d2a6dc39e3bbc819e2fec1fa38d064

SHA256
edc130d9baed6516f1b1c268cdcc9fa7f604728da700f4ac73eec32800c5a8a1

SHA512
48e1ab07a1c90b478aa3b6b362f762464c0e002c2c3bff4322a369076539e29046ef9ef83ce8908239d970e5adacca22ea8ebc8a62735c218ded4937074475aa

Download Submit
C:\\bonzi\netscape\chrome\comm.jar

Filesize
31KB

MD5
6f1b9ce083df442d2aa5fa03f6cb6f60

SHA1
8afe52d7ec7f49df4a4ebf2f2cbe83005e8dc6c7

SHA256
0ff2af2df6107236531d54f9ad6c81c60b4c66293c910c077a153ebbe66bd2dc

SHA512
d50e70367a706c0f11001e10432ea3564d2294fd6150706ac5b910275ce5d4ef857257bb33bb68a62a6a8616dd91d0b6c072d768e786e4bb77b758357eab1934

Download Submit
C:\\bonzi\netscape\chrome\comm.manifest

Filesize
144B

MD5
940eaa4676d333fc76e2c37e7e7e3a85

SHA1
7f4a87a6a08ea398704225a2e5483a98a01cd622

SHA256
28c245f1be3a0865ff3b6898f78c87408a43ea37aa53ee74cb18805c4eddeb58

SHA512
4f233b8b662ed8a4e3aec5c19d3b7ebc479f59b4344c877d97eb4925f25a16e324875e76ee266d653ccc9612b8131cac6bbdefa9e8a74fd1733c3f70961ee247

Download Submit
C:\\bonzi\netscape\chrome\en-US.jar

Filesize
610KB

MD5
4b5e8d0c4a9388ef045c60eb9870fc40

SHA1
6e2c1852aac68ae8240ddbd9f2c8f1f82f6c0f90

SHA256
f6f452c736639acc1bd75a83aeacd10ad0f83af7dcb6e47ce6dd32a26a2a0343

SHA512
85a9a675a245eee03d6a6cbe33f8522a3c8c22f42b70e3ba57dedc7e49670f050f7e4152ec6fef29428b17e765f870d02f097954eeaa634f1583b84c9a22bccd

Download Submit
C:\\bonzi\netscape\chrome\en-US.manifest

Filesize
894B

MD5
a9fae4b2673d3754b89c9d3ba508ba47

SHA1
c201a0696a9dc04597da29502bc5252502c2661c

SHA256
b9cdf76c02a0e1f31094e9c61d1eda54a3bf4c287ad95f7df1d4d285de95ca63

SHA512
e0d1a1911653aff992be54d957bb31e5ef62649958a1c06c2e206718208496547bb9ba851414f9fffed8e5b9a8b2f6d3485dc23a69fb92f059998709dc3310ba

Download Submit
C:\\bonzi\netscape\chrome\pippki.jar

Filesize
292KB

MD5
9a7d55620c9f1780441fce11a443e402

SHA1
5fb1cba9cf23512bbddb07dda8564798ecb07c72

SHA256
485b27b406a07a19195af81285067919da3e5165747bf01b2f7a90b6527038f8

SHA512
832bb408758b9d803aef5ab175f80242ec10c99405611d5f9ca93d0b40b247d58c3a875f88767c8893f992d2d3ccba1ea205f181ce963f18e61ac7067a7f0ecd

Download Submit
C:\\bonzi\netscape\chrome\pippki.manifest

Filesize
69B

MD5
433dbb4921ce78024add72a778754702

SHA1
4608e7571ad013787dcd68f23ae385b29c5691d4

SHA256
c249df4bc8fadcceed1dad278a96d7915af54f0ae97ae0f23fc8eb4175731880

SHA512
59cd550765f633b2a94443c31edc3740053470c4408b31c9b28bae307b27d030a1edaa3c6974eb82fb454704eb0e46286cd454e7401cead18b1694f81bc5344f

Download Submit
C:\\bonzi\netscape\chrome\reporter.jar

Filesize
43KB

MD5
3e2d14577cd76484e53588a18e2376f4

SHA1
9c119cb9d64109a1a56b11ca0fa54e5331e891cb

SHA256
65905b0497281fd57dcda8eb5c47eb41dde577c2d2c40239e0c9d8d383963f33

SHA512
b8cd63fe2522763c3207d89f66a71b07fa8b2e568a3a9f7f55183c7d4aabfc6979aa6ee6e60c507ef1c2b720cc43e817d4dfe193f8df09b3e22f51c32956bb5d

Download Submit
C:\\bonzi\netscape\chrome\reporter.manifest

Filesize
340B

MD5
5e0bf4f3dd0617b0b195312bcb7abb62

SHA1
acfb78064edc2999c06eac8b56cd31fd52bbe6d8

SHA256
e7e01f5a59a1e1e4d7c56f40395167d3b14890661b87f5129d57ae5c2b10114a

SHA512
c6e5ff17ed9861ea55d70cf89bd8385b91159c17313cb7fa807aa06b4836d9c12466c6a4d849ff588f745d522242af060575a8d0ed26985d4115297071d59af8

Download Submit
C:\\bonzi\netscape\chrome\toolkit.jar

Filesize
1.8MB

MD5
0d87ef638abeced11511a63c5731e501

SHA1
4e238a4ccf5f6a349215a242cc1df1d2cf71c49a

SHA256
acd04082faebeaaf75956db33e8c57e4909e6f8822477268835d3bcece15d85b

SHA512
5ab5599c59bcbf9a7638dd3debd12f890776e843d9679a25742a183dd7ae663425a9ebf5e2de012183b2040949335d3ccdc99505fc79346ae7b1b6dd2e121511

Download Submit
C:\\bonzi\netscape\chrome\toolkit.manifest

Filesize
469B

MD5
991394a770c6e55b97cba3cc51e53de2

SHA1
6de9da3b00576f99d746aedd8e5e13da41f174de

SHA256
7d3386c5ddc9ef60e780464f6431614072f12a0bef1a1081e21559daf3c7e503

SHA512
f41ff4eb874abf493833acd3558351529c1fe79acddb04f612d7ab808e92adc93033a2be0cf79cdaefc4708fe78345c2cac0bb7bb583e003fa9adbb6ffd689a6

Download Submit
C:\\bonzi\netscape\components\FeedConverter.js

Filesize
20KB

MD5
20f8a15b1e1021dffe52ce936399b849

SHA1
59f59c8d662e59cf960f12864e932b09d28e1f26

SHA256
b23290d66cd0b26375e032d2c6c7578b874e379c6ca8907cf1a7cf122b74efa5

SHA512
4a0f86f0ee4b33c9f6ecb88093f81143fea0f90ad767b06d1440743f22c8d7bbfcf5bf79160add79334f22b17b9a629db77d4983bb6f581ca5356dbfe3746c7d

Download Submit
C:\\bonzi\netscape\components\FeedProcessor.js

Filesize
59KB

MD5
84d2257da1551d5ebd09fc7bb97d3134

SHA1
4ba59d1389710f004742f67ff154aa4c95294aaf

SHA256
fb879ce16c7382e3a562def28f46c240a86a942aff2cf29b8cdbc779e1644461

SHA512
071340c38074cf019f328476c6026db05e0ab0374a7f8f4122c8ceafda55e2667a7ee35abc41f35a88480890df674edf9add59dd40680efa10fc25c7c356fc24

Download Submit
C:\\bonzi\netscape\components\FeedWriter.js

Filesize
39KB

MD5
a7206d0b86a66f8d3818f8398a0a72a5

SHA1
fd8adef12b8f73fdde0662a028297244ed4ea9ad

SHA256
0fcae6b535f8af369989cdb3646f63245720d3ad8b10dd15d736b02ee3bfdd26

SHA512
31eab727e151c7ef14f006b78ba0b7b6dc02c55966a388577c55b1a897a2f997cc8870b54840d231cf44c4632420e9373bac9bea0a9458c45c14603af6400b2a

Download Submit
C:\\bonzi\netscape\components\browser.xpt

Filesize
315KB

MD5
1ba3ad31f3c642ef5cefd10f72f8275e

SHA1
876ef9b6e990caa864d344f52d517f5d7c430747

SHA256
eab3322f9c4146cea91f06b25ca8713f087a4ddd0b2b39ad1739c974728c3750

SHA512
efb5489bf619c45ceedc37b98645bd420fa5f7f52a752801268d10c12b079e086ae091e70d8c4a38331fa5d322c8c2d7df49e4eb40b65dc8c9021a900efd58ca

Download Submit
C:\\bonzi\netscape\components\cache-module.js

Filesize
8KB

MD5
9389b62b97d5620aa4445635e96fdfe6

SHA1
781f260c6b74cc579c7f88029688c8a1728ef6fa

SHA256
1f9fca3df0162b0ebe0179210928f99b9db35bf13741760a56b34261d86d5d15

SHA512
62fbf011fa02674086ca2058f69eab8857f381c3c199e7f7b4045ffbe42374915bfeccabdc305b17b5a8b9539d7a01555d7cf34f978e201a2407aed913580137

Download Submit
C:\\bonzi\netscape\components\compreg.dat

Filesize
145KB

MD5
f7487c8a3abd34c22ccd8481d08d8199

SHA1
2da738409048fbd3159a4047e5ca272891e4182f

SHA256
213a117f2ee10391a28e75a4e3a9f9a1eb6430b86bb54a982ccb063c7f70ba9f

SHA512
cfaa363b6fb3255335192c43b2362d3b55c0dd3cc2db79f9804debd0ab8c911fb0df50981b5ba960f28fa8fa95eca54f18703e01b09da32c6d1538a15f504a96

Download Submit
C:\\bonzi\netscape\components\jar50.dll

Filesize
76KB

MD5
eb78d8af60119fda6c2e15655e791ea6

SHA1
71dbac8bfc1e839c5dc7c70f84348efb6cc55838

SHA256
caab06ea40310d202a5a44c64221a2f920d4f3a12be6dbcc0a59362c2aca9364

SHA512
45c6e975e7366df1b8bb52e6bef820553f129e251c1a268c4e5014095000107680ddddc06aa0317d864b6c96f49550bb80a4d7fe99abe456f2da15b23841450c

Download Submit
C:\\bonzi\netscape\components\jsconsole-clhandler.js

Filesize
6KB

MD5
0987ed598b945dfa32853c4a30b757df

SHA1
5ba15d5d912aa77e8028b89b65eb1a8756f74f13

SHA256
bdafc44ec1ffc146fa1fa0432cebab3e0180b19e1bca67288a2f7642fa4256a8

SHA512
5c377974c5d193c53b4ad235a80412eea122f26da32d247e6ac6b60034696b2fd54ae8eb2260fd942c66ed94e8cc682e380995a03ce77c7a2d1a5a81e93dc404

Download Submit
C:\bonzi\BonziBuddy_original.exe

Filesize
126KB

MD5
ff8e3bef2b1c444e59d21d5291c81d96

SHA1
a838dc974a49dc0fad824cedcf794c8c9651d410

SHA256
50a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e

SHA512
b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927

Download Submit
C:\bonzi\netscape\res\html\gopher-audio.gif

Filesize
163B

MD5
0c428f6883c912e150ce42c954b1bd36

SHA1
bcfcdc2946c6e8113083d57538de5713aa033e9a

SHA256
39c501d97b098136e6d3ef487ebc2a04b00b367af8bf04a16ce183064656dc2e

SHA512
d809489178b96dafd4a0c95edd56fac21625aabb2b7dc8260345eb96b9c3c7ecb1b18505746bed15581ebfa1265cf96c8aff3953dbc6d69d56b31fcf54db228c

Download Submit
C:\bonzi\netscape\res\table-remove-column-active.gif

Filesize
835B

MD5
cdeeb11aaefc565b7e2e6de6c5122adb

SHA1
67c0bbae8ac6dd12cb66621f3539fae6971d91e0

SHA256
1ba095a2abd0fd53efb16480111e199cb06cdc0f7205c73691ce83e302af1c03

SHA512
b123401eaf3d0407638c1e0f3a17d102987b769139d83f2af346d5f5c3a1f16a7aab17bd9c046583542d15fbdcf11d24206a4bdf62885bf87b2aca4ecacb77a9

Download Submit
C:\bonzi\netscape\res\table-remove-column-hover.gif

Filesize
841B

MD5
f6f8b831f31c8a4081e61403b258d944

SHA1
389daf6bcd0ba84a413dce4aff02ae9800eb1061

SHA256
f19d34969cef9b58e845f4f3630ec3df5a3cc054831f3880c1b68a34afa431d8

SHA512
01bb9b06927083d052b11a76ce147073bc25d7c95308d189dbc5598776f83ba26c22a260450f41c2d18e4c3ec86aa24719a90bdeae1417ebd4b1066b80c8fbab

Download Submit
C:\bonzi\netscape\res\table-remove-column.gif

Filesize
841B

MD5
90ef7ea72f363d421c608e37141f0e29

SHA1
891c963cb3c26628dcb18db5653eaca5275b0f9e

SHA256
dd6549e0c43acaa44bba371928f96cb02f71440149f6ae4d2e9ad4706cbe2231

SHA512
6a05229fd5e33ccab5b5e4f185395fb77447384c83b2d0ca5379106e3a06296a6e372acf8c3be7b7d1e8046d5b3002ec5c4c4c22ea186fdff828acd2aa5702d5

Download Submit
memory/2008-3555-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/3600-4257-0x0000000000400000-0x00000000005D5000-memory.dmp

Filesize
1.8MB

Download
memory/3600-4365-0x0000000000400000-0x00000000005D5000-memory.dmp

Filesize
1.8MB

Download
memory/3600-4370-0x0000000000400000-0x00000000005D5000-memory.dmp

Filesize
1.8MB

Download
memory/3732-1468-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4000-928-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4000-905-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4000-907-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4000-906-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/5428-4291-0x0000000000C50000-0x0000000000C70000-memory.dmp

Filesize
128KB

Download
memory/5892-4290-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download