hxxps://www[.]mediafire[.]com/file/slobl7ffeev2obp/STINGRAY_fnaf2[.]apk/file?dkey=lvamdss1mq2&r=428

Resubmissions

07-08-2024 19:58

240807-yp4pfatapm 10

07-08-2024 19:52

240807-ylm8aawgjf 3

07-08-2024 19:42

240807-yem9pswerg 8

Analysis

max time kernel
564s
max time network
565s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/slobl7ffeev2obp/STINGRAY_fnaf2.apk/file?dkey=lvamdss1mq2&r=428

Score

8^/10

discovery persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
5672	Memz Clean.exe
368	MSAGENT.EXE
5112	tv_enua.exe
3080	AgentSvr.exe
5288	BonziBDY_35.EXE
6096	AgentSvr.exe

Loads dropped DLL 37 IoCs

pid	Process
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
2280	BonziBuddy432.exe
368	MSAGENT.EXE
4512	regsvr32.exe
312	regsvr32.exe
2488	regsvr32.exe
4100	regsvr32.exe
512	regsvr32.exe
3044	regsvr32.exe
3264	regsvr32.exe
5112	tv_enua.exe
5808	regsvr32.exe
5808	regsvr32.exe
5496	regsvr32.exe
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
6096	AgentSvr.exe
6096	AgentSvr.exe
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
6096	AgentSvr.exe
6096	AgentSvr.exe
6096	AgentSvr.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
394	camo.githubusercontent.com
355	raw.githubusercontent.com
356	raw.githubusercontent.com

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SET5BF8.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET5BF8.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb003.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BBReader.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t2.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Reg.nbd	BonziBDY_35.EXE
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\empop3.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSubTmr6.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Intro2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvcrt.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Reg.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\emsmtp.dll	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd1.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs	BonziBuddy432.exe

Drops file in Windows directory 56 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\INF\SET4B61.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SET5BD5.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET4B3B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET5BD7.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B2B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File created	C:\Windows\INF\SET4B61.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B62.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B4E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B62.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SET4B63.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET5BB4.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\SET5BB5.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B84.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B2A.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B2B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET4B3C.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B3C.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B5F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B60.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B4D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B2A.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B4D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET5BB5.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\SET5BD6.tmp	tv_enua.exe
File created	C:\Windows\INF\SET5BD7.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SET4B64.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET5BB4.tmp	tv_enua.exe
File created	C:\Windows\fonts\SET5BD6.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET4B5F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SET4B64.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B84.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SET5BD5.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File created	C:\Windows\help\SET4B63.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET4B3B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET4B4E.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET4B60.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentSvr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBuddy432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSAGENT.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentSvr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tv_enua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_35.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlBalloon"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server.2\CLSID\ = "{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton\CurVer\ = "ActiveSkin.SkinButton.1"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\MiscStatus	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\ProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinItem\CLSID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\VersionIndependentProgID\ = "ActiveSkin.ComFilters"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\ = "_ISkinSourceEvents"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\ = "IComFilters"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\VersionIndependentProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6CFC9BA2-FE87-11D2-9DCF-ED29FAFE371D}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{37DEB787-2D9B-11D3-9DD0-C423E6542E10}\ = "ISkinSource"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD33B25E-E99D-40C3-B5C5-7F5C3F130777}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74179610-5A56-11CE-940F-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs\CurVer	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\TypeLib\ = "{F4900F5D-055F-11D4-8F9B-00104BA312D6}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\Version\ = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA478DA1-3920-11D3-9DD0-8067E4A06603}\VersionIndependentProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\ProgID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSPanelEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCommands"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CPeriod\Clsid	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ = "ListViewEvents"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CurVer	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\MiscStatus\1\ = "172433"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ = "IImage"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSINET.OCX"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\Programmable	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{643F1353-1D07-11CE-9E52-0000C0554C0A}\1.0\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\SSCALB32.OCX"	BonziBuddy432.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 617971.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 382268.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
4316	msedge.exe
4316	msedge.exe
1272	identity_helper.exe
1272	identity_helper.exe
5896	msedge.exe
5896	msedge.exe
5932	msedge.exe
5932	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
5344	msedge.exe
5344	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	5648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5648	AUDIODG.EXE
Token: 33	6096	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6096	AgentSvr.exe
Token: 33	6096	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6096	AgentSvr.exe
Token: 33	6096	AgentSvr.exe
Token: SeIncBasePriorityPrivilege	6096	AgentSvr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
6096	AgentSvr.exe
6096	AgentSvr.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
2280	BonziBuddy432.exe
5112	tv_enua.exe
368	MSAGENT.EXE
3080	AgentSvr.exe
5288	BonziBDY_35.EXE
5288	BonziBDY_35.EXE
5672	Memz Clean.exe
5672	Memz Clean.exe
5672	Memz Clean.exe
5672	Memz Clean.exe
5672	Memz Clean.exe
5672	Memz Clean.exe
5672	Memz Clean.exe
5672	Memz Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4016	4316	msedge.exe	83
PID 4316 wrote to memory of 4016	4316	msedge.exe	83
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 436	4316	msedge.exe	84
PID 4316 wrote to memory of 5116	4316	msedge.exe	85
PID 4316 wrote to memory of 5116	4316	msedge.exe	85
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86
PID 4316 wrote to memory of 4792	4316	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/slobl7ffeev2obp/STINGRAY_fnaf2.apk/file?dkey=lvamdss1mq2&r=428
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b4718
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1268 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7120 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7756 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5932
- C:\Users\Admin\Downloads\Memz Clean.exe
  "C:\Users\Admin\Downloads\Memz Clean.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8276 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7066913302613734808,12747335137797614705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x53c 0x530
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2280
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1500
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:368
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4512
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:312
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2488
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4100
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:512
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3044
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3264
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3080
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:4684
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5112
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5808
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5496
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      System Location Discovery: System Language Discovery
      PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
  2⤵
  PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b4718
    3⤵
    PID:3988

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5288

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:6096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

Filesize
7.8MB

MD5
c3b0a56e48bad8763e93653902fc7ccb

SHA1
d7048dcf310a293eae23932d4e865c44f6817a45

SHA256
821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb

SHA512
ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
99B

MD5
4de674e08ea9abd1273dde18b1197621

SHA1
7592a51cf654f0438f8947b5a2362c7053689fd8

SHA256
56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63

SHA512
976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

Filesize
391KB

MD5
66996a076065ebdcdac85ff9637ceae0

SHA1
4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce

SHA256
16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa

SHA512
e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
20KB

MD5
6959c9f88b6fb8554e6f425dde0672b4

SHA1
b7b9f19568b87b28475a84e85e4b21ce970a8dda

SHA256
4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15

SHA512
f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
41KB

MD5
dcf42fc7c8989829cd90daaf7653dc14

SHA1
6b2ebe2e31a9dfc8b7656c5e903a61fa743c96a7

SHA256
1663e89cb579b26a30271c29e9342bacd80783ce1239361a24f79d24de271969

SHA512
36c791d5f5e5af50e413d000d4caf8b6dd515bb6fba96c6c8c8c3eda54c08bacb940bdb9b9a6b1f205cf144cc894d71ca25b011af899a7244e645427af97f8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
1.3MB

MD5
5bf966373df54224b86cb097a31fc5c2

SHA1
3e7976b258cf50be1761613facb7618c8f2e7703

SHA256
8d1486844662d645cf1b34f98b701de530849d750043ba6ed02b2557064c740c

SHA512
c2d71e886f959de45a6188e41ddc864c464d0a67e5a346413642f6a29771860aab132705c8869014e9a0d1c9ca0314413b51f6075aa8059b2b6f466ae559528a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
27KB

MD5
09ac9c9a95dde9d928585489b55a7a53

SHA1
a0930234469184cebbc08e399bc4d7ad9003b2a0

SHA256
a2b2e70072c91efc39fce757a94ccb51cb7de56c2e2accc7501947ef0509a612

SHA512
0b6d68f9b28439a56bd0fdbd391f8107023117e985a7087dee483e7dcb998897db2e7ec4cdbd551f6546ec648c2c1b8a4345562f9640bcad14fbedaf2730551a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
25KB

MD5
42e84ebcf5470237abd1f9e322b751fe

SHA1
a828a45804554507d9e8521c36109e8bc3d5eca2

SHA256
a9fc7baee3689f0331e46617f60d6e7c3ed631209b7211e7dd09cf20d22a64c1

SHA512
36606d42aee5689819dedf221af3c6c0da06aeb9997b9ce84b42db42ab80a0926352219f1e47f2287dcc850fcc96e4eefd5e487e09e1f1228102eced11271e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
18KB

MD5
e904a5b1774de215a41c22da97bae9f2

SHA1
bd897ad01eec496f748e613b57c622e090ebcdf7

SHA256
242b4afd02027161ed135f51959b9982c119591ee0358fd1fd3c7e75c5f308ec

SHA512
9b2baf0fffdbb02a6229ba69e16d0e51acc594b713db9b1d8b37af83e3ed38a162a9d21b02f8e947f805ac8b7d84b31bc81eb55ab9c5f1e41888ba89e08c538b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0eda3986a4f062d0_0

Filesize
3KB

MD5
3de60e7de30ca88a91b9d33068ab041a

SHA1
ec29c08e659d4c1ae750a583bb6f05f934ec8f6d

SHA256
d319c1005ebc5ae30b6fc435c12847a3f59b64af870f9771153389f59a6876ee

SHA512
2bdaf148adb1aa95a23714a8db93adec865a7261a497fe758dbf9e2b2db4d019a5e23d03bbe36a04c76525513536832bf6a729267bed8ad804d4c7653c93c6d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17c6075172042133_0

Filesize
63KB

MD5
057533fd81edb34892a47b048b40dc1c

SHA1
de0a80e6338b8cbe2ae01a12fa2e632715435931

SHA256
4bb5bb92dbe13aba84f42aa6b7b1147b5eca32874d332fc74b62055c5f18d6be

SHA512
3b31addc8dbeb8a1a79f88baf39b523b564b1efd8632cb65c2f882e9e969a0b3ad688597a754c0f8875748506ea5b4c689fb23947892277680a086e342365a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a19544dd8e5e4b2_0

Filesize
31KB

MD5
429bfb01b87049b15bb1004c95e2fab0

SHA1
9971f1a4d8adc18fd4020ffa606b06667c35ba1e

SHA256
791fa346d764a3374d7ec5fce15db065d0b7457ab0826ca72e3f40a662caede7

SHA512
a85949b88766de6608e6e576e69fe32a8cd323ff6bd5aebd2b34a42de730ef7483db7454d5780b9f3af1b358bb90a050933cf9a5c337a9a2077f0c911706a9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
54KB

MD5
bf00540cc2719832c0e7599509f8d90f

SHA1
b516f3d36113af5938372f748c088e15a00a96d9

SHA256
0a7acf0311f3b1f5c72d926d425fbf1a5f7868408012ddb2651e5d72432fdbbe

SHA512
2a249376ab02e06952dcdb5cbfc92bcf8f787ea326fbbfe039fdfb792779fe65bb3b923ba056071eb35afc78177394a6df7ba2662eaaf1205e8f75defab4ccb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5caca2d4f4087fa_0

Filesize
5KB

MD5
4196031bd66dcbc37a2d264c496e9496

SHA1
c89c7c381f99f781e26b3c3cd3bd2953a9cd48ef

SHA256
4233e9c82dbc3695ed127be0b25fa080664fd3a71124decc7374ec2a9449cca1

SHA512
94a72da6d0cf09575ec1e20b72588a480314f831b1372621c7facb6f542b690c73c1e144cfab1e582c01dde3dec3ae363d28a9c9a47a450be935ff04110e3d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
85fd4b0511526f3182cf73664f16d11b

SHA1
73c8afc77f19bfb05f276f8a620c9e0f651d8f4e

SHA256
5716690fc2ff8f74cd6edc78ec13a25f6f319ad810fe38a03bb24d771d308749

SHA512
537696de740e90ee4c72870c9add5eebc3d642e2463ec84b6104a249330ab4d8ef1c4e8c52a1501ee4fff377626bf1a7dbeeadb930b827f822e5589f5f635497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
4466405b19f47f0436c38016b1277666

SHA1
68e52cca55f252f0957d3ffd74af2e1af9e75806

SHA256
73118c82730957cc5aed1dcbf90e2349c7c647af1adac1403f2f346f4affc2cd

SHA512
e73d7347470b43c71ebdcdb31bb6849dc97452bd20a3062d247033fa52d7e6b2672fbccbf73919d34e41f3d6f36058b1a744cab6b6c7ea29be8029c5b2ca42fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b28263d182cbea69501336f3987596d3

SHA1
44a9cfaca66676b196b9e4751c7b14d9d239c640

SHA256
c35ab24117eb3fa2bbc2ccc3af55ffe041ea5afe7566331889c913410559e35f

SHA512
bc097a942571cde49532acb0c3a8098a47a855c43c6f42287e02d3d1c67e826fb59329b958fdcff730ee70fe656e3e24ceeb719cdfb353c7fdaccc4440df3146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
12963f9da7f52ee28147b8014cafd575

SHA1
3a2ae46cb120b19190dbb7e72a99ad1b184922cd

SHA256
9c8001c3ef5ca0fb06165f38aac98a1626004063a48b5301908e90e564ecdd82

SHA512
82d5f09299fff8b6f3ae7ebd67f6aff23f09a106d48bde6b7b47305a71cb0041e6b8401fe32e1c6fe10f8e917bf0686008e88b7a0559b5d989dd28cda01979da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
840d42a996a71ae2998a027dbb6d72a8

SHA1
dd42df76e553ac3bf1a086f820754bb90a318eb7

SHA256
962942698838a474808c82d0ba82a50f18e406263366413ea842014b490f25ee

SHA512
b278cbf0c7c21aa1e1ef4a92526edf9b03cd271aa013b8c24148920c828b083ef4e3506747bb87653d6d39a9892a30a3a83953c0b3d5d69ad31cfd98ebd261da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c75acf14d6d4c9bb79fa3059c060000b

SHA1
efbc2a406e8d301fc06f0d637fddd129dcf35ae9

SHA256
0ba60940eb57e86af84547533c9b13ad7faf39d3e9430b29767b923542a502cc

SHA512
5b0dfd659b7ceeaca61e000fdf24121cd818ea3114f6623a68ee91ec08fc8f7f4e7e58ab85fbe2d51080bf64f15f19cd24c01e054bb050c7f9964e6eddaf9f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
59b1b4ff5887ae8e5bea08af42f7ba6b

SHA1
962d8b83d4c1f9926e40a2fda7f1400c3419c79a

SHA256
daf0a0a0eef3a0b43c08a1caee4580adf8dfc2f60bba403f0d021ff0253dffcf

SHA512
948159913cab1db4cdbf2f02a97a35a1a89d4934039420654657621cf8d71d99f7e2f4d31013d607ed589d35f4494a463aaa9db1e2f9c56e123e5837fd4bb96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e83d938f78c17fc8a415419497c21024

SHA1
e6521aad12b040ec2596ccff9836da8e0df08e4e

SHA256
86566195c77767e62976deb7fb7a15799c60ab229db364b1de9aac89442c60b5

SHA512
6b4a612afc83db953703dcb2b3531f5b9d10d21afabb6853d3d789a76e817d35ef29818c4222a52593c8861618b63c5b2951592282b6ad2b146cd6573fc65245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
3ea08a1ac20733a5b023b919491f33ab

SHA1
b18a9921ea31ae957f2ca2f74a70675cb2ee653e

SHA256
5047315590c5448a600b20ccc5bad59114047d6ea042fd7947baf37882bd1397

SHA512
e4770dd4fa877bf79fc8636edd481ec0ce31cbc99fe93881f879fdfafe3e61550fd3e6716c862fdc08c14978269665708026ecd01e4029509c7bfc5600daa911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
e82bfc71b59c9b9f72123c39ce6eb866

SHA1
83c38fba8860392ca079557ca60781ea915dc08d

SHA256
d6b44cd0ffe4c25374f06196f10b713450c2db6699d355dd5c0f788a5aeee826

SHA512
e7cf30b1386ce12f859a39ce460120bbe0bc93d1879d49a73213244dba14784f8cce9181c082bdb3de49e70a595082b42776e40e992c5809b2a4d769f8ece33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
f1d5db05cc1316ddf3144b8a55f072f7

SHA1
8a575a78cf2201ae800f415410af1e84529ddde2

SHA256
5bd30fe6f80d12dc10e1f27be87a11eb48a355c1d421354a439e297f8c31a700

SHA512
a8e964a721b94a8937e199f66128471afb555c523723c224e9b8295bf19805f9b79a0f8dfba1364f63bafd8a810f53e2bea84d67adf953c0784f691a24e87b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
7a0e5c41dbc9c138ffdd0fa9b1aac1e3

SHA1
2c9066020524e1090078658f0a1534114afc7c0e

SHA256
d97c931e074c4677a2d907d7c931ee2e774fa86cbee97eac9069b04884b261f0

SHA512
525c5b594bf55b74945099d712a2e6f6f7147a61be3d1708db9fb4790bab99230c8c3f059e6a506aefccdd35f2ec94d1c0ef5eaf04049539cab67c2a16362497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57ca5855a909afe92c74aeb853ee79aa

SHA1
071b530b6135b9c889666d74775b6eda6f64ccc9

SHA256
9a55f90d5ae83b4cd81f991ea47f346717ea5c7aea4053be64de941c7df1f7f8

SHA512
7abaa04db14f3257d85288d4af886d3ffa929876f070329fbfe952b89bb38a010bb8f60e581a5476a6c119633bab5fdae6dd69c8bd7a7fe7fb9f08e3af6dbfb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
2c03adf00eca42d1aa5e9a94b070d074

SHA1
ce64553213e084c18ec211408959a29d4aa57a97

SHA256
9cd7d4d168aa8feff300d769e1540910cd85d954a07145c11d5ab9d503aa693a

SHA512
6497cbbc6c223cb25cac76289df549a28ffd56935a0e8b0d938c954c82f91c15ef92febc6b630ac6771b6282eb849ffbcc62357b179677486da296446965b544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8aa320d58bfe50d812c419baf21598c2

SHA1
08e16651e5d6bb47ca23fc0717e456204885ef02

SHA256
894291024f59f9405b0d97242b0da9c02573601969d9fcf52019feb91c34a9cb

SHA512
2db7aec968db5567f67d9f4b7acc545a505bbde4a161181e42640a4eb6ea00c8f49e91da417becf69563cdef6edc233dc72805483032665d93bf3df1c1aef9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c337d4faa6af0f5e39cdf99c3595013c

SHA1
1536895501ed6d55937df5c2b46ea18545bf7e8c

SHA256
77ee3c844c1b1c4e0afd32f2f98792ef9ef2f0773de924c0f3d53d6ff47d8bd7

SHA512
1eaaef2939ab286f56af401f43fa8e876e4c2a471c84bdeda898aaddc53b293c2389b418bd807dc72f9d4144ece95f24346881324c95067a060b14f8a49cd61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4ab7eaf81e5bd7357d332bb512891089

SHA1
3ef6036bff414d304344623c668fa94cecce9990

SHA256
4ed2db83d6e36c020f8cfd948fc2602dcfd92564733aa03586e284457cb79fd3

SHA512
ed37efeedfbf899a61c2531d32b64b87fcc069f847d4b9ade17940d214c7d85e88ddf98a304c85a9e5b31080ce28905b582b5f2b1b2f4e6817c8a419095d45d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ab8eae70a94dc24ca103d47421733457

SHA1
bc720d265d5c749b5176102b2cd92b6d784a6175

SHA256
4a2f3403379b733f30cb85d0bacc25d8c16f0af45d1aece8323bec55862bbd3d

SHA512
a1fd70975cdaa0b14a53d8629549e30e85035f1bf4f0abe0ef5a6f8b08181e06faf1bfbce5e6bff427e980bf7197cd735099c63e276268d9685303c10cf5d7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
80694c77f3f5eedb671d3cf7c964b781

SHA1
f072d482cd257d64cf9d1ea3933199b905d5af33

SHA256
7eeb438a63f9c8c7d3d2d50c45cf3e248ffa12f76419ad50d7e0d84ba8ae5e56

SHA512
853f5b15e30563dda6348308c8eb26413526c9c96f94ff43ac4a30902111f9f48fb5fc920395f936b4cd1e5e3832095db4518d29c0a9d201850adad7f33167c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
2e8f258a0fc049dfc6cf4271efbb4fc8

SHA1
b41463b6a815ad175f40bbb96c825244544a218b

SHA256
572b178b6a788161291d94232ba676b29dea35f6cf6c5a1f853da7efb2b8f430

SHA512
821dfb6647978f74fdf906aac285b3fe0ebbbabb6d8d20119fea01d7fe0d38e925496ef7330949b83e1c43666cd309384a898b6cfb53d72123474049b04c9dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5a27eca40f5b2145cb7a5dfe7e05433b

SHA1
3052d06b8f65ba62544a2658b37fdc66e4554dbe

SHA256
8a6701c5cedd3abc3c35c555de47c7d27a66d0cac03128fbc49f3afc671687f0

SHA512
4cfac731717d62ed03e47bbc30a4df57f3d96788e360dd877d6e0cc0f0e8bc6bdb669c07e4c7ee506b821be16882cb5790f79ec82a2387cfc01559e256f055c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e4548a9c0ae2910cd62cc8a046999fd7

SHA1
83ac21627a9a737a936fbf1aba0d666587592646

SHA256
e1f75071a1412b10990c2228282dda4bddff02e512e8db39bf13266bcd22e0b0

SHA512
f1425804b4841f328d7ec55dd158571c6566f7c6e2614941f26bc385d0d4a070904eba90f6436ebac0c331734195b4c9e801c6234e66222779f48f91ffbab1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f6d80f9c8799ce6730fbc9f29c42085d

SHA1
ce7822b3ef1e2e30d32d73cee1ddeb777b5fc586

SHA256
3d98b9a5d50c0442e3b768571b270e7735983c8931875ba71fada6e15d095f86

SHA512
aa4ef7db9fdca4ea10f0e5e30df67cd33c9fa1696e0350bf3506b5357b9fd783d04825b51b251d58b2a50a98b7bad0b01c13d85d910fd128950b0199c66bad02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
84d9024cb6fadc1b7324b7bdbc2364e6

SHA1
7b55d381c72e4720abb756cefdae33b08242d9bd

SHA256
d14a75d62e140306f53ce5b98246a706cc947efa5c4f5e937111159e14aa0b22

SHA512
667769c1907cce2b7ec74458dc39fde3369c1cbcbe5c3058962ebe696d42980a434eb08a83d252c17001ab7a88e57e6f9c80b0d016ee952313254d8800069952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3f42c6c06e9dfd8b6689bb39c437a8f6

SHA1
82a0c05606034f6467ac3138eda737579ae516b6

SHA256
2e8da71db1dfc622ec2d3b052dc9d589b98f5cfc69212a56f63eb7f01f5c3dbb

SHA512
6234bb21bbc7663a91547d55c3eff0dda13e896bfc163097c94433315cedeefa27a349e5ccd2bd439130e89b39df16924e8e3cab597e05bdbb7a0a53ad9fc152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7339b18b0d90405a69082bc9948c2386

SHA1
fd06ff3f7ca78b7a65ecff6104081d7704e02c5d

SHA256
8a8018b122e016540a6b4939bf382573cf38ac43dc565e321769b0d398e8dd38

SHA512
7d0236a75d1c1908f6a92f0867edeba3337718cecba2a71fb595a500a8f00583a7a96863f9c8c00c5648c9e51e6cba7a52e7b5f38f92e62b83c541f2c49234d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9d553ba710796ddc6149608ddd1c0f10

SHA1
3aa47adeedfb0a073d4f2259e738320e850d1e9d

SHA256
b65eef80c6f359e032304ef40bb7c8d78655a1694600c43fc7115c1ba0be72e6

SHA512
d5d9418d0f6d9bf4a97adce3a1f4a4a10f33a9209f69498cf4725cdce283be5e73dd898e6707dd5abc689752a43faff54f8bb3c5c95a4e871fe8c4c1112d942d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1a2c19cd6b4bdeb2de1617200b4c598c

SHA1
a95bed480215135c6e9ff458df26c8cbf4384111

SHA256
569808ba6fc49801508d7a0d71205c04fa1c1fbb918599b50f5974b47815a6ac

SHA512
b04aa736f60f3a24a8b65f79de01d508d3e65b1ee36e6ebd252365e9edf6e596170717981e62d7ba470a4959c90e13289c40880248824ed726666b75090a1e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
adea4f8bf701b4e83cf0cf77f40b0d56

SHA1
70d4126fbf3632c84a81278cb393e8df2a4e8e42

SHA256
6c4c0de3c86cc1f5879c4b604b1aaeadc09a6b74fdb94efb93c2c34d3234f739

SHA512
2cd5dd24ee64f913c788e24285d0a95e045194f3f1145593a339aaecef7e82ec6f987f3b9dceef3c628f8309565a3978b7fb1461f4313e94d8daeebc23ca7bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5a16b31dd2363ec40a1655ba482e1601

SHA1
331f21520cd080dbeda208fa25dc9e858a54ed8b

SHA256
61ea6d32140cb87e158563cfaebf58e3cb4138950263d8d0af94a91a5b9eeba8

SHA512
a061ae595f9c9e1886e4af7d38264240f48d81d5f5c0b478013884a23395a4d414f90f7136819443f5b854f8cc53c07e74f9937c0afca75fd983334ecbc1a6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
46a4d9d638704e2430c3fc0434eb43ae

SHA1
421190b15cb6a63f54557f2ca841f885b65be732

SHA256
5d732e7783a40d1dd69b8476ec814b2a5da9f7e1c10df6e4d2d3e2425c594e9b

SHA512
e170e76aae44a148409309fce77da67bfbebf679180bcd35e39c76cba6c04fa0877df2641893801f1233e9845250bcc6c67c1d0191250e64c850b1b07ad4f121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581df3.TMP

Filesize
538B

MD5
d7c217b09228e745cdeda5dd96cc86de

SHA1
6e5adf16588260e56ab2ce061eb2b235306a054e

SHA256
a1714454ee1f85d655b34805dc965637ca324b0f9a0933b433340d4d9899b7a6

SHA512
40ccde64911344dad5a7192d2f5f162b2ce8dea2af0fed25d475d446f32b8ab1bb66bfc150150768fdaf6dc4ecf0d85920e14235f9727b0f9e3da603d35456a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
260d8ea40dd3d478bbe7708f2ae342ec

SHA1
afd1fa177845345697f5f7b3d1b2da9badb6157a

SHA256
9b3ba7b56e9c5aa32c52c204ad25e3d757602a37af68d75761423ffa1caba5b3

SHA512
2e47e942da91f82b87fc8d25694e485ed6f3fb62e0f6e3be22c830f3a4f3abcde8039ad0f16447d47d8665ae3fa444612c38b62d9117b4bf28b7412779d6baea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
096d0f8910b7952153906fc007a149d9

SHA1
cbaa416b46b022feabe70fc6c4ccfa63019b9c44

SHA256
cfa84b88aeb6d21c9a55df29340a45c8c211190699b56f7dceb801a284fae677

SHA512
dc41f5a6e4e960359c13151b343850212f66ca80e4ef65b4cd6c58cd2c6fd4f0dd5884cb4720149fed73e878c72ea81cff31db158d7951cc18bc5c36707a3799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
94d0468978fdbbb0ea35b718ad4737fa

SHA1
d48c799c67028ed872903a6144791a0ce79506d4

SHA256
ffda9a73bd8f291da0e0a719ecd0836c2a53443fadf80124efea8ba3aa1dbdd5

SHA512
ec696d4c8eab58d25635dbe793356a69c930fa7f37684db5ca36d16da4c9c150fdc5b7da790643d9eab7b1540e6a88b17f9d1b7370cffebabab49f2c678bf115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c3d0d55bf20fe40ded998867d8d1877

SHA1
f918dd7c9d546ea300d1a8ff32543b1c56a2f925

SHA256
4b9910a62ed26b0c0131d57134e533dd8e2dab153aa2b6ccf78efedf073c6fd1

SHA512
13a26dac90ecec9c7b6f271db4d9b80ef1de005820f8381c1790027e919821ac4f37f6443901c70178d9083f5cec6e482489d13e20f3009f87324b2abd6cbaa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\Downloads\Bonzi.zip

Filesize
49.8MB

MD5
65259c11e1ff8d040f9ec58524a47f02

SHA1
2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

SHA256
755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

SHA512
37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

Download Submit
C:\Users\Admin\Downloads\Memz Clean.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 382268.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
memory/2280-2856-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2280-2509-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download