Malware Analysis Report

2025-01-18 23:54

Sample ID 241114-x8r93sscqc
Target https://www.coolmathgames.com/
Tags
steam discovery motw persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.coolmathgames.com/ was found to be: Likely malicious.

Malicious Activity Summary

steam discovery motw persistence phishing privilege_escalation

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

Executes dropped EXE

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

A potential corporate email address has been identified in the URL: [email protected]

Checks installed software on the system

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Drops file in System32 directory

Checks system information in the registry

Detected potential entity reuse from brand STEAM.

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Modifies system certificate store

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 19:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 19:31

Reported

2024-11-14 19:49

Platform

win10v2004-20241007-en

Max time kernel

1049s

Max time network

1051s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.coolmathgames.com/

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
N/A N/A C:\Users\Admin\Downloads\butterflyondesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E55E0.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\Downloads\butterflyondesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET4ADC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SET4ADC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\CHORD.WAV C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\registry.reg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\s1.nbd C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page13.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\menu.bat C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File created C:\Program Files (x86)\Butterfly on Desktop\is-LPJDD.tmp C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\SET4ABB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET4A8A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\help\SET4ABA.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\help\SET4ABA.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET3EB2.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET3ED3.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET3ED4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET3EB1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET3EB2.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET4A79.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET3F2B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET3EF4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET3EF4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET3F18.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SET3F19.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET3ED3.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET3F16.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET3F17.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET3ED4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET4A79.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SET3F17.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SET3F1A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\SET3EF5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET3F2B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET4A8A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\fonts\SET4ABB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET3F18.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET3F06.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\SET4ACB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET3F16.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SET4ACB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SET3F19.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SET3F1A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET3EF5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET3F06.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET3EB1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\butterflyondesktop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-E55E0.tmp\butterflyondesktop.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\butterflyondesktop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Key security queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Programmable C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\TypeLib\Version = "1.1" C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\Programmable C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA478DA0-3920-11D3-9DD0-8067E4A06603} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\ProgID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00E212A0-E66D-11CD-836C-0000C0C14E92} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6} C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinStorage.1\ = "ActiveSkin.SkinStorage Class" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ListViewCtrl.2" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon\ = "SSRibbon Control 3.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentUserInput" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton.1\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCheck.3\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{322982E0-0855-11D3-9DCF-DDFB3AB09E18}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSINET.OCX" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Version\ = "3.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ProxyStubClsid C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\ProgID\ = "ActiveSkin.ComTransitions.1" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSCheck" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E91E27A2-C5AE-11D2-8D1B-00104B9E072A} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\Programmable C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE8-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSCommandEvents" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F96-055F-11D4-8F9B-00104BA312D6}\VERSION C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlPropertySheet" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37DEB787-2D9B-11D3-9DD0-C423E6542E10}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX, 16" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE2-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSCheckEvents" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSMonthCtrl.1\ = "SSMonth Control" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{311CFF50-3889-11CE-9E52-0000C0554C0A}\TypeLib\ = "{643F1353-1D07-11CE-9E52-0000C0554C0A}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\TypeLib C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92} C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\ = "clsBBPlayer" C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriod\Clsid\ = "{E26DD3CD-B06C-47BA-9766-5F264B858E09}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\Programmable C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 040000000100000010000000005dc9e3b2c090e0619a42c029a16bba0f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b500b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f007400200043004100200032003000320031000000620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a1d00000001000000100000003276930e46cb88e9b248d6542af311d90300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac190000000100000010000000f8f91be746dcfb848714a2b839b766522000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 5c000000010000000400000000100000190000000100000010000000f8f91be746dcfb848714a2b839b766520300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac1d00000001000000100000003276930e46cb88e9b248d6542af311d9140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a090000000100000016000000301406082b0601050507030306082b0601050507030853000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c0b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f0074002000430041002000320030003200310000000f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b50040000000100000010000000005dc9e3b2c090e0619a42c029a16bba2000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 0f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b500b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f007400200043004100200032003000320031000000620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a1d00000001000000100000003276930e46cb88e9b248d6542af311d90300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac2000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 190000000100000010000000f8f91be746dcfb848714a2b839b766520300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac1d00000001000000100000003276930e46cb88e9b248d6542af311d9140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a090000000100000016000000301406082b0601050507030306082b0601050507030853000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c0b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f0074002000430041002000320030003200310000000f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b502000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 522702.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 780195.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1604 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1604 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.coolmathgames.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6728 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x460 0x3f0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5624 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11488 /prefetch:8

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1

C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe

"C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe" 360170067722114728 KX6ifxmwXFFwqpbWQsD5+J7JXg7MQt51lGaz2jh3CKRoYuH/pmCmux6b15bTeMLb/WIRVaDHrIItLTVdR4KxOPVWQwzc4xDEPPIhIEbf7dirMr1bzOr/O/hsQUWEUJcaCPqIwFtKbpMlqAPKp4ynnG8y6eh2BbNnH2AsJoF+mh+6qF2ppWROTXdUbcvXt/wP1gIp3qEVRT5FAuGSfbapaytWKZiq7jwt6+aYdsXc9UU=

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6460 -ip 6460

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3212 -ip 3212

C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe

"C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5628 -ip 5628

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /d /c timeout 5 & cmd /d /c rmdir /s /q "C:\Program Files (x86)\RelievedplanesftsUtility"

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1

C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe

"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1132 -ip 1132

C:\Windows\SysWOW64\cmd.exe

cmd /d /c rmdir /s /q "C:\Program Files (x86)\RelievedplanesftsUtility"

C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe

"C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6036 -ip 6036

C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe

"C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2436 -ip 2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10764 /prefetch:8

C:\Users\Admin\Downloads\butterflyondesktop.exe

"C:\Users\Admin\Downloads\butterflyondesktop.exe"

C:\Users\Admin\AppData\Local\Temp\is-E55E0.tmp\butterflyondesktop.tmp

"C:\Users\Admin\AppData\Local\Temp\is-E55E0.tmp\butterflyondesktop.tmp" /SL5="$D0560,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"

C:\Users\Admin\Downloads\butterflyondesktop.exe

"C:\Users\Admin\Downloads\butterflyondesktop.exe"

C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp

"C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp" /SL5="$30576,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10544 /prefetch:1

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.coolmathgames.com udp
US 172.64.151.96:443 www.coolmathgames.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 96.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.intergi.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 104.18.24.242:443 cdn.intergi.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 242.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 104.18.24.242:443 cdn.intergi.com tcp
US 8.8.8.8:53 cdn.intergient.com udp
US 104.18.21.56:443 cdn.intergient.com tcp
US 8.8.8.8:53 config.playwire.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 px.moatads.com udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
GB 2.18.109.123:443 px.moatads.com tcp
US 104.18.11.207:443 config.playwire.com tcp
US 8.8.8.8:53 56.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 123.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 impression-inferences-edge-prod.playwire.com udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
FR 52.222.149.14:443 impression-inferences-edge-prod.playwire.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
FR 52.84.174.75:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
FR 18.155.129.39:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 75.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 39.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 216.58.204.74:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 18.245.199.156:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 156.199.245.18.in-addr.arpa udp
GB 88.221.135.25:443 www.bing.com tcp
US 8.8.8.8:53 25.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.34:443 th.bing.com tcp
GB 88.221.135.34:443 th.bing.com tcp
GB 88.221.135.11:443 th.bing.com tcp
GB 88.221.135.11:443 th.bing.com tcp
US 8.8.8.8:53 34.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.219:443 r.bing.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net tcp
GB 2.19.252.146:443 aefd.nelreports.net tcp
US 8.8.8.8:53 146.252.19.2.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 bonzibuddy.org udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 8.8.8.8:53 31.29.187.198.in-addr.arpa udp
US 198.187.29.31:80 bonzibuddy.org tcp
US 198.187.29.31:80 bonzibuddy.org tcp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 bonzibuddy.tk udp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:443 bonzibuddy.tk tcp
US 8.8.8.8:53 241.78.21.104.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
GB 88.221.135.33:443 www.bing.com tcp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.bonzi.com udp
US 54.177.51.234:80 www.bonzi.com tcp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 www.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 opensea.io udp
US 172.64.154.159:443 opensea.io tcp
US 8.8.8.8:53 242.121.57.13.in-addr.arpa udp
US 8.8.8.8:53 234.51.177.54.in-addr.arpa udp
US 8.8.8.8:53 159.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 13.57.121.242:80 www.bonzi.com tcp
US 172.64.154.159:443 opensea.io tcp
US 8.8.8.8:53 www.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 secure.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 secure.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 172.64.154.159:443 opensea.io tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.219:443 th.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 butterflies-u1y.en.softonic.com udp
US 151.101.1.91:443 butterflies-u1y.en.softonic.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 rv-assets.softonic.com udp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.193.91:443 rv-assets.softonic.com tcp
US 151.101.193.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 151.101.65.91:443 rv-assets.softonic.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.google.com udp
US 151.101.1.91:443 rv-assets.softonic.com tcp
US 151.101.1.91:443 rv-assets.softonic.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 150.171.27.10:443 bat.bing.com tcp
GB 172.217.16.228:443 www.google.com tcp
FR 18.245.175.74:443 sdk.privacy-center.org tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
US 13.107.246.64:443 www.clarity.ms tcp
US 151.101.65.91:443 rv-assets.softonic.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 216.58.201.110:443 syndicatedsearch.goog tcp
US 151.101.1.91:443 rv-assets.softonic.com udp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 74.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 142.250.187.219:443 storage.googleapis.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 ad-delivery.net udp
FR 52.84.174.6:443 config.aps.amazon-adsystem.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.privacy-center.org udp
FR 13.32.145.62:443 api.privacy-center.org tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 130.211.23.194:443 api.btloader.com udp
US 172.67.74.232:443 cdn.btmessage.com tcp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 219.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 8.8.8.8:53 62.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 notix.io udp
US 151.101.193.91:443 di-images.sftcdn.net udp
NL 139.45.197.253:443 notix.io tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 104.26.2.70:443 ad-delivery.net tcp
US 172.67.74.232:443 api.btmessage.com tcp
GB 216.58.201.110:443 syndicatedsearch.goog udp
US 8.8.8.8:53 8ac3056e6e9964a8cddfef540efaf4ee.safeframe.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.179.225:443 8ac3056e6e9964a8cddfef540efaf4ee.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
IE 52.19.233.54:443 ap.lijit.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 34.120.63.153:443 prebid.media.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 3.165.117.155:443 aax.amazon-adsystem.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
IE 34.249.50.233:443 ad.360yield.com tcp
US 104.18.29.101:443 cdn-ima.33across.com tcp
US 104.18.27.193:443 htlb.casalemedia.com tcp
GB 142.250.180.2:443 partner.googleadservices.com tcp
DE 148.251.44.145:443 shb.richaudience.com tcp
DE 148.251.44.145:443 shb.richaudience.com tcp
DE 148.251.44.145:443 shb.richaudience.com tcp
IE 54.170.33.189:443 id.crwdcntrl.net tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
FR 18.155.129.21:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.233.19.52.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 155.117.165.3.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 193.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 101.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 233.50.249.34.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.16.228:443 www.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ampcid.google.com udp
GB 142.250.179.227:443 www.google.co.uk tcp
GB 142.250.179.227:443 www.google.co.uk tcp
GB 142.250.179.227:443 www.google.co.uk tcp
US 8.8.8.8:53 lexicon.33across.com udp
GB 216.58.212.193:443 ep2.adtrafficquality.google tcp
US 35.244.193.51:443 lexicon.33across.com tcp
GB 142.250.179.238:443 ampcid.google.com tcp
GB 216.58.212.193:443 ep2.adtrafficquality.google udp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 145.44.251.148.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 189.33.170.54.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 21.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
DE 148.251.20.249:443 sync.richaudience.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 104.18.25.18:443 js-sec.indexww.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 249.20.251.148.in-addr.arpa udp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 18.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 107.22.211.243:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 player.aniview.com udp
GB 2.20.12.70:443 player.aniview.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
NL 89.149.192.196:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.141:443 secure.adnxs.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 172.240.45.96:443 sync.aniview.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 35.214.202.49:443 csync.loopme.me tcp
US 3.211.75.57:443 sync.srv.stackadapt.com tcp
US 204.62.12.209:443 sync-service.net tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 44.217.81.132:443 api-2-0.spot.im tcp
US 15.197.193.217:443 match.adsrvr.org tcp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
DE 18.184.206.66:443 match.sharethrough.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
IE 54.171.185.234:443 match.prod.bidr.io tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 id.rlcdn.com udp
IE 54.155.94.181:443 jadserve.postrelease.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 70.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 243.211.22.107.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 196.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 49.202.214.35.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 57.75.211.3.in-addr.arpa udp
US 8.8.8.8:53 132.81.217.44.in-addr.arpa udp
US 8.8.8.8:53 74.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 66.206.184.18.in-addr.arpa udp
US 8.8.8.8:53 234.185.171.54.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 98.82.157.137:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 ads.creative-serving.com udp
US 34.1.230.247:443 ads.creative-serving.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 34.1.230.247:443 ads.creative-serving.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 181.94.155.54.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 137.157.82.98.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 247.230.1.34.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
CH 157.240.17.15:443 connect.facebook.net tcp
US 8.8.8.8:53 15.17.240.157.in-addr.arpa udp
US 8.8.8.8:53 7a1f7c3bc03d3de46733b173c436cf4a.safeframe.googlesyndication.com udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
GB 142.250.179.227:443 www.google.co.uk udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 74.122.95.52.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
NL 139.45.197.253:443 notix.io tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 35.214.202.49:443 csync.loopme.me tcp
US 3.211.75.57:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.2.108.175:443 bc-sync.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 b-eu1.marketperf.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 3.126.174.216:443 b-eu1.marketperf.com tcp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 216.174.126.3.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 video.fastly.steamstatic.com udp
US 151.101.195.52:443 video.fastly.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 b-code.liadm.com udp
FR 13.32.145.54:443 b-code.liadm.com tcp
US 8.8.8.8:53 c4371c33766dbca05d0606899409237f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 54.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 54.84.6.104:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 8876029.fls.doubleclick.net udp
GB 216.58.201.102:443 8876029.fls.doubleclick.net tcp
US 8.8.8.8:53 12325200.fls.doubleclick.net udp
GB 216.58.201.102:443 12325200.fls.doubleclick.net udp
GB 216.58.201.102:443 12325200.fls.doubleclick.net udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 i.liadm.com udp
US 54.81.216.111:443 i.liadm.com tcp
US 8.8.8.8:53 js.adscale.de udp
US 8.8.8.8:53 wct.softonic.com udp
FR 18.245.175.24:443 js.adscale.de tcp
US 8.8.8.8:53 104.6.84.54.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 111.216.81.54.in-addr.arpa udp
US 104.26.3.63:443 wct.softonic.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 live.rezync.com udp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 mid.rkdms.com udp
FR 52.84.174.63:443 live.rezync.com tcp
NL 46.228.164.13:443 d.turn.com tcp
US 44.196.229.184:443 mid.rkdms.com tcp
IE 54.170.198.74:443 dpm.demdex.net tcp
US 70.42.32.159:443 b1sync.zemanta.com tcp
US 104.26.3.63:443 wct.softonic.com tcp
US 8.8.8.8:53 ih.adscale.de udp
US 8.8.8.8:53 prs.sftcdn.net udp
DE 18.198.78.89:443 ih.adscale.de tcp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 24.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 63.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 63.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 74.198.170.54.in-addr.arpa udp
US 8.8.8.8:53 184.229.196.44.in-addr.arpa udp
US 8.8.8.8:53 159.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 89.78.198.18.in-addr.arpa udp
US 8.8.8.8:53 p.rfihub.com udp
US 54.81.216.111:443 i.liadm.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 122.33.90.157.in-addr.arpa udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 uidsync.net udp
DE 157.90.33.121:443 uidsync.net tcp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 121.33.90.157.in-addr.arpa udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
NL 89.149.192.196:443 ssbsync-global.smartadserver.com tcp
NL 185.89.210.141:443 ib.adnxs.com tcp
IE 54.171.185.234:443 match.prod.bidr.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 35.214.202.49:443 csync.loopme.me tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 54.77.123.77:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 3.211.75.57:443 sync.srv.stackadapt.com tcp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 77.123.77.54.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 2.19.252.134:443 aefd.nelreports.net udp
GB 95.101.143.201:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 www.bonzi.com udp
US 54.177.51.234:80 www.bonzi.com tcp
US 8.8.8.8:53 secure.bonzi.com udp
US 54.177.51.234:80 www.bonzi.com tcp
US 54.177.51.234:80 www.bonzi.com tcp
US 8.8.8.8:53 butterfly-on-desktop.soft32.com udp
FR 18.245.199.105:443 butterfly-on-desktop.soft32.com tcp
FR 18.245.199.105:443 butterfly-on-desktop.soft32.com tcp
US 8.8.8.8:53 d3gx3uz4yj2hnq.cloudfront.net udp
FR 3.165.135.124:443 d3gx3uz4yj2hnq.cloudfront.net tcp
FR 3.165.135.124:443 d3gx3uz4yj2hnq.cloudfront.net tcp
US 8.8.8.8:53 105.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 d3fnqfpn2r2a3x.cloudfront.net udp
US 8.8.8.8:53 d22blwhp6neszm.cloudfront.net udp
FR 3.162.40.174:443 d3fnqfpn2r2a3x.cloudfront.net tcp
FR 3.162.40.174:443 d3fnqfpn2r2a3x.cloudfront.net tcp
FR 3.162.40.174:443 d3fnqfpn2r2a3x.cloudfront.net tcp
FR 3.162.40.174:443 d3fnqfpn2r2a3x.cloudfront.net tcp
FR 3.162.40.174:443 d3fnqfpn2r2a3x.cloudfront.net tcp
FR 3.162.40.174:443 d3fnqfpn2r2a3x.cloudfront.net tcp
US 8.8.8.8:53 www.googletagservices.com udp
FR 3.164.160.29:443 d22blwhp6neszm.cloudfront.net tcp
GB 172.217.16.226:443 www.googletagservices.com tcp
US 8.8.8.8:53 soft32.disqus.com udp
US 199.232.192.134:443 soft32.disqus.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 disqus.com udp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
FR 13.32.145.97:443 c.disquscdn.com tcp
US 151.101.0.134:443 disqus.com tcp
US 8.8.8.8:53 tempest.services.disqus.com udp
US 199.232.192.64:443 tempest.services.disqus.com tcp
US 199.232.192.64:443 tempest.services.disqus.com tcp
US 8.8.8.8:53 referrer.disqus.com udp
US 199.232.192.134:443 referrer.disqus.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
FR 13.32.145.97:443 c.disquscdn.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 146.75.92.157:443 platform.twitter.com tcp
US 8.8.8.8:53 124.135.165.3.in-addr.arpa udp
US 8.8.8.8:53 174.40.162.3.in-addr.arpa udp
US 8.8.8.8:53 29.160.164.3.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 97.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 134.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 64.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 www.facebook.net udp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 151.101.65.44:443 cdn.taboola.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.92.75.146.in-addr.arpa udp
US 8.8.8.8:53 44.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
US 8.8.8.8:53 drugnom0x8w61.cloudfront.net udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
FR 52.222.153.90:443 drugnom0x8w61.cloudfront.net tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.241.14:443 bam.nr-data.net tcp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 90.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 14.241.247.162.in-addr.arpa udp
US 8.8.8.8:53 59a507ac065ada3f31babdef362e05be.safeframe.googlesyndication.com udp
US 8.8.8.8:53 beacon.taboola.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 trc-events.taboola.com udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 js.centerbodyapps.com udp
US 8.8.8.8:53 89882a9bba8f1a4dbfe374a98c426778.safeframe.googlesyndication.com udp
US 72.52.179.174:443 js.centerbodyapps.com tcp
US 8.8.8.8:53 www.facebook.net udp
US 8.8.8.8:53 174.179.52.72.in-addr.arpa udp
US 8.8.8.8:53 d39gqu6btbxc9z.cloudfront.net udp
FR 13.224.58.73:443 d39gqu6btbxc9z.cloudfront.net tcp
FR 13.224.58.73:443 d39gqu6btbxc9z.cloudfront.net tcp
US 8.8.8.8:53 d3jj3bqika1l3e.cloudfront.net udp
FR 13.32.158.56:443 d3jj3bqika1l3e.cloudfront.net tcp
US 8.8.8.8:53 73.58.224.13.in-addr.arpa udp
US 8.8.8.8:53 s3.us-east-2.amazonaws.com udp
US 52.219.108.33:443 s3.us-east-2.amazonaws.com tcp
US 8.8.8.8:53 56.158.32.13.in-addr.arpa udp
US 8.8.8.8:53 javascriptapiusa.com udp
US 172.67.143.98:443 javascriptapiusa.com tcp
US 52.219.108.33:443 s3.us-east-2.amazonaws.com tcp
US 8.8.8.8:53 33.108.219.52.in-addr.arpa udp
US 8.8.8.8:53 98.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 yourrocksoft.com udp
US 104.18.21.54:443 yourrocksoft.com tcp
US 104.18.21.54:443 yourrocksoft.com tcp
US 8.8.8.8:53 54.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 softwaregamesdownload.com udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 186.70.67.172.in-addr.arpa udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
IE 54.216.221.140:443 ad.360yield.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 140.221.216.54.in-addr.arpa udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 8.8.8.8:53 s.richaudience.com udp
DE 178.63.241.79:443 s.richaudience.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 8.8.8.8:53 79.241.63.178.in-addr.arpa udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 d3fnqfpn2r2a3x.cloudfront.net udp
FR 3.162.40.208:443 d3fnqfpn2r2a3x.cloudfront.net tcp
US 8.8.8.8:53 repo.harica.gr udp
GR 155.207.94.27:80 repo.harica.gr tcp
US 8.8.8.8:53 208.40.162.3.in-addr.arpa udp
US 8.8.8.8:53 5.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
US 8.8.8.8:53 27.94.207.155.in-addr.arpa udp
US 8.8.8.8:53 crl.harica.gr udp
GR 155.207.94.23:80 crl.harica.gr tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 8.8.8.8:53 23.94.207.155.in-addr.arpa udp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 104.18.21.54:443 yourrocksoft.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 104.18.21.54:443 yourrocksoft.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 172.67.70.186:443 softwaregamesdownload.com tcp
US 104.18.21.54:443 yourrocksoft.com tcp
US 104.18.21.54:443 yourrocksoft.com tcp
US 104.18.21.54:443 yourrocksoft.com tcp
US 104.18.21.54:443 yourrocksoft.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.177.51.234:80 www.bonzi.com tcp
US 172.64.154.159:443 opensea.io tcp
US 8.8.8.8:53 www.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 buddy.bonzi.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
GB 88.221.135.25:443 www.bing.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.177.51.234:80 www.bonzi.com tcp
US 54.177.51.234:80 www.bonzi.com tcp
US 172.64.154.159:443 opensea.io tcp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 54.177.51.234:80 www.bonzi.com tcp
US 54.177.51.234:80 www.bonzi.com tcp
US 54.177.51.234:80 www.bonzi.com tcp
US 54.177.51.234:80 www.bonzi.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 butterfly-on-desktop.software.informer.com udp
US 104.22.16.194:443 butterfly-on-desktop.software.informer.com tcp
US 104.22.16.194:443 butterfly-on-desktop.software.informer.com tcp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 hits.informer.com udp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 software.informer.com udp
US 8.8.8.8:53 i.informer.com udp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 104.22.16.194:443 i.informer.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 104.22.17.194:443 i.informer.com tcp
US 104.22.17.194:443 i.informer.com tcp
US 104.22.17.194:443 i.informer.com tcp
US 104.22.17.194:443 i.informer.com tcp
US 104.22.17.194:443 i.informer.com tcp
US 104.22.16.194:443 i.informer.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 194.16.22.104.in-addr.arpa udp
US 8.8.8.8:53 194.17.22.104.in-addr.arpa udp
US 8.8.8.8:53 70.179.117.74.in-addr.arpa udp
US 8.8.8.8:53 109.159.155.204.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
GB 216.58.212.193:443 ep2.adtrafficquality.google udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 204.155.159.109:443 hits.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 p4-emxhpjdsvaums-dtgkbq3mhkuh5pw2-if-v6exp3-v4.metric.gstatic.com udp
GB 142.250.187.227:443 p4-emxhpjdsvaums-dtgkbq3mhkuh5pw2-if-v6exp3-v4.metric.gstatic.com tcp
GB 142.250.187.227:443 p4-emxhpjdsvaums-dtgkbq3mhkuh5pw2-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 104.22.16.194:443 i.informer.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
GB 172.217.16.226:443 www.googletagservices.com udp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 f416626d19271510c6f01dec95925c91.safeframe.googlesyndication.com udp
US 54.177.51.234:80 www.bonzi.com tcp
US 172.64.154.159:443 opensea.io tcp
US 8.8.8.8:53 download.informer.com udp
US 89.187.179.101:443 download.informer.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 freedownloadmanager.org udp
US 74.117.181.203:80 freedownloadmanager.org tcp
US 8.8.8.8:53 www.freedownloadmanager.org udp
US 74.117.181.203:443 www.freedownloadmanager.org tcp
US 8.8.8.8:53 101.179.187.89.in-addr.arpa udp
US 8.8.8.8:53 203.181.117.74.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 freedesktopsoft.com udp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
US 8.8.8.8:53 95.117.46.78.in-addr.arpa udp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 connect.facebook.net udp
CH 157.240.17.15:443 connect.facebook.net tcp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 172.217.16.227:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.facebook.com udp
CH 157.240.17.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 35.17.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.33:443 th.bing.com tcp
GB 88.221.135.33:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 54.177.51.234:80 www.bonzi.com tcp
US 172.64.154.159:443 opensea.io tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 www.bonzi.com udp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 13.57.121.242:80 www.bonzi.com tcp
US 13.57.121.242:80 www.bonzi.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_1604_WHFGWMKERPKEVCTX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ed5cdc5018f67dab1aef54058b79897
SHA1 4fbe9781294f845e5ba93978afa27acb0b7e7e91
SHA256 4a0b1ce1e4ea329d6e0acab1fc36530b248f007d77bf4af6b69abae53f677cba
SHA512 2812af15a49abed2de24b504fa39b3061d2d322fafacd1e2a1f18e7882c9aab9dd62a017cdffbd1c0e8af7b169961684b4d07e1afb13577d9ddd86f6eaaf7511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4701c0d72113317010f9c6aa92763cc9
SHA1 57b78da6d40ed28e02c5e10645c83a6c9988bf9d
SHA256 95cf23c69dfc20f6d3a851b3efd32fd5a3472b9c634163d1a45c4bb596f5199b
SHA512 3ab0377cd0ca9cc293169d151ea35af236becc4963fc59ff54045677897f272e56cca84ad3cb3c75e9e8da1bc46dac94146af07e4f335e425057430e85592812

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c86f935ae2e07ba654b9658a64031fba
SHA1 70f587300145e726ca8c6dd9d84db469e7f4bf95
SHA256 7bdeda40fa54d401af3865314d913d96f2b9299d23a23543e17cf7c00f866861
SHA512 9e11d6357215c9e769727e263b6e720bb7f72014d7f5b67cb68ff5e61964242f68dc18ea0e3174f3e933d1caf8ca53defb36005926469b026a2c991ceccc8b3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cbc76ee51157cb3c7b0ce58615d169c9
SHA1 7fa3d2b275b5bec9f35f9154a26d33be7c77c5cc
SHA256 3267aab205879d87f18af317d6e52cb5ae5089e52fb4825ea8ced054b2c743be
SHA512 257db956af799ffdc11881e4e3a5be14a562bd321c89738592ca3a6b1e4fef5be83f18ba6733aae1b7bde17abf8afd55fb281c4ae35c7d747dbeda8e0772f531

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4706cb096443572a80f1d6da54bd3b21
SHA1 96df3d45fa8288e266412cd5bd3fff589cbbc3b2
SHA256 d70e3ad4274be84e53c6442a806f51a70feb1c5cc9947ef2b7b87b9a4e619abb
SHA512 e1251aa918af4ef581a93f556c3751a89e81c9a68b56b5b3cce683e1334cbdfb59991a8b3cc6464227df6c8de3acbfcf9c33ddf42b684690793efa58cd70a875

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f695.TMP

MD5 a8b3b0669661f1d61c37154e73326a16
SHA1 3682c8e180296ce938c3f6f10a41d5c062f4cabf
SHA256 5af9e8e76bf15fdd086836e4798ab21bd930863e9d530b07427049164f923f32
SHA512 f4a22db519215e563d9e1de12ae48acc3e26c25ae5213c6e7991376fce398420005a974330d8228d2b6fc372e875f5c266c87d814937096c50661b51b59ea248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e8c6065a808c8b9b55c929fdb135824c
SHA1 4ecb6c979660baa4cb7aac8fdaccaa0b1ab8c395
SHA256 0ea770d12626c018c36031b6420f746aebb2ec31b03b3705131a3da90f2a9f2b
SHA512 b7ddc1bf5b01d4e13ec152a8acf4a067581f11f9e7cccf2b1bbe40bebfc7deef5fc4642b53bfe42df0301d4f8f36ee57b7a7829d4d34b6d3a6fc9bd0c7e528a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc9d63c26a86ecee6a6d35e3c687d567
SHA1 0f2d34f9e22b1f9daf358a1a36dadb3501ee707a
SHA256 eed91aa8d5311f1a0e77e16bf54595d41310e4dd56b7dd085515accd4ba66f6d
SHA512 07ef74d09ffdad03db6f67881753090d869cbcbaf15eabda409e5dae8c1261181457b67b490aed3b8c1291b82c28eddee6b495ef0ef914c010738aa663782c25

C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

MD5 3ad6374a3558149d09d74e6af72344e3
SHA1 e7be9f22578027fc0b6ddb94c09b245ee8ce1620
SHA256 86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff
SHA512 21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1edfaaa204a7e5bf4dd07894ace760d7
SHA1 061be6ba350a033ff48349c5b5d4d5eaead86461
SHA256 d3e7c41eb149c9faa333d595b826a774d35c60a31dd590184e9cd9846d0b163e
SHA512 9032468b01cc3a23b63785bf9fa30d460ec47b4ea0ea717c81b48857c76fee9608fcd60f247c182b22a7e7301b2cf170483f0fb6825a3547302bb7a706c21feb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a9bd7fa8a024541e88c6a40eff8aca7
SHA1 cad445eaac109e38c73172548c90cd65da64e53c
SHA256 1cc0585577e3cca133245193b5ee9441d816187764863565d365920b21da4260
SHA512 5aa334ca8f45eb42c3a3a3b7947f6ca23b45d1efc233aaaf3beccec996eea7ca422592940f437de5b530d19461258f657eeeddf5ca605daa9d0ab9bd4912e8c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e26315b4fc266f638de1015bb3248e61
SHA1 11f519032e26c2e624c8856cf258fd4557d25d35
SHA256 4311410af2e86007072fa5b5ec20cd24c23ccee66da36b50280a3a99763a9889
SHA512 861b3f66694d076a4d3dc600c8bbb70b77f4f74ea124c862d1ef8410729ba39608ecd911df154b3198520812b26376e0596cd6eaa79da37a81a4935f5cb1141c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d8612d32fb4e41909c09eab0d7ae320
SHA1 3101101291bc360afd5fe845b803d3007f930b97
SHA256 bdc7b895be421196caecc75fcc829b11ca20be89757076919708141715f6a0fe
SHA512 a75d72359ec6dc6ae4c4ea3629b5efa2623d26ca689579b23df8be8aff54d9a5a876166300b4ae0a730ddee58915bf752b2e2d89dda87db7a68a3a8dc9910c6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 38b27dc598168868a3d88450dfae4334
SHA1 5839a61d7678fd358739ef9815d99f3aeccf3e68
SHA256 75ac59124f5d59a6b4d0659c2e1cc32492baeff57d263a487cf460501b2b001e
SHA512 688ecf91b2031451e1b3c8dd4d2d43775237f0a99d18bb517294c6b909116b2abee23351e6cbe6b65f8c8fdf8d67068f104be996baaeef9adc2dfc6aaedd517d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bee3747bec8e292cae5187c5a1122473
SHA1 649829f470303b4ce8b5692e3acf009d02169407
SHA256 236a609353ce16f47346d28bc73c02469f8d5e87402eef0f2de54eb09cdaf470
SHA512 885591bf89b7e36c00fb2099f09da3633cb8f9f60471824a7d8ffe573df02b1eec9af54c6007a050a4d51c22232db281ce026f0dd2f6cb284ec5897832ff8404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7d1884ece4e81adb890c4aaf5f205159
SHA1 dc0e51c6f6cb2dc29072d77895082d9acd95632f
SHA256 14a33acd739d61eb38843c7e99471097f044b867efb0f1c7d4b10d26f108d318
SHA512 735c702d866ce09904156b15a68e73736ed0f9ad24a217a8ef4d6265d1c9b1f5a2da33eb0bf306309f8dcb866eb24a5942fb28e5857bd7be1c1978f4e5ac0a0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8bc6dbbbbec4b203be6afceadfd7dfc
SHA1 d4554ca1d0d1c365e47a92d041ff3072db14a6c3
SHA256 af93dbfbe61d38d88d6b75f6e59f4f4cb6d802af18a80204164368f7a352ebcf
SHA512 12f8da9e5905122b1b4e0b4ac383fdd905043f01a4c7b812f25c550d04a4bbd637ec5efdb7a7c1c8911938e3a4a466d292840696b18121750b675ce80bdf75a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 0226f8de1e27a4ea1675c906aa32e72e
SHA1 6be3cda5fb935d130908ab0ba80bb926f38c75e7
SHA256 fc1a6e9a3ea7894abb8c67345924fe74bae481b0e351ce3eedd0cdbd0d9d8459
SHA512 5a9f280e79ff805409d50c4de5f03fb827d72d692ba6e3250943af55c43beb58af65598d5e5c7d2fb583ff0e1fa5795103559bfd7aad284fe12060626d7b72c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ab793fc1af7d72349de4ccbe3d0d0d8
SHA1 26c12c7950e17162ae1ff727786ee0a227e2034a
SHA256 8b298e15e55a44cd4b6018b1092d5a86b6026da93183c3902f443b20ccba6d34
SHA512 ba6f9138434951b75779967fc422e3ff318cd05f004835dd839b6e38156d124c6edb3477879bb1900c80a8f430af4c58004a5cdd3006bd9883ab29d1c00fc2d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45e84ac1bb67575c4d02fadbcf14c30b
SHA1 cc62a628918c5ed6277d35efef108ffc761dc771
SHA256 ca4b48f291ff9dc2e9e659a6b7b063729bb277040c2e4828746e5e33d830681b
SHA512 3bc5f14d749112b9bb9e9c52826bfb8a46dd5f69d13e3888207e3f8b3e07bb8b7dfecfd827e609dfbe8ffc92e572bdbd1bd54374d3e3ef6fc79f7ee1317e080f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 4e786ef6de6d058a7ee21d714b5878f8
SHA1 a25cf3a4ef2c4208064a295fc00bf84be1557e8d
SHA256 fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57
SHA512 79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 551ec1ab5799476429ed57184a6e0502
SHA1 7bcf188080787adcbcf62dcdad2ffa9ad38e1301
SHA256 a26c3b6f6f77a35a297032c0ab11fa2be0a3e3d0091d7d2cf275fd40c84a43c1
SHA512 c9f59fa7160d68e2eb1cc8453a770423af23c2ea93a779aca1180111705096760aee976db84155973402731b113e7e4266772d32d1efd3fdd674d2ea0e5bf058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 2e23d6e099f830cf0b14356b3c3443ce
SHA1 027db4ff48118566db039d6b5f574a8ac73002bc
SHA256 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 bc85c721d2cbb8d85e396e8a48ff1559
SHA1 2bd69bd75fc9217178e67ae829fcb4fd87eac411
SHA256 7da0f63bd5f7d984babd0cbc20fda7ea38a66115f7e91702bc66e29845824f52
SHA512 44e29b0be6be23a569587bad6a00f277f769d4894029e037e1da59d8a0a49473dbc0724145ed7c20480207c21fda8a84653fd1cfcaf8e2298783f006c0e99824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 37573ba0592fdbf40d4d9ed3b5fff664
SHA1 f16fcd431a0183c37a39824f2bef24ee4c0dd886
SHA256 cf11c85cd2e2ca3ff70c19dcc2b8ffea68ef263577ca3d3206741afcc88ec7bd
SHA512 340ba9f194bc8ab2c87152716603676bf3c4c36f6a508ee83c8d6dbfc70b22c8b9e5fe4882c0418cffd3f7c4b383eeaf5d11eaf42c5d11f88dc452c48d6c4afe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 5a269260e64e2029ed9ab284a5c58114
SHA1 5b72db446cbbfd581f4f7199ecc6e679036e19c9
SHA256 a360f70003fc7abf1ade82c6a6fae8847d80b0a9482940815fa24d869434c858
SHA512 f1f8fc0776bd5f44c3cb8f95b5f710fb50cb98a0a7d234571d54b18ef8c9f7c3f12ca248096925067edec1330e159e56c135c9e7a4eaaf5a2235f3f15df1a22c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 d34875fe1c47517f4081a1e2c5bc91f9
SHA1 204fed3cda5eea26388e139dd1600682e7665cf6
SHA256 aff6fc26fb0c69a279bdf9b32b4d2560cd47039470cca8248534daf8d0876186
SHA512 aa164260951708910e1cc3d83c17f2d176427dcbe53e1e13cb539d65317a1750bd1e482850049e9c126aa5e70fbdd72db13d50367b90c8b8b37f01a264ecb148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 9a861a6a772b86aaa2cc92e55adf3912
SHA1 85156e7eaf0d3bff66bd6119093610e8d9e8e5d2
SHA256 6e7cc83f3b23d5f48bafdd934321de60485eb8d9ced04c6299e07dc6bcbc0d1b
SHA512 b0a051e2e703227a55674fe235a97643ab1478af2384a5a974605cdd0e4ed79916d65e2adf61d19f59779da920699e74ac72cce05ec078f22f9b6678c5022a26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 76d82c7d8c864c474936304e74ce3f4c
SHA1 8447bf273d15b973b48937326a90c60baa2903bf
SHA256 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512 a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 1806db26c5d614e263c1cefdbb1211b1
SHA1 412443dfdf346d3dc2d68e30cf717b402443f939
SHA256 5c191b166a2ad5f70572dea7fd656306623e3274a544d8e084a3c5f28b9acfa2
SHA512 43ffd45fafc2063328297193a992dea6e8d389943b3d39fb393e74d8bc64ffd50017be0978cc9b1c1e1242b88486e36d5b33840008e2482098c79814de4ab2fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 cfff8fc00d16fc868cf319409948c243
SHA1 b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA256 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA512 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 46c65c348f90aa174bfc5f9dbacbc3a1
SHA1 f3f1cb408e89e48b14532730632dba27858d2676
SHA256 0b36587fac66193c3e84fc32c4edfecf3b9a8717aafea51178f5480239bfa008
SHA512 e18be3c74e039ff4297313b12abae8719e26eb852724a46f119121d008a7165e249bc17d17b3275a108e6de14b1bc443a7827589bc4fd46d616de699b8294ada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8524baa64b0763c80dd689bbb89538ef
SHA1 94fe2718262c5f02abc8919955526960736de0e8
SHA256 92df193dd808cdb4eb0009c45bfd18b098fbcd4f36595c3dcaefca2b9deab827
SHA512 f765e004347edcf312a6b4c6d02b69a765f3c4f1ee393bf0c7d122d082ec8d34329fb40ad2255f3589448b9d0e5928346b24e8e83d7c33beb4e36f0f2e06d8c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4a69c7459e7994e9861b416ba4e7ceb
SHA1 7eb23492179769db9796406a8f3df721eeb0540e
SHA256 0b32f8a623086887c21acf812359b2d62fa6154f16610e56368aab3617081c07
SHA512 a9db23c7802b4d8cd657e487caccffdede3b36ed83872f66f1a6c372cd88047f5c8868c833e1400d8203144ee82c12e8dd600839db484dd54d2b87e0e6fd93e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 607c75afb8b60ab2a5c805d5e6a6f50a
SHA1 2ada596df3da6f2fa1dd7ea99931f13690584186
SHA256 95fbd2164421989667d3ae873a2f8170a1171fb97432dc282fa4d70a0f7c8bb0
SHA512 f34cb982e91ed7427c8e596fb571d5852ce9aefd7f7a7ea2791c115bd628de323f3b5973472dd7e849a754446f7953e3f3cca61bd5b8c9ee4e190a777ed55aae

C:\Users\Admin\Downloads\cryptowall.zip

MD5 8710ea46c2db18965a3f13c5fb7c5be8
SHA1 24978c79b5b4b3796adceffe06a3a39b33dda41d
SHA256 60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e
SHA512 c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 57146d1939dec80428748ad553fd078b
SHA1 3cb41b7302ae152de708e8d48215f8913d60f9d4
SHA256 403fab4da530e40e201169bc8ed0f177c1f4af8fe133fadb9c6373aed1d81d24
SHA512 35ef1c71bd288d15f56741f4d90159fc173edbdc8290a5e4a579aad8c890ba8df28ea0ed234c858050957b89831b673ee6df043663174e753558f7de955449bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a35995d05d1417b62726f73428a6dbc6
SHA1 ec272a5117d0e7979e178f63685f56d943d66463
SHA256 5b09a2d48b733e2fad16cc190b7c2457350c9f8ca387f5851583918da32d68d1
SHA512 c421147e6679c44bbee752e316bdebdb7c3c7754d4cab46dea32aa322f8c5cfdfde6c8b81c28a74d360b9a915f2394ce079f2a860e6344c21d420ce8ad5f37c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ddc316ca3795013f77d83856f2ecbde6
SHA1 eb817635ef703d32b84cb8fedee42bb2d1b21bc2
SHA256 de4a936f65cdfe07b8bf391a6b53e8d10092c903b522f2a7da1eeb7f619032df
SHA512 1b0602fdb25c225cb2857edea21e4ba3d56c51287ec2d979f69919236bf7cd79776e0667ea66c28387a693049b63899fe1a644b809ed6bd5e5c07c7015fa4323

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7db612633ce3eeaae18c03464ddda495
SHA1 c78ea3c1ed8fc8e242fc551762ec5d8ebffe9b2d
SHA256 2e105b9b8458b51422dded0602d02493ec5db897b8ece1dd6a0c7180d3404312
SHA512 8c51a4a0245d24f30347096ee2a9fb5e7b4964b7e8b38ee5a3470b8ba2b52ef1953e59d7659c02af403bfa58179e6b23ec1ffb5b86b27a52e98ddcbc2c5e7c3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 189d8030044defd0fac9358287d4d432
SHA1 52654f1ce060a5fc3e24b85ad5aa49bb595e1817
SHA256 8c243e00654bbcc8927630d8502bbc1903f6dd2edd0acb69fa8d4570aab69f6b
SHA512 fcc2b9d7a2da9741f2c850f43c2e4e66197c2ebd2139a6676db70e43db313a111da1ce9565ba881ce36df1366f62c5c12cb566b46cc20ca6581fd6173372ed07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ed12a11d5a6a7a7cb10dbfef974f2e9
SHA1 db414305e59650e2db000350338ac635edc716d2
SHA256 69774a6b98a707b8af5e152ab2a47b23d4d93fa88ba3bda16d6c0bd262aa307b
SHA512 13b467ec28ae02f3a6330f6b5ac41a256ab0ad61a661619b4c265dd34c09c0bc525f0df5578a843c3045959a6b97adbc8fc026803cf870cf0cec26796b9b3268

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 2227a244ca78dc817e80e78e42e231d7
SHA1 56caeba318e983c74838795fb3c4d9ac0fb4b336
SHA256 e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24
SHA512 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 aa9d4b0371cd9ae330d7b131493f54c5
SHA1 e83c2b6b6f023a6e00d18f0c9ed6b8ae9bab1459
SHA256 1ffe9b8b344a25a19f33e5900aadb00e53b8bf1a22210ab66c7b50bbcbea45a1
SHA512 337e27650c4b534683c8589dc4787eb9bcfecae020bcb1a507a1530b1fd7562ba8d185157e8af23b06e80cc70136f51bbc0fc0ac63e581e34e410c6d08d398e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57fd36f7a8616221071efc002962ce95
SHA1 91a2a8972b3eb1e6f1b300fa3f142121373773d1
SHA256 7287f93786e02abe5f9c0d40b2cd376c242b59fca5bb42e7a7aeeaf38bb85a29
SHA512 a16bc3c59fa7432404796cb46771cc3648396e5c5ecf3d52ec3e00bdf70ba0dd0cf38532f0e57ef58f58c323737829f7c75a7c286dd69269dba4ccd55e7f7a99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0

MD5 7c780c7d7fb470c60ba90ee1f47c0b93
SHA1 3a49665b9ebc34003cc1027ef2d4e5b9a1085e41
SHA256 770b81e9062cc1ffde14b98b1b813ed252a3bca8c135b63c3492e031b5e2ba51
SHA512 e7450d1e89136c086d754779aeb1710dd0ad9e1c2427bdf0cc6b025b999b96e5d4ae60624946806d104970b665b991e750e13e96e5bc1a463f95e5c974ba8e6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c17733a7298ea58f7ddb29494fdc870b
SHA1 87175127d21a1d60ee7ab90c655c81815b4d9558
SHA256 7da0a64138403c9d5d36eeeaddc1277455a1f3d1c81b9e2ad3bf071eef3482fa
SHA512 4858ad84e9b6280b595864801e26fe34ea85a57fd5b231cc493fe60b7a471b95009a13ec91bf65b5c7809596217d49c7447646d48af98612833f4fecd9c27ec6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acb466dcef1269bebcb39051877c18ad
SHA1 ed04727fae573f89589e7ab7c38080566ce4d482
SHA256 92a1956cc6c760316db65aab3c5ca606db062317e0d75647fcf96ace1b73c922
SHA512 e67c9ca3322d117943aec1f33fcad6e87186c177aa1cff41d4b8c51a2c3afc511c4140527edd5b979cc5add023a4c7cf3896ac5ca671b9dc0f2e7586f556716a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 76fd0c4de10b3ee711eafbad5fccedd4
SHA1 28ec64504a04936db71d50737dbd60a12309aa6f
SHA256 8751bcaf540a459fc4fa880fcee8ac8cb08920050fb96edfc3b8d097f3a1d159
SHA512 6d71d963c26c7e32f7181d0329cf38710924dd6f1d652ad078c55b1b7b98e52e12201e91530a99c816cd2a42c9193c0a100a68cf885c6506fd3281c4eb0b6e3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3c5e70a47149c32c4d7280f281e4041
SHA1 950c7dc20b5df9dfe24ba75fd3bdf7cff723c226
SHA256 5b986d8da42085e03508679912a784bca113dce1e910653bba74c8f52c99f5c3
SHA512 ddf1938997521afd44be7d6a2d193370b0e84306b7e8fef6a80ff56991666844b48396c98ce40924f19558af486bdb60984a15a9ec865fd7b8d9e290dae30765

C:\Users\Admin\Downloads\Unconfirmed 619475.crdownload

MD5 ed4073b09d6634743b40c8e5dac7535f
SHA1 8dbb52b792c3e747a501f4ef323f189ab4abc030
SHA256 039a88fdeefddf5b4a4e74f474facfa1edb07886aab3772f234809e8d214ec51
SHA512 4cdafd2ebd902025ab78135cf5bddd6bead94dad6c588b25cc6130868c24f6a84b872547763ee0176ddcf9c11246218bb3c79964e1fbb616a3d079426f1c8c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 32e84a0ba35f9e670079142c8d4c5b81
SHA1 0d0cba2f1e4c77e11ecbb73f75ea088f82dceedc
SHA256 7728565eb68cae62f20bc0e3ef0715332ad3231ccccdee83bb7b479736375c91
SHA512 fed4828193bcfae22754f40b0aac1e04569aca33767c781b64ed03d4198c467e50ce6adf36bacff3b9d5244deb85bb0bf0b2b081a865c353ef2b22f2b06cec99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c5fbf8a271daa8d4529c6185c23474ac
SHA1 a22831df8f31f5d43bd15e62d0f5885295947a7b
SHA256 6ea56dd32f384eaf6e71a7bc1659f8db8ba2287318205b65648de0a7f451faa1
SHA512 bf00cd9ffb7c743595a8c453f318feb7e308a50194dcde7602e69f9b5aa70acaf1248a20d67f40519bb575120f7b7784c641b87d33ec4c78bfa3a0a1d8689bb8

memory/2560-1634-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 8e15b605349e149d4385675afff04ebf
SHA1 f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b
SHA256 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee
SHA512 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 596cb5d019dec2c57cda897287895614
SHA1 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa
SHA256 e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff
SHA512 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

memory/2560-1822-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 7c8328586cdff4481b7f3d14659150ae
SHA1 b55ffa83c7d4323a08ea5fabf5e1c93666fead5c
SHA256 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc
SHA512 aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 4f398982d0c53a7b4d12ae83d5955cce
SHA1 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc
SHA256 fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2
SHA512 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Windows\msagent\chars\Peedy.acs

MD5 49654a47fadfd39414ddc654da7e3879
SHA1 9248c10cef8b54a1d8665dfc6067253b507b73ad
SHA256 b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5
SHA512 fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 94e0d650dcf3be9ab9ea5f8554bdcb9d
SHA1 21e38207f5dee33152e3a61e64b88d3c5066bf49
SHA256 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e
SHA512 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 b3b7f6b0fb38fc4aa08f0559e42305a2
SHA1 a66542f84ece3b2481c43cd4c08484dc32688eaf
SHA256 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b
SHA512 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 8a30bd00d45a659e6e393915e5aef701
SHA1 b00c31de44328dd71a70f0c8e123b56934edc755
SHA256 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512 daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 73feeab1c303db39cbe35672ae049911
SHA1 c14ce70e1b3530811a8c363d246eb43fc77b656c
SHA256 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8
SHA512 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 93f3ed21ad49fd54f249d0d536981a88
SHA1 ffca7f3846e538be9c6da1e871724dd935755542
SHA256 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc
SHA512 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 578bebe744818e3a66c506610b99d6c3
SHA1 af2bc75a6037a4581979d89431bd3f7c0f0f1b1f
SHA256 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71
SHA512 d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 12c2755d14b2e51a4bb5cbdfc22ecb11
SHA1 33f0f5962dbe0e518fe101fa985158d760f01df1
SHA256 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf
SHA512 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

MD5 c3b0a56e48bad8763e93653902fc7ccb
SHA1 d7048dcf310a293eae23932d4e865c44f6817a45
SHA256 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb
SHA512 ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 97ffaf46f04982c4bdb8464397ba2a23
SHA1 f32e89d9651fd6e3af4844fd7616a7f263dc5510
SHA256 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1
SHA512 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

memory/2560-2515-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

memory/2560-2683-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 add641e4c47859b91211a9787726747b
SHA1 f5df687e924731bf007d15eb81803c258307a955
SHA256 ecdba8a3d6729d8fc96c4cc03960eb8e38ce6451ab086258c2a1939bad93eccf
SHA512 03c0367738b96462dd13de7d03f14f1d5cc7459d861551ff71abe42fd866018da6a5a7b6171546da6734b83b29646d1c4b2d686580e9919c386e21065bb697cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f611ebb9df6776afef388564e1bc44c
SHA1 bb8c6f518a26138d85ee7f6b4a9102dc5457609a
SHA256 b240cd90b500013cfe7b8e098c03aac97e9bc59ee487356be916dc8e63ed0c17
SHA512 b2978756f787bcce933149dd3af94c04bc6d941d6c2d5dd5d907019f060db00cfa23996d0089203273424aa383fd09cf8b9b4bbf4228e03b5f927be6fe8a1842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 589a21c9e05840e7f0303681137afb5a
SHA1 bdb0cbda741e46dec4599aef05cdbfba4c93b6de
SHA256 4b4e608384161f0187989501cbcdce9707bea76d77a129adec005e45f741e29b
SHA512 46baaaa69713a1d4aff4d760b51b9ad85cab978605fcb312e476432f0400c6ab267d3428f5ecb75c3fc82df67f5faa04f2095406f5510f6ed9361f536d929852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3bb7abf45b20325914d9b65ef26710c3
SHA1 aafbd5f264265c38a4ce16cbf8829ac105908fbc
SHA256 a8e82bddf05cd950c4c77d88611df68052155c6535214d6d6835488f8fad1d94
SHA512 187ae7444bd995c1bbb10f20fb1e53265df09b93789a64d557d6c2375792fec7b35f296e7f4039253191466534b0777962bb3dbe3543d3e961b5509256b865a1

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8796ae9e056a1790974314161ee9510c
SHA1 83e8a642a8f6cf5e57f9dd75cfba850a2bd9139f
SHA256 e77c6c041edc0880c336a445664f6a6a23f97bfd31dbbb7f0b8e35d94ece7d8c
SHA512 664ed2e35c958c3cc43c15a82be312226979b3a740e702af5087e192192cb7b3ac9b8951329f964c5c174302a6c39ec207d02cee1cd3055d0a626473abca77e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55520d7f176e5762f0cb6dbd878a60e1
SHA1 e8c3d7645e126ec5c76b5d0035cb525c46178dd6
SHA256 6caced587b61045dad5dfc295e04b6098d609735b51ea3b436fe1dc8a270881d
SHA512 f664ec08a22abf9e4b4bfa64d01d6975ba699689f23937460dc481155c40c4b0528b7eff77911e850c11e672d07dc2b06e1ce69360e5d71e149d5515788e9003

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 4de674e08ea9abd1273dde18b1197621
SHA1 7592a51cf654f0438f8947b5a2362c7053689fd8
SHA256 56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63
SHA512 976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4ec0155aa1393a611de175a53aa31bc7
SHA1 9d943790482f5cf2d2c6d14574198b880cbfe312
SHA256 6a1ac274f6b58e1a8498201238d9109103adcef7d5d2d05ea817444d74c73f20
SHA512 e4f89e31e0a2027920d20b7f9500a3c99b3b920600f7ab6948fdd5f7c2fddf0ba7ef1a190b49e2e80eb0f013afc7ee2d2f120f65d3606aa538de444098b369ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a267665648440b9_0

MD5 e11980edc1f6e32aee879b57ae6d893d
SHA1 53c6b3b7fddbf81cf9f7106c3aa7f313fe2aa948
SHA256 0bc57e95f6bc8e495e03b2aaefacf12f87ba64a33651b22fa92ee113115eb571
SHA512 d38d4a1b377744873dadbdf3308011d46acf0599ec14b89ec0030357eddb3fc4c8a541fb92e7eea08778fbbf32101e6d6f48545a43f44be58997fa3dda4b4e9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a334ebe302b12c61e255965c20dfecb
SHA1 24b67f3d0419314d3e4dbbb0c18adf5d06c34dfc
SHA256 329ea7cd4d0a534053b72175fa9f16e95caf15e3a2b192edbf4400e4bb75fafd
SHA512 81ac5ba6a2ab6c662d5c4a575effb1cead4b0126b471f98e173870319ea4f00bd9e89572b500d2f46cd134e1fd1da0565988fb3c6a14b4d69df5675257b5c4e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

MD5 7ac2e80dfde60a1b77a5787c7faa2cf7
SHA1 41008441dd8d04f56f989efd283164adafb65744
SHA256 77ddaa4ba89172e289fa4c8d734699e540e77565f8c71276e1fb1b1a2c43f690
SHA512 1570f3f659915d34bdf83b3190a2dbb6c53a25e711db7ea098acd9d9039e1c8f93d0b74afdf35ca0063a26d1d0c8eb86f96951d6876b9a747e43a75ebdd9165a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

MD5 29bf0037538bc22c945bdaf400d923cf
SHA1 edd1cae74870edc1c57e5d5983d9ad256c8f2512
SHA256 2612d16b92642569d5fe5bcb6c42fed5b2b8b54dc067ffcd666c6aa01fb651d7
SHA512 a2a4354a6be09e94bede2aa2332bdf7b3a0a372b0d22173ed36ea7ec20ea1d6a2195f0a0baeed2179606ec1e54734acbcd001661bbaac651c2a2c44fe32cc35d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f54d7f2e6cf0b1_0

MD5 81fe2d5d962b01f43af5c5e00a9ce3d1
SHA1 208613c10960bc1da5a92003065c035b55cc90ea
SHA256 cf3d73a49c2bfe90e098f612f3bf023774ff30aef37288670d616a5b3caa6039
SHA512 95a212496cdbf882d44674d7cf1c0552e3b03437fb5f2fddbc9d0737516a8757a086b52aed61c0cfd9196c06a7a0532010faf32ceec8cb6c4d281360815ea81b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 f2f6285818b79ed1a77d8461d5349ba3
SHA1 27c2d84eab4d18e51c00c22e156811d92ead00b7
SHA256 60f900c41f27f6f4207b90ba7e57a0989b46e403f3b08f7fadf9e2016d27e67a
SHA512 bb1f064193b7a9449d91a6eca1a7dfd163458840a5b9cff25840f3e9bda02f769e93e18d421217c92780531e3613e6be6430dc77b92c3fbf090160e96e07926c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

MD5 7cb7d99e8e54d56a4ddd7e0ea9ecec20
SHA1 ebb94436c806e881b7d5ebb26fb95fe761d8e02f
SHA256 6c1bb2c97aeb624fbed0823be5ac7b6b39f3cbbd2ff89e209088647efc11981a
SHA512 101558458435a320034e96a451ec03029778de3bea73ab4bfb1ca200dd76469f6aab612689c716b09e1851b3627f8c5af20b5786ededca59090962775cd84cd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 b29b85db4766ca2b70e27d62e36b8d88
SHA1 890651f58dbb056fba60e07434901afac4afe290
SHA256 bf586859b7b798e6884cafadd5a4ec18b35759f248253eff41c5cad49154357a
SHA512 5eb1c260d0d36e17b38442aedcafbc81024d8e2f7d15e3079ab39d01760dad475300698d2682cc9a1554165051097a55956aea0071b7e68806f865321cff62e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6f1ca0f2aa59416_0

MD5 e18e324aaacbfa891e1ad92453401389
SHA1 d6b72f1698d626cda0615d566deb96ada3c0adbd
SHA256 c24ffa0710b99d57112d4de2f05b9822d3da75f573e829f495c789e6b425ff98
SHA512 747ab598a4059c94870073820d5f5c02178ae84cd9e95279d0e443b5351837f882f3ca5451c9da8c19399e1f699a0b91697c6745dfb8f2045f70cb58fecbc415

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\605167868572c6c4_0

MD5 b5dc6ae305083f1c9214caaaa2af606c
SHA1 04c9a45469c497a9c1c936caa6d279d6512c3682
SHA256 b362f0c53e9ed8001f7c9cf9b3a9fbe060ce3c84723864d16a41c9b70344727a
SHA512 ac616bc7bf1d20622056aaacf3ffe39c2a5a92d961940a245a3a0f2c49b724fc384e4a189f0412f2bf8545f4301e95000f692b13bb7974c551f2deb7e15744bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 d92005ff9516c91c1d58b303a1e5c361
SHA1 66e0f078fb4129a26454f9bced7640544da80284
SHA256 4fb00f306aacf4e1e7d878d78c7d2a6d262ba49f027e165a350e271d9f55acfd
SHA512 01f79ddd6365fe52f650f9f6e7df90b2421864af064e8290fefc4f501bdaeea25b2b7982a002e5de1ea41f9fc4bcbe05465500d1fd7240a34d49b00b35fda871

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 8883e15027125d12e67522b674581a1a
SHA1 8ba42663cc686958ce345ad1f923df9c462a51a7
SHA256 b3be97d5843db7a4ed41d171233a93047c886c5d5d95bbf523c0e97c830dc802
SHA512 16e7b6a2f5135d34546eb59adac0ae60bf9ad0c2d5f2b0afe252e38c2b3e91675ac1e4ea9db589eac99e632b196e5a0880e815f2ad16c2e5544af85b277c62a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 3e1e3f7c81720a3c1accf8c37fcf2bca
SHA1 8a329df773ca73146c72021666c281b8890b74c3
SHA256 1ff46e828c61e1a53c881d14d11cfe4aa807367a20c2515ee5401a491334fbd9
SHA512 5667f8dcdf68619bb10861af54eb351e164d807915e9b62cde3f27924b1298c2e13aa7e9d3ebe43e9814a312bcffc6902baf70e9677f79f8d3e958ca6367463b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 93f36c396080323f4556b974d2cfb667
SHA1 9901f02ca5d41099fcd1c62e5493c603d64f19cb
SHA256 458a73976443a0c7d402daba8e420977ceb292541276947f20107e4e5820c2b3
SHA512 5c72e6f1396ff94484ef666b08881edfaeba053422779d494bc2192bab7cb4bce33fcec64e688bc5047335be8855ff9f63f1602e626f7d1660557f47dd1126e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 d8fc02dbfe8389b7d3d0de88673100ef
SHA1 ee39056fee502d867d34fecf505b8f24977463d5
SHA256 a6060a8602d4ac70ee33a488df1f06cd9c672132a50b10b11d332d1a269e2cf6
SHA512 8dffaa4e4c338b6cfeaa45b4fb1f9cbdb068e08e5b84fbb0eb360cbca7c989106c95c01f19843ddadac13257352f47456b55e3ccf47827a28662b50d830931b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 bb31f9da05d27c573c5f604e89b5c93a
SHA1 779923fbfded6b667cdb5784d9f58a5b80aa0150
SHA256 1c22119ccf87fdf2d5d0853ba0d6e11010ca4fe0ce79cfcabd0bc7575d92dc36
SHA512 00553d7754b2192fd616a629343ce3a0b2267a63b61fa375ffb968aa4481b7d76cc810e4e69ec5ff28fd90592f9afa7fd58eee2f461607415f9090e7f409943c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

MD5 24faa99f004a96f7f22ad2e595e042c2
SHA1 5e1ac3f9d86d517c9dab1f782d209528c7004ec5
SHA256 835138a0a18ef9b11122b6ff7c1ed7f1f90ef3d3ec98d3676c3f0cab8692ab51
SHA512 055d4759a6d42d0e87447e678a17bd187a40ed6b7cfc892a59f9a842808b4acff28bc3f2ae79d0e32c4be6e6df35ea3665e50767009b11b5d354f03ed65f3ce7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 944243dd0047841f128a9268b58a6e05
SHA1 7613edfcea74f05c61f5b7491d0803676f9db5bf
SHA256 3aa0d3b99fe89a953ea09a3b295bce1ba94b1d408b031420fff0963267cadddc
SHA512 429963330304a1c100dfb00d13201e2ea575379b4c66bb034ad289f99080d04a5f1b94cc5f36f122491a85ec327285b57005884afe307a593fe1e9ca3878fd20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 af1710114fd377b9a0bd6b58f2d7b192
SHA1 3282e2bf0bc43b0d2c1a5ff11138032dc833abf9
SHA256 22f41a02822ced009497a772719b1bae781f465e79392740156ec735a8ad6709
SHA512 5498487b44e0ce985fe1cc41bcd1159becb41804838dc2e4d10b9911eb78d1e128c87c042cda3234e2dfe3a8f3c7fd32127ac713f5c4a9c422f5d4f327b20ba4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

MD5 ebe8f7f1d983f973fb66a83c5d63dba0
SHA1 f0ab9d1f06598147d2a484635d7c8984e8f85baf
SHA256 541f14ca5a817ecafc16aef6da749fb8a43396d750eed174ecf3c91218715126
SHA512 70450c489e82f71e94e1fefb6c06423d73415a9aa1e66af5fb1acbb3d0ce770ac4dfceb7ed19ec97cd1e86768304961dd4445e4526b16485dc90a991363185d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

MD5 b97d45f4a686939156e3ec407245adb4
SHA1 11256a87e3508800a9e359fe7a78d0e99992cca2
SHA256 a51ec5fedebc325de92eb5b991f24e410e63d5f6cd62d5c444b1d5d7c2ae0f33
SHA512 5b0b9e2bf1b18d003b78a953686eeda407a0b83ab685d7f9c41bfac326dc850ccc1cf1d8fb6afd0b69937f81f42161c370f00c3846ce98349854de5b76f26429

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d19b7a4da74b59c9_0

MD5 436641f233a8b6fa2ea4c4265c96c5a5
SHA1 100a4a4e8b7f7b6570bf4f79ceb01fe6f105b520
SHA256 13aa3b73c210a19f519b5750f1410d02821d64bb7b838b51cc549cc2d91a837a
SHA512 a5a80dbd7029b2a5e2bf9c9421d3a695ff232d99649667d5430dde152386587bcabb7dd6ecfa854d23a815c18b5d0087e08211f12cf8ab6559594ffbb385129f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 e8a36735ee7259d15b94caa523ff6126
SHA1 07bc3bda0527c2917c8a784a072bba57e4de8d4e
SHA256 c74fcead2c09f0d324a1cd75c8a850e9fe8af870a30c64d228f77de6437d079d
SHA512 bf6e9cfed87e38b1f71db0dcc926850cd1df4a329d4a38ba88e5a57edc8fc4cc6d493ea01505e5bff5e8de2d66cefeff42d667545089ad097e5454e7af52945b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 534957d8f84bf2bc86f9564af77db8a4
SHA1 e7cc6279fc1e1cd20bd89c815dec518351813abf
SHA256 1fa7f3a600c56abe17031f0f4a2f0f4df7740b9ed09917767bbefd9d8ec2f672
SHA512 570785bd82dfc705589980b25e0a91a82ff15de72bbb6f87e008dbfac3f5d10c8bec6646cea4489eb625a5f823f17bde1a1a4b474f1058a55c7ace1b754704b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 a343853933b3f2d341343477d3e50c17
SHA1 663ce4daad34de609054b005fe507e7ada58c11a
SHA256 31894743d4081c895f2f830432e78735c100cd18f6add0c8b99d25d4084ae58b
SHA512 1f539a16338f42c9675eaaf68b716a7cbc6088455f274673e7fc370f55b813fff744987fa082866bcc28d9c535ce8cf2aeddff9b825fa8ac3911aa3cb3c2e3dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 4c9a079a72b8759f0ae97288bc80df90
SHA1 041137ef9d4cc6e4f86c51489d9c9e3cf46aa71f
SHA256 3d04748a8bd45a5e1f0901612f3731da236e0a635998b50c158386372c21eceb
SHA512 88dc1cd4dc9737826b39e4f714f646cf9af98278b42551eaa6b3ad1b1c710ebe290c22c93779a61ffc2fc9f2cb9ec4c12d4f73dab0dddf3148975911f5c784a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 0b75e69692eea1e439916d47a19c24d0
SHA1 853bc87098f84ecea9782af2821c320df1e0cdf9
SHA256 a3656c7c89420c5e904fdbbb74f40ff4f2fb2c1f070d1b1fd4c5131d50c7219d
SHA512 3336b45b8bf1fb19871dcd42b76cda76f178542bf52607e569899cd69729f82041ad39392a052fc1c6808da5cc4b088967f5c24fc58eab7aec12eb54eeb8d27c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e239929a95f56ab5_0

MD5 3e688cebb171ac35cb590fccfaa1118e
SHA1 b17cd6597a2e6800175932011ed25893562e3249
SHA256 13c3725714c489da1270aff4274969d1d2a8114d18202a15c2abdb1af4ecf906
SHA512 c9b1f1b191200f0435423c6ea2dc62d7a66a251438bbf5b1c4d8997eb62af74943205863890de5e833a189420e54d688ce6339312943472c67efce410f480897

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0143edd150d6fe42_0

MD5 953f2e4e93ff0bb41fbf882a36751b63
SHA1 fd0d9d35b7169a0dc4a37860586c6c04e4117497
SHA256 28ef110bb98f67180a03dd15d47cb51d5244efc71d9d0f68edb92fcb1e414200
SHA512 a75db596ac8a845d496cb2651a22698829828b71846064e1c0f78d103452ccfbd30aa90db9bba3d312f89b81f3d176bbd353ae6e878ff42912b56d23e3124907

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

MD5 1f3ed811084c00d9a568b9650bff9e54
SHA1 f7127d5bd810722ae2c8243088be4a76425b55b5
SHA256 8f3373f4c65e32ee88f77fab60d792db4dba88d1e688e6f87bcffb6d05cc1c61
SHA512 5b638c2072fa875325578dca12794a67518c27d43ebe85ac4a772161bb36f5053769062c91e2a4dd82da137ea3cc0d6a5e8cb299f5bc7c83829d5e6c084d54d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0

MD5 61a59e780f0989d7ac12c8757be6de56
SHA1 b3d791543711b60afdbe55bede948f91581ce219
SHA256 d2eae3fecd46132f664d0923ce23961809d63cb4fcdd28e185f859003b9fc87e
SHA512 f927a0592598355fce2066f47d150b8a522da27e8d0c8f72b05fd3bb406f438b16a5a164284bde1200b7406d1e6d227c51610f724795e70aba23537ba8a7b938

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

MD5 01405a07f1c5d0fe7c3c7a8a7775dc41
SHA1 c79bb91d6d90ff67084b753e8e026be5b15d8267
SHA256 0511bd30e309fe24bee8f5941b5313f750aa261bc6399578de5e283d286625a9
SHA512 8e618300ceb55fa081edc978dc28bd83b06f69191465b2428c50389793b7440b691765d2c84e817104f28e6b067237112028ea7708f7cbd88acbc062891b5893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 758805e439ad88db80cddf9ee4cd53fc
SHA1 511df3e2103bdeb2cc5b2cb76f8b1eb773e1d635
SHA256 ab3b4233473e1e52437cd8c44ad7130c894ff99565081b9681e9ca6a70d5116a
SHA512 027489ebc83ae0b60d507ab66d785eb84ea9984e0832c324442e04cfaee3b2228b3443085ef71fdf11f8d8907255563901686fd6f915e7fbae4055bd6eecca5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

MD5 d91ce5d929fb21ad704edaf82b4e8695
SHA1 8c5f03e1f7110e682f7764eb76c0b191253faa8a
SHA256 bdd4b3ac0e712b52c28ecd880098774ff120942dc78c559ab91392374fb539c5
SHA512 8499a0b370a29a1ca72c0fc27253cb2483018ee3ab11e0a378892ce7082360acb7c17db02f9812cd9dff924ff7b827e1c4a31ea675929583cc7ec01cd6bc6581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ec4b11de0b23393_0

MD5 1e5623c013dc2a61689b53526f97c0a7
SHA1 e83b4bb49be7774406ab9b499db5a3fd3633ad70
SHA256 e5366dd1bcbab2cb245617ccfbfe60764236a6ce7902ab61d5629ddf2333890d
SHA512 55b595421af69a7c8938d358953ad049a6a0c0f6b78e87f233fc994a455b683bb2a0664a11a9939d38ee12b54da8af1a9c64ac7b6e3514453ffeb21788c50b4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

MD5 cb6d5d6b3bfcaf1a406552cd1a19b3c6
SHA1 e7fc1ba54cf5bc93869f7f97488c076f4ec16fd4
SHA256 e1ecfe6e0ee426d99ebc89faa63a04fde6b417cb72a93c9fec473f41813b2264
SHA512 5c215c92ff68cb890d7b5f5185efc120f5a0a8b60a1a2e608d2a99e85562e193ace759e0fb2252a2938b7c785c4b6fe9b87e62d2a88ecae1a7ea50fad919af52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46d8591239c0d052_0

MD5 fdaca3b779f83de1e9bdd517f83c29f9
SHA1 8125838736f6ebca5f57120e302cdd4de486e34d
SHA256 a9535b9abb994e80f1f7c454b593130705295d70711286bcd00d80d1fc2585db
SHA512 433c4236448877e5ef83c52b766b389ff28373759e49f008ede97237fc86152be9f9e8c6bd2fed254ff36761c972eb3b720ad22ad445f1f3188704dfba2d672b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0

MD5 a02e965a0fa48144e489e6f16ec922ba
SHA1 a2bb7cafa312b94520141ba971e2624385380fd2
SHA256 067ff2ab9c67e05a661dc056a7c978bd73320b5fa410b9608e9b16ebb2b79f40
SHA512 adf959d8058628b936a271c10a0f84e2964d07a1355000e28153a7550b28a816a717e4f75776eb0485187a40bf79ade54d7833c2dbe663d298a726d237dcf3a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 d997b83c8a28c93ef457e95e7cb6a4fa
SHA1 5d5125b38f53bc1ba83757b66632018e8bd51074
SHA256 8468a6f06827922375ab194a12a210f21dcd2f6c1dbb5883fdffcfc4925e1dec
SHA512 f958ab197421e3d6b05591e4704da0f49940a3bae7a7dd2a0803048428ed70e095c9fe9ae8cf58295bb720c671681d700d911e774d1e011d88fc3f79bac597f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d841345b724567c_0

MD5 2fb673f453e9225cb5117439f80a8340
SHA1 700c8fe9e781f28cf44584b36e6af747e7fb92fa
SHA256 675520c8f5bb5bf30eb8dfdcf0df58f3c9a9010878cf4ea89346f2d3e7cbbb55
SHA512 2ac5841294d75e9007f2a7aeda58db4dbec68d88bbeebe66024650fe38a34a5ee4da579a0840e308c0e329392196dbd4c1407fba62e929904a751e0e52dee152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 5cbbb18e439e8b00a1e182a6044d5568
SHA1 f4026fd98a000c694b586a7d813abceda577964c
SHA256 178797882790d2ce816b5482bd697c4f7991bcad7aff19f21d5e90754093c2de
SHA512 96bbe772c1387e4be728beb9e11bf62cc500c3a0ae77b81cd5cf8a96c094ee5c3a26a3cbc37c47cf94e6ecb62e8af15b33a9e7092ede58eeafbad28ff7ebb212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 186bed9388e48c87780820bcca09d7f9
SHA1 a012dd9a41c4837de4104699f0c6d24da588bc2b
SHA256 8892734e9b96a6387ca0d1e663671cec1c3543b6920b1d468464d1e5a2142d9f
SHA512 839f383527b6071e318e897749715c3291c1552a86ab351197f387d8d0e4b5c892f4e253bca62b8850cd186fd051943e83a1e84c897b6ae1286f5e41b557aaee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 799dc91ec5b52e4266dec940c6138371
SHA1 766380e509cafad023e52efbac578b168e58e17e
SHA256 22a072dbc5e82688894b7c9cc55850306876c226c81b281c5b8ee02d54c27247
SHA512 cd482f504ad8457c3e8502126832ad67c564c81e0b2a8124488f744946eacc513f0628284f960e5826844d9c9a243790b6bf9d862a28f5b72373161aeae08833

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b34bf2e243c8e28dae15e495c36ed11
SHA1 2cbd3d518b1eefdc58a5e0cbd4cbc0937d10bce5
SHA256 5a62866a524bba79ae92b5ef7e486524a84404efe8b6f593a655ad94d661bba4
SHA512 434640470193d760ae661a80cf09a2e9e1e655b29c5b004a1b7fb1ba58e10e96159ccdeddb3f3e4c102805f0f11ed2dac995b38e7128dc8b7c3e77109805a9be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 efa3df96b3999218a216dafe410f91ec
SHA1 79dfb60f61efa5753ac8ee23a3648fb16f8f7f10
SHA256 e09ea45d87bb157360741a81f2b8a16338bb4eb2fa796f712e01dd1558764832
SHA512 4f6903859bd0359487276991ec70d8de71654a4c12674331dd8e56db98dd68dcc6357df9bc5cece41527e56477fb5d57d4fa594ed3f30e2fb711bcade571e8c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

MD5 347169d9d4cb0b0145b9f3ce648dda48
SHA1 96c97f903ad13f31aab9eb7c06218eb6b0cfde55
SHA256 29da1deed457e375645cdc4ff44c6695c0a85907cc8978e3abf0e4ac16d3f206
SHA512 966e392c0d3d9f852e32efdd8ea63d4f5012f7f55883ee2e148769ead871ece5860e7de7ff150f780853b2cdcb4943e6734d41ba7d24d43cfab1d0eb170ca6ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

MD5 0ed1814f505eec2506f3003c31fa35da
SHA1 c694ec9332ff1fa5474e2ec9eb504b7eaedd2261
SHA256 55e81a8489541ab71d003d184ab3f5115953d031a5ff3315b6133e1a7a91d060
SHA512 1517ae8b3162b0dd948fcfdf3cf355b1f6485da5018e21c0b81226e5bd2ac0db47bb9693d2d4019405fa35137375dfc1f242a9fcbf1bdcf2e23f2ed83644f699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

MD5 05cb4b9f101e025994f9686f3999fd43
SHA1 7450f129ea39792645b56de215eaab1d91182fbe
SHA256 07fba84e209fffc2a8eea1a88ec8c77cc92644c9050b7669b212bf1db30663b3
SHA512 9fbf0e99a1f19b362d9e7e31dc0b6f0d49177cea922d9d6acbc1b5a84d1bfce40c3a07e123b5b47ed9a531befc9a2372be3393502b5f00221d74ae23fe80efeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 240a36ffc72a5c01fa119bf8263540c5
SHA1 05cbacb14cf6145b9e3204a8436dc89c75111ece
SHA256 863dbfd0ffc8a41fbff4c7999022a15e357f8dfedc8b00fbf64b84017f515f24
SHA512 d5d717bff8e36841db691e8ad0c8f57e7b55369dc5e74986309d6cbafe83cf8089a72f38c54b4adbec0fc91f11e65045ccf5cb3b0237ac2d5151685af6f34c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

MD5 9f2385157e4637a0426a9bf25312627a
SHA1 395b7c1428ee59ebd152d6917494ae39edc460ad
SHA256 6b20ede33b01a5b351c42913c5478fd87bda02c26c07782ba22a1112e16b896b
SHA512 e220fc5181801c0f02bfae8784057f0800ff31ff05e1233bea9d6f95f94b501c2f1215e38590bec76ba00d3ddee29ef41158d60d3bca0613dcc73ea7b58c5e4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

MD5 0d9f1ed9bd2214fe87b56511683d79be
SHA1 b362517ade14b2ac3ec1c12f936f43329ec63107
SHA256 58928cfaee589fa4ff06210dfc585fde1d17dd8fbb578b497f6d43535f79eeae
SHA512 58817554a7cdedc53965d6864f7c24f2d51e09a77253849bcb488a0dc411ebafba0fb3d7480f3167ae2d9ab827e0c38f62ecc52ee6e8e839ff5acd630e223c75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

MD5 b415ff5e476eade718790e7df1217051
SHA1 f64de3a6a3ba08e80951dc665146affa23c41ad7
SHA256 218ec6939d5844eb2e318d1ed470af91721cfbaa5d14f1ddf99129e3ea8f45a1
SHA512 d51e696e64adb661543b0237fce158e04a50bd76a60d824fdd97ccc3186e6cceeb76f7f39a295cb9c96863f0ec0ee28bbabcbdbde6485d1e4b0bae04edb5f681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 bbfe947000a0a4155f94e070f5f3a82a
SHA1 ca9de5f212a24535aa15d34ea1bebc211519e039
SHA256 8314493337b731a1cd3149ce77a469725152d37e734644416130a1ffb43c77f3
SHA512 dcb5cbdc745476db749e396aaa33f7f4416ea44eba42a876a9f6051a4cfda5fc3c3d993e4a17ab4e8c226bc352dba27e638990db7613b4b99e0b9898a1e99f74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 89a776cd9423bcbad3efaafd54f30617
SHA1 d65300e2501faeae775d90098b324d037fec895f
SHA256 c0cd41493be8c696dd89ed803f47816f1cfbab9a751a5a4a4c56178def5ef148
SHA512 09b33bf57223a09d49e4ed0f705565839aa5b67b0dc657224a42d35e8a7688806ce9c960a4d1deb5cf616cecbb64674388708e73df69c7e9db054e56dd7c7953

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

MD5 967e23ff08473b6014aed058364553e5
SHA1 0737a316cc8e956d59d17f18f9b17d87989c70c4
SHA256 992ee29c18d6b9f11b46c53b1fa2248e8273036e9dad1116b5ce7d93dd885b0a
SHA512 9029cd920c20c6bfd9a4cea442f2db4af9ad0fc13465a5552cf06c97fb96ffe85b7b26615df8a1bcb76a8e523cae0b4c7a2b8218ef25d4bb73843d877ec7d104

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 c12602b8ebdfd5ea5113f42ee978d526
SHA1 1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b
SHA256 412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794
SHA512 00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

MD5 728af6dbf44989df93a093c29bede790
SHA1 e5b18856bdf05eeea4c096bc8df2c7773795b507
SHA256 f10744f846b478fe066ce27179895955922e3071e4953f2d52bffc44d81bf386
SHA512 fef7c4f03a0ec8cf331d18dd311425fef0b86394838588ca4bb84b69571ee7b27ab1339aef88e9ac314ea1823e67465c48d6d8005a1357ed22666d4173fae4c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e19d0c70f6b70d6586484e70fe96241a
SHA1 2a82d1200bd9a80f3d60539ed84e8321727456c3
SHA256 8322537c9ba16c9a52fc77940ada47966fc1999684f45c6f068b327181679238
SHA512 98165008033e3fb0b2dae5894ec28daeba0bb6ceed6d22b63f77d286fd5e76644b95e87b4a01e111bc408f9dd58f113c09bddff97a575244281f7f1aca31bbda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe609474.TMP

MD5 227416042d559f2191e7e46df29bf27f
SHA1 f3043ea9cc42ff21335219e3b79391bbb8d7037c
SHA256 d03e4ec269861152dce5080a62eb1a2f76f9c92e799fb6618f794f1ddbe42af2
SHA512 ac59a5f9873b5a0030041c58fa1ff16377775d9e7d351b8d484a5dcfde3c635db22da81097deb987b31db937a3dc6255b0152aadf77ca228a2858f8e33a4f2af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

MD5 33ca6517b7a76f498ddc116047bfdef9
SHA1 19ae50a8fb43813a16b20cb165f11369cf71991b
SHA256 a91e2971cf9ef015bf3fe83de0688bc78e5d3684ffc68032fbabe6839f27ca78
SHA512 9b4af17384089f6f16d92fe78dfb0708aa6423f7266119c45d373140f1d75759b9c5bb053a5c4546f403f38558031db663c9d24773b4e17ebb8cd785fc8a0260

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

MD5 f303275481893f00d8c1c2cb84dee8b4
SHA1 66277c7a524854c84db7ac6e7d31b994f1671049
SHA256 f18f6261a09d2e3f1cd7cecb57182f92c7827aad2d997c73d55a43a4443c8300
SHA512 0be9ceaea21a1329a8c2eb7c834c210fcc261435529794a78ef199c697a0abd147bc1687203088db567e3e82af51a52e8cf7bc5eb17ca789d7da1853c66e7618

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4777067e58d4ffd1c77ca95d6f659de1
SHA1 ab4fbaf2bdcf2ce6dc925c40905b86fd4b5e1d42
SHA256 64c94e78c202dba0538b9dcad1483977ae52b65d59cf1644f766d3142368978f
SHA512 a1ae710a67baa3c243cc0ca407017f508867819d6ce611e5680e111d9d26ed575c1b452987ae17c06adbb07e68c7e73343210c3b95782b25ef180ec7a52f08c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

MD5 fc9f1dce98974f8c8f06262c60f7dbd3
SHA1 c36a3a233aa4b0ea594132cd15f71447e7bc6eb9
SHA256 2471e8e32537652c8d93ee2478e4364374453300811dd41207f5d73dbea72194
SHA512 8d9ece290252b68da614edbc9ef077e9dfc13da1a4a47fa4c273a1bc57974f7d639fef8bf2a73cb66ef00559c3134a539227ddfc8998dc9b8745d264656db509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

MD5 1b8e5496aca8acfc597832f2aee42ec5
SHA1 9f8308fd46ec50e4de5419428107c5703ad36995
SHA256 7c3b99a73f295ce216cd7d8143af310fe64cd0a6d6f60caaa7c7c4c97442bdad
SHA512 f84492cf9efb9889e3578b0977d494367ca9bc9bddb0aaebdab5285850c59bbe918145abfa16a9725f4f47d5cd7c31dfefe98156e698a4a409288d5ae3e34621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

MD5 5337681d1dff81a4f4f5dca65cbce5ae
SHA1 a271a1ce63cf89555fbee60a4eb8f84b8f12e4f1
SHA256 dc42a734c12a6629ee9e9dad0e12bdbd5c8d2183a9c92d173ea7bc44a5f28b44
SHA512 7bf3b1d76c96434357a94979b470bf5909e70112f119211ee94d2adb8ae27a9f2e0d1d1cfec48d4c985405b9650b05b95971fb4d9e406bca8a3a8ccecd988df5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

MD5 ea35549990f54b349e6508f4f4cac0e0
SHA1 8efdec385374e1a3b51bfd29c3cc9315e7dc2df7
SHA256 4a1c17a1326271540f84968f43e9f55f936ae9085e99a6d06592a53f98aeff2f
SHA512 67c956058c45810b4d06f4c3f2974c3b264289be435a06ca219df51cd51f9e25bbdf1db42c20d9f435f1689431b5106c21dff8a400ed6263a6b102dfb51ba7ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7fff3e4ea4c91b707c15cfd759297ea2
SHA1 613246950f418ef29358f6c02e117f1cd9a2f363
SHA256 f6532dbe7ef113677c8d478831c0a74ada83413716dbf7efb14ade7f01251897
SHA512 b2a64a296a46cd4d1b82fd4cd6db0fd8ae01f78e7adb5ce2b5acd68f9024a5a1a829e4d74a5b56e86b4836b24fa8a49ae2aafe55220b9a0b74e63a13ca1a3f67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1f31c070e4421967de7ed27b8c5a994
SHA1 007e97a8517d543826f70fa18694f63af7c0c9cf
SHA256 b167bddfbadbf18f08b8642590af417a770efa78d1e11670ea1a47c3bdddd157
SHA512 92bab6e9354feee2ccc01bf37954422e3f429ee743f13e1696a06a6593c793b9607772916ed29ca68346060fcc11adceda4516fb04830d54ae37da66746a64ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 9c4e45cb7d36af498d3254831355697d
SHA1 62ad7d1c2a96e141a6774e64283e8bf4746bf5ec
SHA256 baacec95f11f56b82429e46704c721c0f83cb643dc51ae65b05e4e2543b727e6
SHA512 bb0899fc0426875ac980f65d010b51d05e83dec3e2c2095bb93594cc28c45744b90a90ae7a3547e631370cadbc63ea135ac804a6a520d55aafd2b76866e5ca58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

MD5 2bb9eab7f9b30acce60e59c5b5aeb586
SHA1 be2f04b2079ad77de0b0e77880613c0c09b56f25
SHA256 944b58150fdc9bcbc7f11f0880843498fb536781c0bfa17fb454610d61d941d1
SHA512 6f4596b1e9ad883da2c6a558c4c42f4a4aff56946722ac9eeb7b13aeb26d7b6db19f57d28c827ff2f17c5ccd4cb31ea4c63cdcde959d6235fabc6e9b22d367b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8908012b8e4a5af1_0

MD5 9d10c5ff8f8416592684d1f5c16a6ebe
SHA1 13f8b8c112829ccee0e6220ca6fe642c9a56ae99
SHA256 efee3bb4aaef05951115edb6a86b7b2dae5652454a0e6a93254730436cde4ded
SHA512 e384f8948f50ec4ec52c24422c7efeecd997736ae5427bfbc8dd2b32bb959865935055728462021beba42e11399f276a3ae55fc67152ba4db2cffb584948f524

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

MD5 6dfc39d6311d7362a2c96912f0b8b93a
SHA1 d09a87e42c504c533c085242812a96240943642c
SHA256 7d90f7639acf18a46e0b56a9f1e0a4fd5d93b3862dc3ce6d19ce2ceccbaae70e
SHA512 34573425cf40ebd154d9e6a1a1d96cc06d461fbc397ec70f0964b31109d28ebc77b2a8c8bc915723e3375fd1f11f2dc48e4d0452e03317085da61f01209fe8ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b7644cb858ee390_0

MD5 7a7e2a7666077fe403181085ef9ef0f3
SHA1 41fd55c3cd678763a6fa07d8cbf86f0d04475478
SHA256 f3f415eca6e7ef696cd97b05ca5ba50c54dffc87cb10c78d1ebef9423c1036c5
SHA512 dc04392ae0cdb3e54b26fc82934f57ff8585419c453e69a0a600d74ec439f6fab33b2e5bef402fbf797932be257989800b99870a8df3017a8f41af93d707dfc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\476831ba582729ec_0

MD5 be4b1c005bb8d5dd746a30f3e95e05a8
SHA1 45ed577de0e6aca27f9a72eb0f504daff77d153f
SHA256 89fb3f2cbc4034362a67585b2a055b15eb6388f8c63b5cf3208fe476ed63d230
SHA512 784916b6930ecf67c38e655114c03e0e287769846b7e1cd7e6814d356cfe831d2828f2defa63f128cde340504db7ef88d2a718398e31a4e6b8865f94fbeda6d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\534ab76442c26020_0

MD5 7f4cf10cb72bf6580e88a64ad397b6b4
SHA1 70e6dc719246e0099928fc01bd0d1d29cd85ac5d
SHA256 14fc8ee4585613c736975550dcbbac37c1d93a5bcf417c4f6a0f89a505403605
SHA512 c731924e6391b321c03abec531c5a0d09881801c39bb554b8d84d56b3ea4e1cfa39bfe74d54e5555aeedbda2576f527735a99f8e97b410585f2c7783986b122c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

MD5 880483c6976ede946446efc958d4d6ee
SHA1 b2a7906b91dcd5010846660a9734da1e11455789
SHA256 f2ac9cf9c0b4cadb5323015d0bbf5715760f999d8214795e40364af487a237ae
SHA512 1714b6bd16bce8dcadf179245b72fd8d1fd2c308fd88874a56a81ed52436438e7f72fbba1c8c6fa53300112a625a401a765cfdee8d2a7722b69707be929c7a79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

MD5 dd42cabbe0dcf7e2ce87b640d63a1ca2
SHA1 6500540f043565d8bde42e1f5fb2c28402136923
SHA256 6f58320e3aedebba897b2caf383c398972d2e2f865c86b3b09f8831bbd536162
SHA512 c4faa65905e7ca010785f09b8b8b130001c98321e10a978c57f039bcf6d10cd014f91ef0d234aefcd2cae79ba14d07036f867e3f8f81953506f6f3b9927a1a3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 a345d2eaf1d320ba548129070b1a60d0
SHA1 530a74b01d7ba7dc9a85005220393310c2453754
SHA256 1f1e50cdbaec154e4047775705134da05fc4f3d1458b0032dff7f8d74e4d3058
SHA512 8112772b16309df215f9ebc98a2f333234836676789fd3e9e2b14b7bf1c70260487841bfcaa758307abf28170e74b5022e08f2058cca6c462d4d67647d8162fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 92ab9d472d3afa24bc0668433046bc3f
SHA1 f1b7f216e35999b385e8076b8d3a77f790746c48
SHA256 23a32e8ccc1396ef8ff924a1efcfc62d413367fa50d8c1ccf73f783dd35a91e2
SHA512 b3822838cc11eaaa92c9961ccf51fda2def53e22fd931ed5146989432846f8a40ca8ec9731ff98afa8f47f268983dac320feebe30382abedb377eba59586c3e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8e643f5975e4df27d77a40e0431549b
SHA1 6db0f50319fd8dc2534e105ecc0a43fac33747af
SHA256 82b24a2e94ae6bab84b6b857ae7cf075544291f50f1ac59636447e00cbdea661
SHA512 39028e27d79dac9d9f2a58750cfcb7be72917b3ce4978c22fc0aa39ceb58cb423600df5fd0d6533ebabcd428ed238ba55921cfb4c055645039fa7e301928a659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b95df54e33220119d3e7f9ce1e0ac0fa
SHA1 574a99b8da5983f018580b4427a6a69e4cc5e657
SHA256 6eae22fa440bc857c8a8d15e5c11020591cdb0b0c57ce6ab8e0fc4eaef1081f0
SHA512 265107297f1bf36e4116c52ecd50819a17c0aae81a03e64a2ac8a43996f832cfee800957502611df1d70be0aa01c27c63b8852ef921f96412d6d2f88fa0daa62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed959fb462b176042500d09785ebec04
SHA1 56adc3c0c5ecd9bba52a7b9ffe3dbf7391d8bf3c
SHA256 5c2d9b0fb20cccf4078993ecd3bca6a2c09e087f51b8682abd14f2ff5805cdf1
SHA512 0a2ebad5ebf019866ef870d54905492bf5b6ca971d8849e6a7ff9f77493afd4ecbd880d6a7d61179410620f7ac817c3fb7418b75122bf7f20b37700300e91636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44b6dcd4fddb0fe2420a00ff3b47ca68
SHA1 b4620e248abadf688c4512cca8df9e510b33dfd8
SHA256 931a7aa10b86cde947d7f842b81d40dcd4f341e745822a5f8ec829005050b141
SHA512 ce9d66088ac8a72e713c1528d7f097f0572b5664fd20387547d581d5b3264088732d1dde73aea903e294ecf9ab9ef5c67901a4c6584c7963d660287445a86e35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c334775537e901a79d28e4aa5c9cb4f
SHA1 d3b728e11e93db64fdcbd4a4ca83937fd3cc51dd
SHA256 62e01d93e4639022e0e107d3936eea41dacb069ef8524bab1a0582d0297dcd07
SHA512 cd366f7107c64289f6008ef9a9e8b19d73cb9184af8f75db86e6f5cb38593811cae6a15d2e09618939c46fedc9f073632e278652e9c714971a78dc4855e69299

C:\Users\Admin\Downloads\Unconfirmed 522702.crdownload

MD5 f21000dd0945ec5ec6ce3e360b3d62f8
SHA1 861de62016053c3188c1a12b83f128df335d874d
SHA256 e11264533ae7c73899515272df4a23a27f74c12207de268ad9f58e9010fbd409
SHA512 332a537072482a15af5d5edb7d503f617832e3931b3cd91915f9fa78e2b69ef582c4e4bd46a9dfc985b4121921864f0b72d6046035924b2d924ab4eade17d58c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7d30a8ee38e0b9640f2078ce9c920a1a
SHA1 9e6d1fba62114d14bc8bd5ce1b5efb99a99a3ead
SHA256 60f4b2795fff3881736fc57f4fa747b86dc565566fe4a6ee5637804337aae53f
SHA512 0b3ad5f9eec8a8aa407d67026635f14ee82cd630edfa68ccacd05904c9304d5a78b58b35f2ed03ad87c19a6c5b06afd7f86fbb4c6df6bc7e76a8effca08dbb13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eaa43ae9b5a55aa90fc06ef6732a0356
SHA1 2352145f5075a61f308f0bf2885afe85e14ef38b
SHA256 8d608ae0f75069afc53ea7246668deaadeae066856fe9c846ee3950dd9406fb0
SHA512 6f93fc119ad29b7ee72696b6751f37b85540589a21bee3bca4335304d454292b70cac268ed69f12bcb1aba9b609e44d2ee42cdae198c2d1c725067bf7cf7d0d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 96928462d476432bd276c8e0db4a6bdf
SHA1 9c80e572af64547b81fd15be2eb68b4e7aeabd61
SHA256 4d1f7aba2969bc759621edc400c029673353d68fa52d664c73110297ee9ff4f0
SHA512 0a0c1d3552d129a919a3a5df491a0cc4786ed7cbf160a15e47cd2c0a83714977255a8f1c2ab3c428e2709821874b60ef1b61ffaf419221272da524a74297ec04

memory/3388-4345-0x0000000000400000-0x00000000029B3000-memory.dmp

memory/3388-4352-0x0000000000400000-0x00000000029B3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1e106c30dce64f845e834658db79e56e
SHA1 8c977ffeae52c2b683034e79ee241a032fc111b5
SHA256 0cd322b8f003302c02dc963551e5268e0f0cc1f540b5e80a0c27bcfcacadf044
SHA512 eee307225b26ce94e6278963f3fa7b49786f4a12b255e428c3cfb881f66be26f997a4e8721c6084d1abb9a7dc98e23964b465eb656828645c6d6dca9c0dcc9c7

memory/3388-4619-0x0000000000400000-0x00000000029B3000-memory.dmp

C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Program Files\7-Zip\7-zip.chm

MD5 34208890a28244903621cd32cc3fbdfc
SHA1 15fe9d3706366011749707f2b4868bcf2f77c6cb
SHA256 4b6939646570c9ddb5bfd39b8503eed99d8c64337e72f6dd4f9ddcfb4ac76703
SHA512 25239239bc7e134dcc371d420d34a3f10f83f239fcd1e73d7de8123fc24c6cd8acaf17c5bee456a15dcf296dc1dcbb7fa1e4df505614bde676661789dc63048d

C:\Program Files\7-Zip\7zFM.exe

MD5 d36deceeb4c9645aab2ded86608d090b
SHA1 912f4658c4b046fbadd084912f9126cb1ae3737b
SHA256 018d74ff917692124dee0a8a7e6302aecd219d79b049ad95f2f4eedea41b4a45
SHA512 9752a9e57dd2e6cd454ba6c2d041d884369734c2b62c53d3ec4854731c398cd6e25ac75f7a55cda9d4b4c2efb074cb2e6efcbf3080cd8cc7d9bc8c9a25f62ff2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c099eb9a1d0d1dfdcc0ad49e0df9087a
SHA1 73cbbf36d23a3e5fa76eb4edab920cc1a34c7492
SHA256 4ec81936ec9c882c95ddb8ad6863fa1f8252a71e9b9aebfbd572dfe1ea8a39b5
SHA512 5718e9873bbd3e5206f6208b83dbac6e893777e69358a78ac92611eb4c312c2e2b5f6da322b4f05bd27be3747a1d0d5417e01a28c7c73dad304a835851d2d5d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da30fd32079f1c91efeb9ec83febefdd
SHA1 ac2baf1553bf30ea3881534eead38c1ba8c6eb75
SHA256 e9ca4d8c673f0d04ebf59850c182cab081336b5afc0959b7043c402a038fc40a
SHA512 99d1d2325ee07bb222bf8eff2ea5502235d85f6a66400c4055e5528395ad2a1c67c1ff68e169ff7b00ad7f295512b3060af7ccacd62de8c769fc8e12cad0d3d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55738adc133ea3b60a443a9a2bc8a833
SHA1 8c6a3ea0abd4490e1f0f13fb7373f8f9df55827c
SHA256 dcbb6996f7d4e30f62f8ab4e2e05f3b31760a0be7e4a062baa551376529ee3a2
SHA512 c724baf0170255836075449c806766768c3a006a5794db99361a4ac6fab72d6f8af19442f8d6614c9399583c303e1a60a6e9354f8724e51054d57a19f3680ad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ff

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010a

MD5 0d7efacbf81f99f9b3b82ac627cc34cc
SHA1 54ba921739b19ff14708d61bf424e4713a51cce8
SHA256 ee19dc2db1f7d41b35f1a8bd976f452d5fd58012d0eff83c53fb835a4ffd8764
SHA512 cf8b4b0f8f586c1ac11d220b4033f91a3a98f167110bae904947407a8b4896afe18bef08871d09f6a2634d58a7118345e90a358b386d889f83abb246d8b6e44a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010b

MD5 1dc06492f582bfc9afc32518c5b669a8
SHA1 3ceb77de90dfc8ad8a38e8df30f44ccafc5a074b
SHA256 4cca2caca18dd3689fce9fdb2b27bd6bf9e779967f12ae9c8c0d4666c1e4c2a1
SHA512 80114c72ce7ac3493602db99d3b042c928dafbe7fe2d43e8f5e9d273cec0289c6c4742b9cf55a38df4a0bb9376c68ac9fb0ab3e8a6de292bf62dfb6a0c4f9e78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010d

MD5 aca2ac9e8cce596b4b2634e178bad5b2
SHA1 044ba3cfa81281e5bd94b74db368462d91f52b76
SHA256 582fe1ed173fc4122f65819b94893da320d119610de7d93c10ba0f214242f41e
SHA512 473c8810b5858b6e89f4e929039ee381f58dc5d098378feac1c5783f0a484389e9f5c7a9c21735abc5c601f00516f6d77f9ef8926cda6210dd1d96c486e919ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c7ec3a02111dbac69f9c4ba2be76a5f
SHA1 633dec4776dae038c5da6c7bf8f45fbfb5f9cf8e
SHA256 47651bcdcfdf7e6187a3247a5a7a1b5baa8b8a41f507a24f85fb9d4d7252bf1b
SHA512 cbd29426d381813cfedcb05af096de868ae91ac8ccbfc4057f9db4e12f5ebe6c0178c40415e51c80311fedee3b3253f0c61dd395c6482e83a3ef0995c893e8bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9bbe729f73742c4a2e9794812e77609e
SHA1 54ca4e54e2f4ddc8688101548d828f146509d52f
SHA256 be54e53b1b6f7d73c9c0dc52495d84ff227e64fff51228f7a09be6fbe2b20fe2
SHA512 8639b5ddff4df1ab1264afe88a2f7bfaa181a5dd9c6213581f16d5456608a20fd5463b45696a806b184b48ce3f68e0f894731ea8a4a55be6d5e252cbe071f01a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt

MD5 49fd30c84465db20fb18c992ded9dcff
SHA1 9d741ad8652fc837465df4ed71a722da28d2f6e8
SHA256 f56e7aa26ff5973ee69ec71ad34e755009dc5651b4ac3095093983ad6ff7e927
SHA512 8f2eaa2ae1cdc29d3b7e5f8eaa30b85b2f24c7a74edfe423e063c2d63840cf963298940da06fcb28207033fc2af4571a8add275ef539d1242a7d168e54e2e1e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt

MD5 64fe3fc441531c96494c6a5584ebaabb
SHA1 a0d207b497bddbc50f03ee06a3513e22b4e14b6c
SHA256 c42eb7dc496003e9cf66495e35638dfd29c99e0a096d3e740ae9963062afdcb5
SHA512 1fb0cea7dd5352b206363a1a4f1490113700cbbba6edb2844b19302e1e5a452fbf351416e38cfad030655f3fcc14b4a1eec308888a6959a126658443c5601cc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt

MD5 83b941b4a4827dca9d8eb0ffee61d702
SHA1 d6371aefaec76abe4d203ef6195c28c70967c609
SHA256 d016d37fb20fbc7e9377cbea910304d7484ffb33d01e923e94ddedf06b60f509
SHA512 47defd08445b3e33ac2fb5041255a9bd2dd83f5c8c00e3dcf686ecdaf2807e899df7000295d0557e2ab031fed7152f012b64e6c5dc9417e1a951f26ce24e0bdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53f581874569d9f29665020f1bb6388c
SHA1 a31bac8ab9eb4ad6bfd41c92028f5d15c57c951d
SHA256 48583b70ed72521bc1ef2496461d8b27ba848ef6fd5d549d0bf8725e1de9b2e2
SHA512 3548a17c87a960b12f182c349285735b567a12864b19d17dd7ec8239d16020a7b16b3dea959d89ee0e961d313d443d26b117feba5f67ed35cc6c83463a4a5c07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

MD5 b7d64b97496e964c759f5d4680bec8c8
SHA1 679c0d67248c7c11fdb43ad32d1e9613210051b7
SHA256 3be4fecde385083f3c3fef83ffebfaac7ae8771056c576920b8c5e06d85f2423
SHA512 287281b696dea821705fceb17531d6afc2f32a10a50a051f031ad4be7feb23fab25d08b23004b4285a997f8b3d6e28da05438cf2bd57d45c41c89a0c46a0d2c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000119

MD5 62a93b04de8006792d5a3da41ea57be1
SHA1 c8b64114d38bff16806e905aa893aa9a444a6421
SHA256 fa5ec81ccc4fd3dcf30948b5f6116a18988b71edc7851183a71be6d779cc8297
SHA512 484705170da233e6fedc9d26dff7632d766666ded7e2539ed974ccee0070066e341b07813b7730f62d90611c579d9a024af978c94f8a81ba37068a0829fd4c32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102

MD5 e7ac76d3239e9c64a3f786b3edc4ea2d
SHA1 e5b995311bdcb224c95877b8e8bc4f8ae9d98a42
SHA256 be82f9e21c62717e63eec10f7c354a5d64327c212eea4256d538ed76be9189de
SHA512 70da9fe1344bf34c2743a4649319e131460add58c10c42177827a8e0df0f0bf13b7c63e6f388d105abf2816746d10eebba44c069fe263ad0f6a33ad2eeb2fd64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

MD5 ae1a092ab6eee936a894c5c5a75787c7
SHA1 2247cd0e12750313b2e062496df83395cead7143
SHA256 b1468c60462244025525ef4eff7610ef706db693ee26356c16e5801c97ed6e76
SHA512 fd3fd518bb290b622c7acdca28e28239854ba0accdf9be59dc27591d50632b141b09c27d2d43b1344de19df4eae56fb77965790900294f5428688333bbb4fe0c

C:\Users\Admin\Downloads\Unconfirmed 780195.crdownload

MD5 1535aa21451192109b86be9bcc7c4345
SHA1 1af211c686c4d4bf0239ed6620358a19691cf88c
SHA256 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
SHA512 1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e27f1b859b40aa7482b8300370dd13d3
SHA1 babb852413f9abd2bf88fb292b25e30cbe958fd8
SHA256 8fa5748c88a5ef656d757142c5fbbedbd455c8990f38c90a203e65c7c3c31543
SHA512 34a2c120659a02a3e5c0a641df5b7e7d90fe6e5b1a56ebfe1242f7fece288fdbb65d531aeb6d1c13010e769310cb95bab8032c4804f7171492cf32544d197608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c9435881b3bb3f90039deeb77e26cc22
SHA1 703a966feec7dbc90ed67d468b57ee8bff031b3d
SHA256 ff2d91ec2161ae082d391c56d311179c9b4054f8dc187ab9b51d7a068ae3354c
SHA512 dee3b8e8c61ec14127a58fc5562d1957570728a7e52a34f57b0b85f41e70f3a2985f5799524d6b97b5193bd7fd77da2fb4127317b913a2e0ca2ad00dfe07b871

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\d7d4da3d-e495-49db-a812-164444ae8ac0\index-dir\the-real-index

MD5 f5d5751051220a80224dff32dd9924f7
SHA1 ed6d4ef8472130e89a02f5202f4227c672d99346
SHA256 0536101cb42476c8eb011c992b685ef01e6f6a0ff0937496031ce05a7c60e7fa
SHA512 8e0250b0359bce66ca5f9407517b6297e62ed36152f9281cb8c077a65fd7e6ea2d7c757bf6bee1167f9986d01082aa35f4fe2637c42175b4402a9136d8620d3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\d7d4da3d-e495-49db-a812-164444ae8ac0\index-dir\the-real-index~RFe649ed1.TMP

MD5 80791b28442d16f7667e8db661b1f008
SHA1 94ffa590988a62439a1739ceaf8b8255fd9b8940
SHA256 6333e69a35b5cfaa7364fd2d987a265f1abbd2e7a793cdc65e4b8c48959be7e5
SHA512 986c80a5ae98827d3cdc272acb058e93fd3345749d8290ec48e338bcefdfdcf68fb68510d74ffd669afca673ffdcef23bfea4a02237df9694be951b233a7f38c

memory/5864-5337-0x0000000000400000-0x0000000000414000-memory.dmp

memory/5072-5341-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ecba22549ecc5744b44591a6d6bc11e7
SHA1 01dc96c9739d1f93e7a68d835b7e3efce7b1e3d3
SHA256 026c2e6cda4e9f67cf3326bc82339a76b349b4ad76339059abc847acd8e8bbaa
SHA512 73441e3b7cbb960e92a143caea7e434685b408e6556139dde2755616416023c2bad5346bda767dbb71e53bba1ccb50b839d8e6e0aed9528e8ae4f7c701c12e54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 92cf9520f7ee15fdd321cb75902b055a
SHA1 e163e0d5f6f945a6026c95589752ba82848b7366
SHA256 0ef487c71fd2ff6d9ca1dd329d70f7e326a1782b82873ad4bc4b3de7a75a61de
SHA512 d119e4caa0bd8085ec5b712fc5a5d9cec2e602cc21f6c54c1c22c74bd8eb210871c4a788a5638f2a59aa95c26fc0c3875b5cf487ea3c1405d315c6ab75cff5af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\261d518a-d21f-423a-be8c-3ee64ea4017e\index-dir\the-real-index

MD5 cd3a89fb0e838094efe04231da048226
SHA1 84e92ae647764dc5c3a8e7204bc3906da4ad91ee
SHA256 9e3fcfe6b947b3d7b81a9bc4539a3aba656a0dbbeee319fa4b6a202d286637e7
SHA512 911f4fe6779ee173b3e7f0ebaffa1312b0b588f3548020c8d3d945c18b450a6cd218ebc4f1e362accaf4e0ccdd53d43b0dc0ee9295a885029eb4e0d58be7c4bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\261d518a-d21f-423a-be8c-3ee64ea4017e\index-dir\the-real-index~RFe64d310.TMP

MD5 93416db8b53d9d15438bca2da58b437d
SHA1 be0ce526715b557c23b4eb2b9d7b8ff3416fd179
SHA256 8a3a41f2103a07a250e34594fbfd970ad067c6e932add89327a008491c165e04
SHA512 bc21482732d8101fff8e1377d8e58433b21f4e11a04a5bbfa826b975cad4d65290aaa81065400fa529a98c0c8df01db31abc93ee72c935b6eb063f442efc33ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt

MD5 867334e5a8cabfea449f4d8317136c6f
SHA1 cced0f334b6774a1a952e8e39d197c2a51992ac6
SHA256 d059a3c88eb5303995df110691722328d177432d53405c4c779bf3c621ce7937
SHA512 3c6b49a8a16721b31bc6066c92bdfd1bca82617e961c74c3a4d27c04ecff736d33209fa92b51087485cbf657109c0dab3d3ac0a557ea81c1d721c6f75aa42644

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

MD5 81aab57e0ef37ddff02d0106ced6b91e
SHA1 6e3895b350ef1545902bd23e7162dfce4c64e029
SHA256 a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512 a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

memory/2296-5445-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/5072-5448-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b8257e6b2ac2c9e3ac506865fd28a51
SHA1 e088ce70ee9da74511f5dcf850e9bcad52536e4f
SHA256 f81c4bb7a1d80a62f0718cda28932abd305f260385848774cae293f8c4812d32
SHA512 f66f121f47ae50a67a54c44867c5e4e0264ca6db1d22ac28468bd6c3d0205f962efcd97347a5cca4fcd1159f602733d695429c31e8bbedc3afe269de2ffefa93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1e8afbb6ef28423ed8b9921636108b5
SHA1 41747fcd6149c8536e8af280b62e73ac092609ca
SHA256 7d9eadc05029f8cd86537cdbb5832067acf8801832365da27572bf55605f0af5
SHA512 a744e61762cf92498c464856a7088d7dd8c3d07df3ae47724be69b6b55ae085b46ae502207839ab0ba48e8dea40bb2b5c77e8c9bba8b35f92c1068a4348b580e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3545d2235e4d178c141860ba9eed9572
SHA1 e269ab5543c41a93c43a194f68834ca241868851
SHA256 bc54e7dde49a1be6fdbb05dedf661969d59267c51413211c48899a216896a837
SHA512 310b7985542600df597bb644eedc1077da9039090ff2dd8584af79f8ea76028b0b64af3229badbc5ab6af0a7fc09c8a21f6b9563c8a68399775e0823c5e31824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba5093350cafd8e1dd84853d76ac66bb
SHA1 db8102cfc5a7d5a4b8c3043c8cc50be3c48af5ad
SHA256 f2947505a075ae670e200ed030871dd87124873ba17188951a977a467884203b
SHA512 a26da80ab18c4126c0e32a5f62bab4ae62b5485ee697e6b0f16d90e4346e4a8a0c591f487a26be8b2c4853c0993ff136794f7a6e17b55044b2a5f56fcc79c989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 67367618ffd5983ca4f6511af24875e8
SHA1 fda4b8689cd9a4b3695aa62b427421864ae8a459
SHA256 68ebb80532f4b61c0b61468529e7d48fcad07b58a8fc09d277b84a796be87d08
SHA512 dcb664add8aa93abdbc3ed056cec6a325068a69cfb5768a297ee6cf738502812a8fec3a0c2ae408fc4389a1435f7bddfb559108d009627a1f3e44cf6980901fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9651e151c03b4be4148116b3a3e1aa95
SHA1 e44857ecfca9b9da54515072f6dfc915272035af
SHA256 31835de3d8c2292df9d9ac09bef62514d003629c3e330085fd8b054b3ce7476a
SHA512 f527ebc2a0467b35347e1765161d5650e84ce22932e2abd80221dc40c283c05ca9e9564d8e8b597881e4454adb35392d7399efaff4da5f4839af0c85d6f7c165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a86f3c2a1b4fc09168e9762473ace0d
SHA1 571074cf3283f926fc2b6547deed491e83a5fc82
SHA256 02d17ee64dd25cdf0aa02eb5af4d20127078040d95f6867d77ffeeb21c4d9af6
SHA512 1f381bf8a3e224c6e96592a8b90d67a7dff7f58dffd586b2b0d3d9815dcc8824dbf32c6fd34a6e701d7a4ed62b7fab13900a80cd710ce9e6c188b24c1bc4c9b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3aad14bbfdc7ae8a8e963950d6c61eef
SHA1 e6408227e7bbfe3fe14b5fc24dfd49fe6fd3665d
SHA256 26caf2a4f7209797b501439a02756dd529dc2120008419be2a29ea7af327b1f6
SHA512 3485b48b48737f0409b8b0672a2f3a492d5be1e39b0fb75a673788445f92a36653b7c4bd4bfdbdb15f12c48a60145569b6ee28ff8532b74b0741ce00e9f28159

memory/5864-5696-0x0000000000400000-0x0000000000414000-memory.dmp

memory/5196-5695-0x0000000000400000-0x00000000004BC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7535de8e03928419d3b6a43332673136
SHA1 0b370edc08aeb1b0ce514d4533e617b2875977c5
SHA256 80ba92d8daf5e264ef059883b4f15852fd62675df058c61c7b5510090d89e99d
SHA512 419dd6b3d1792d0dbf7ed3a2c3f562ba1c35a9a93001df0717c2f339537621c4efcf3ffec1ffebc22c4b67f0539db2f81aa91677a924e95864d61f65518eac54