Analysis Overview
Threat Level: Likely malicious
The file https://www.coolmathgames.com/ was found to be: Likely malicious.
Malicious Activity Summary
Boot or Logon Autostart Execution: Active Setup
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
Executes dropped EXE
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
A potential corporate email address has been identified in the URL: [email protected]
Checks installed software on the system
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Drops file in System32 directory
Checks system information in the registry
Detected potential entity reuse from brand STEAM.
Drops file in Windows directory
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Modifies system certificate store
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 19:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 19:31
Reported
2024-11-14 19:49
Platform
win10v2004-20241007-en
Max time kernel
1049s
Max time network
1051s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop | C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SET4ADC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SET4ADC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\CHORD.WAV | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\registry.reg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\s1.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page13.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Reg.nbd | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\menu.bat | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File created | C:\Program Files (x86)\Butterfly on Desktop\is-LPJDD.tmp | C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\SET4ABB.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET4A8A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET4ABA.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\lhsp\help\SET4ABA.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET3EB2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3ED3.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3ED4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3EB1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3EB2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET4A79.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET3F2B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3EF4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3EF4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3F18.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\SET3F19.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3ED3.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3F16.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET3F17.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3ED4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET4A79.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\INF\SET3F17.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SET3F1A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3EF5.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3F2B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET4A8A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\fonts\SET4ABB.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3F18.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3F06.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SET4ACB.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET3F16.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET4ACB.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SET3F19.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET3F1A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3EF5.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3F06.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3EB1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\butterflyondesktop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-E55E0.tmp\butterflyondesktop.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\butterflyondesktop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Programmable | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\TypeLib\Version = "1.1" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\Programmable | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA478DA0-3920-11D3-9DD0-8067E4A06603} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\ProgID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00E212A0-E66D-11CD-836C-0000C0C14E92} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6} | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinStorage.1\ = "ActiveSkin.SkinStorage Class" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ListViewCtrl.2" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon\ = "SSRibbon Control 3.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentUserInput" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton.1\CLSID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCheck.3\CLSID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{322982E0-0855-11D3-9DCF-DDFB3AB09E18}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\CLSID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSINET.OCX" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Version\ = "3.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ProxyStubClsid | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\ProgID\ = "ActiveSkin.ComTransitions.1" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSCheck" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E91E27A2-C5AE-11D2-8D1B-00104B9E072A} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\VersionIndependentProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\Programmable | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE8-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSCommandEvents" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F96-055F-11D4-8F9B-00104BA312D6}\VERSION | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlPropertySheet" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37DEB787-2D9B-11D3-9DD0-C423E6542E10}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX, 16" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE2-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSCheckEvents" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSMonthCtrl.1\ = "SSMonth Control" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{311CFF50-3889-11CE-9E52-0000C0554C0A}\TypeLib\ = "{643F1353-1D07-11CE-9E52-0000C0554C0A}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\TypeLib | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\ = "clsBBPlayer" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriod\Clsid\ = "{E26DD3CD-B06C-47BA-9766-5F264B858E09}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\Programmable | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 040000000100000010000000005dc9e3b2c090e0619a42c029a16bba0f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b500b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f007400200043004100200032003000320031000000620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a1d00000001000000100000003276930e46cb88e9b248d6542af311d90300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac190000000100000010000000f8f91be746dcfb848714a2b839b766522000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 5c000000010000000400000000100000190000000100000010000000f8f91be746dcfb848714a2b839b766520300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac1d00000001000000100000003276930e46cb88e9b248d6542af311d9140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a090000000100000016000000301406082b0601050507030306082b0601050507030853000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c0b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f0074002000430041002000320030003200310000000f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b50040000000100000010000000005dc9e3b2c090e0619a42c029a16bba2000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 0f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b500b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f007400200043004100200032003000320031000000620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a1d00000001000000100000003276930e46cb88e9b248d6542af311d90300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac2000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC\Blob = 190000000100000010000000f8f91be746dcfb848714a2b839b766520300000001000000140000008ddeb82046b6227c79246a3ead7b32c3e88ffcac1d00000001000000100000003276930e46cb88e9b248d6542af311d9140000000100000014000000b4641648e8fc5a4b332989eb9940b920b4f6611a090000000100000016000000301406082b0601050507030306082b0601050507030853000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000c40ebdcd75a90e4b7496abb23e789a48e33c03284f75d95130575ae6860ae13c0b000000010000004a000000480041005200490043004100200043006f006400650020005300690067006e0069006e0067002000520053004100200052006f006f0074002000430041002000320030003200310000000f0000000100000020000000d23073c5b884ed4d156b846664dcd53d6e4ea48e40a77643f54b342448f52b502000000001000000ba050000308205b63082039ea003020102021015c2ae2a4d999a638cd3ba13197608f5300d06092a864886f70d01010b05003075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f742043412032303231301e170d3231303231393130353935345a170d3435303231333130353935335a3075310b300906035504061302475231373035060355040a0c2e48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e73204341312d302b06035504030c2448415249434120436f6465205369676e696e672052534120526f6f74204341203230323130820222300d06092a864886f70d01010105000382020f003082020a02820201008a6aeeaa0a23550c8b0642e3955b54785fc58e062c7c3c31beaf0da9a1ec4a2058059de268b2bbeb5f7f2a33b9f2559c6faaa41eed10be83291136e69e3ffa6d7b51e1d577a5bdcb690e3b2220940c3165400d09af10357a9bea790844a48b67a92b4dc1e7d0d7a7f6b53a8dd9a3a979b8a4655cbcf33ef79f99f6b8c365682dab832edd859904a9f5d15cd5514201b99f41b54b22b200f4cb6710ef69c410adfa94067650125782aec514ad3c7dbb9df173e17cf0ae71de5bf712ddf780f1dc3ef160bac919976f7574854cfd3943c3646e34ac13c11c65b65242f146eb2ffa5da6cf0e499df7747c780d063a2c12fbe24b26e46f8b218133423913e842ab5b55d41bbb37b61291f7f37dbcd2ffecb1c3d5a0ccb22bc78f5d7e4c524248fb8ffd5a907310d5a972548d49db3852aa46480e2ffa002ccc730c364b24ce136ca6a4a4a3d67c9be9380bc624db4dac6721495b413764e6606b1fed2a2f6019301ed83c9c194387dfc00af4e4ca60887ad6a3b9e4252e79e2fec1cb3cb7f7cf4e584cfbc3adab7daaca88fb0e380d1f9e5c39ebb807c450224df8857f6eec8cfab6714dde7d9669c4dd3e1ede26900a2c4d1595a9a23edc3d0e777c8d41284fb88351be3eb78f903a7031895afa9353fc60c98d7590ee5a2f1d849f00a9e6c38623a21edd12e3a146601b67bf501522927c4ab48c8f6e9c95c22cdc3b3a20b6bc8b0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414b4641648e8fc5a4b332989eb9940b920b4f6611a300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002bac598be63944dcfbad4a88e064ffabc3f2d2ce702f03e56fb2c4f536d6536b87ab1d8b9907c8308e4772fda1b875d617a116bd6473913057ad7dfd05408693d14996b20bd47c64138bd3214938bbfbe8cc3e31f1ae7b4c2adf8206a38e05849c7f70cec0bb4517df5d650ce4504807448ba42f56dac67af6608da438f19d871630b2f05f7a42552071cfccee00b11247bf42b9e4b3b51d1984b9986de069b41541b5e25048c71fea9ab77991ddd5d55319fcae186c69dbad59289b6498a73cc7558ed13000cfd4329e62b1c32aee3522c6bbf07cbb83b80089f5dc1a97d9389a29536119a6a7f43b47fddd67950f8ea4662c829ab72d71e6dfaef8f868c1bb0fea50a04597b71a95126fc8b3b60568da6a1e0e358584ac740c8ab4f4759f22afb054bbb69e22f9d9ebd58a0dc7dcf898315f9efac697f4411075d381b6315f7add888508af704702377be24aec5df2dd291244c88aaaddd255781775af71690d77704ab01f7f42dbc771dc58d618bd50c5b97204c7677b7c5360ca491815bc4073ae2ba82bac6f114439ec82487e11cafbd63fb6c0b9b8069375bd932777170d5ca59eeac15b002d0ca83560c7e26f351b3d76b5e7addd74234f86b247efc82fd0857c399637a12b2902bd3e87cfa8f61d7532cf38e373b1ee1081b52ab18806511e5a3a4851f3365962df42665950b758bef576409a1216e60eaad76ca0d5 | C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 522702.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 780195.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.coolmathgames.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6728 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x3f0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5624 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi (1).zip\BonziBuddy432.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11488 /prefetch:8
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1
C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe
"C:\Program Files (x86)\RelievedplanesftsUtility\RelievedtUtility.exe" 360170067722114728 KX6ifxmwXFFwqpbWQsD5+J7JXg7MQt51lGaz2jh3CKRoYuH/pmCmux6b15bTeMLb/WIRVaDHrIItLTVdR4KxOPVWQwzc4xDEPPIhIEbf7dirMr1bzOr/O/hsQUWEUJcaCPqIwFtKbpMlqAPKp4ynnG8y6eh2BbNnH2AsJoF+mh+6qF2ppWROTXdUbcvXt/wP1gIp3qEVRT5FAuGSfbapaytWKZiq7jwt6+aYdsXc9UU=
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6460 -ip 6460
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3212 -ip 3212
C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe
"C:\Program Files (x86)\RelievedplanesopbUtility\RelievedaUtility.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5628 -ip 5628
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /d /c timeout 5 & cmd /d /c rmdir /s /q "C:\Program Files (x86)\RelievedplanesftsUtility"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe"
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1
C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe
"C:\Users\Admin\Downloads\Butterfly-On-Desktop-Installer_891062.exe" -2 -1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1132 -ip 1132
C:\Windows\SysWOW64\cmd.exe
cmd /d /c rmdir /s /q "C:\Program Files (x86)\RelievedplanesftsUtility"
C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe
"C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6036 -ip 6036
C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe
"C:\Program Files (x86)\RelievedplaneseamUtility\RelievedyUtility.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2436 -ip 2436
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10764 /prefetch:8
C:\Users\Admin\Downloads\butterflyondesktop.exe
"C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-E55E0.tmp\butterflyondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-E55E0.tmp\butterflyondesktop.tmp" /SL5="$D0560,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Users\Admin\Downloads\butterflyondesktop.exe
"C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-IIF74.tmp\butterflyondesktop.tmp" /SL5="$30576,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10544 /prefetch:1
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1301466748060899839,13095150446916245968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.coolmathgames.com | udp |
| US | 172.64.151.96:443 | www.coolmathgames.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.intergi.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 104.18.24.242:443 | cdn.intergi.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 142.250.187.226:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 104.18.24.242:443 | cdn.intergi.com | tcp |
| US | 8.8.8.8:53 | cdn.intergient.com | udp |
| US | 104.18.21.56:443 | cdn.intergient.com | tcp |
| US | 8.8.8.8:53 | config.playwire.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| GB | 2.18.109.123:443 | px.moatads.com | tcp |
| US | 104.18.11.207:443 | config.playwire.com | tcp |
| US | 8.8.8.8:53 | 56.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | impression-inferences-edge-prod.playwire.com | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| FR | 52.222.149.14:443 | impression-inferences-edge-prod.playwire.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| FR | 18.155.129.39:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 216.58.204.74:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| FR | 18.245.199.156:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.199.245.18.in-addr.arpa | udp |
| GB | 88.221.135.25:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 25.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.34:443 | th.bing.com | tcp |
| GB | 88.221.135.34:443 | th.bing.com | tcp |
| GB | 88.221.135.11:443 | th.bing.com | tcp |
| GB | 88.221.135.11:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 34.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | tse3.mm.bing.net | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 146.252.19.2.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | bonzibuddy.org | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 31.29.187.198.in-addr.arpa | udp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | bonzibuddy.tk | udp |
| US | 104.21.78.241:80 | bonzibuddy.tk | tcp |
| US | 104.21.78.241:80 | bonzibuddy.tk | tcp |
| US | 104.21.78.241:443 | bonzibuddy.tk | tcp |
| US | 8.8.8.8:53 | 241.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | opensea.io | udp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | 242.121.57.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.51.177.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | secure.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | secure.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | butterflies-u1y.en.softonic.com | udp |
| US | 151.101.1.91:443 | butterflies-u1y.en.softonic.com | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | rv-assets.softonic.com | udp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 151.101.193.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.193.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| FR | 18.245.175.74:443 | sdk.privacy-center.org | tcp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 216.58.201.110:443 | syndicatedsearch.goog | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | udp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 142.250.187.219:443 | storage.googleapis.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| FR | 52.84.174.6:443 | config.aps.amazon-adsystem.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| FR | 13.32.145.62:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 172.67.74.232:443 | cdn.btmessage.com | tcp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 151.101.193.91:443 | di-images.sftcdn.net | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 253.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 172.67.74.232:443 | api.btmessage.com | tcp |
| GB | 216.58.201.110:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | 8ac3056e6e9964a8cddfef540efaf4ee.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.179.225:443 | 8ac3056e6e9964a8cddfef540efaf4ee.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| IE | 52.19.233.54:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| FR | 3.165.117.155:443 | aax.amazon-adsystem.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| IE | 34.249.50.233:443 | ad.360yield.com | tcp |
| US | 104.18.29.101:443 | cdn-ima.33across.com | tcp |
| US | 104.18.27.193:443 | htlb.casalemedia.com | tcp |
| GB | 142.250.180.2:443 | partner.googleadservices.com | tcp |
| DE | 148.251.44.145:443 | shb.richaudience.com | tcp |
| DE | 148.251.44.145:443 | shb.richaudience.com | tcp |
| DE | 148.251.44.145:443 | shb.richaudience.com | tcp |
| IE | 54.170.33.189:443 | id.crwdcntrl.net | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| FR | 18.155.129.21:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.233.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.117.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.27.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.50.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| GB | 142.250.179.238:443 | ampcid.google.com | tcp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 145.44.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.33.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| DE | 148.251.20.249:443 | sync.richaudience.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 104.18.25.18:443 | js-sec.indexww.com | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 249.20.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 107.22.211.243:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 2.20.12.70:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 89.149.192.196:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 185.89.210.141:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | bc-sync.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | sync-service.net | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 172.240.45.96:443 | sync.aniview.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 35.214.202.49:443 | csync.loopme.me | tcp |
| US | 3.211.75.57:443 | sync.srv.stackadapt.com | tcp |
| US | 204.62.12.209:443 | sync-service.net | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 44.217.81.132:443 | api-2-0.spot.im | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| DE | 18.184.206.66:443 | match.sharethrough.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| IE | 54.171.185.234:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| IE | 54.155.94.181:443 | jadserve.postrelease.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | 70.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.211.22.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.202.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.12.62.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.75.211.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.81.217.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.206.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.185.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 98.82.157.137:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ads.creative-serving.com | udp |
| US | 34.1.230.247:443 | ads.creative-serving.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 34.1.230.247:443 | ads.creative-serving.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.94.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.157.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.129.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.230.1.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| CH | 157.240.17.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 15.17.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7a1f7c3bc03d3de46733b173c436cf4a.safeframe.googlesyndication.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 74.122.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 35.214.202.49:443 | csync.loopme.me | tcp |
| US | 3.211.75.57:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | b-eu1.marketperf.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 3.126.174.216:443 | b-eu1.marketperf.com | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.174.126.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 51.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.195.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 151.101.195.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | video.fastly.steamstatic.com | udp |
| US | 151.101.195.52:443 | video.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 23.214.143.155:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:27060 | tcp | |
| US | 8.8.8.8:53 | b-code.liadm.com | udp |
| FR | 13.32.145.54:443 | b-code.liadm.com | tcp |
| US | 8.8.8.8:53 | c4371c33766dbca05d0606899409237f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 54.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 54.84.6.104:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | 8876029.fls.doubleclick.net | udp |
| GB | 216.58.201.102:443 | 8876029.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 12325200.fls.doubleclick.net | udp |
| GB | 216.58.201.102:443 | 12325200.fls.doubleclick.net | udp |
| GB | 216.58.201.102:443 | 12325200.fls.doubleclick.net | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 54.81.216.111:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| FR | 18.245.175.24:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | 104.6.84.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.216.81.54.in-addr.arpa | udp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | live.rezync.com | udp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | mid.rkdms.com | udp |
| FR | 52.84.174.63:443 | live.rezync.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 44.196.229.184:443 | mid.rkdms.com | tcp |
| IE | 54.170.198.74:443 | dpm.demdex.net | tcp |
| US | 70.42.32.159:443 | b1sync.zemanta.com | tcp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| DE | 18.198.78.89:443 | ih.adscale.de | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | 24.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.198.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.229.196.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.78.198.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 54.81.216.111:443 | i.liadm.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 157.90.33.122:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.33.90.157.in-addr.arpa | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.121:443 | uidsync.net | tcp |
| DE | 157.90.33.121:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 121.33.90.157.in-addr.arpa | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 89.149.192.196:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 185.89.210.141:443 | ib.adnxs.com | tcp |
| IE | 54.171.185.234:443 | match.prod.bidr.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.66.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 35.214.202.49:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| IE | 54.77.123.77:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | 49.66.101.151.in-addr.arpa | udp |
| US | 3.211.75.57:443 | sync.srv.stackadapt.com | tcp |
| US | 204.62.12.209:443 | sync-service.net | tcp |
| US | 8.8.8.8:53 | 77.123.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | secure.bonzi.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | butterfly-on-desktop.soft32.com | udp |
| FR | 18.245.199.105:443 | butterfly-on-desktop.soft32.com | tcp |
| FR | 18.245.199.105:443 | butterfly-on-desktop.soft32.com | tcp |
| US | 8.8.8.8:53 | d3gx3uz4yj2hnq.cloudfront.net | udp |
| FR | 3.165.135.124:443 | d3gx3uz4yj2hnq.cloudfront.net | tcp |
| FR | 3.165.135.124:443 | d3gx3uz4yj2hnq.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 105.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3fnqfpn2r2a3x.cloudfront.net | udp |
| US | 8.8.8.8:53 | d22blwhp6neszm.cloudfront.net | udp |
| FR | 3.162.40.174:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| FR | 3.162.40.174:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| FR | 3.162.40.174:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| FR | 3.162.40.174:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| FR | 3.162.40.174:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| FR | 3.162.40.174:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| FR | 3.164.160.29:443 | d22blwhp6neszm.cloudfront.net | tcp |
| GB | 172.217.16.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | soft32.disqus.com | udp |
| US | 199.232.192.134:443 | soft32.disqus.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| FR | 13.32.145.97:443 | c.disquscdn.com | tcp |
| US | 151.101.0.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | tempest.services.disqus.com | udp |
| US | 199.232.192.64:443 | tempest.services.disqus.com | tcp |
| US | 199.232.192.64:443 | tempest.services.disqus.com | tcp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| FR | 13.32.145.97:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 146.75.92.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 124.135.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.40.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.160.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.facebook.net | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| US | 151.101.65.44:443 | cdn.taboola.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.92.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | drugnom0x8w61.cloudfront.net | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| FR | 52.222.153.90:443 | drugnom0x8w61.cloudfront.net | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.241.14:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.241.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59a507ac065ada3f31babdef362e05be.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | beacon.taboola.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | js.centerbodyapps.com | udp |
| US | 8.8.8.8:53 | 89882a9bba8f1a4dbfe374a98c426778.safeframe.googlesyndication.com | udp |
| US | 72.52.179.174:443 | js.centerbodyapps.com | tcp |
| US | 8.8.8.8:53 | www.facebook.net | udp |
| US | 8.8.8.8:53 | 174.179.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d39gqu6btbxc9z.cloudfront.net | udp |
| FR | 13.224.58.73:443 | d39gqu6btbxc9z.cloudfront.net | tcp |
| FR | 13.224.58.73:443 | d39gqu6btbxc9z.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3jj3bqika1l3e.cloudfront.net | udp |
| FR | 13.32.158.56:443 | d3jj3bqika1l3e.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 73.58.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s3.us-east-2.amazonaws.com | udp |
| US | 52.219.108.33:443 | s3.us-east-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 56.158.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javascriptapiusa.com | udp |
| US | 172.67.143.98:443 | javascriptapiusa.com | tcp |
| US | 52.219.108.33:443 | s3.us-east-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 33.108.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yourrocksoft.com | udp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 8.8.8.8:53 | 54.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | softwaregamesdownload.com | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 186.70.67.172.in-addr.arpa | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.216.221.140:443 | ad.360yield.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.221.216.54.in-addr.arpa | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| DE | 178.63.241.79:443 | s.richaudience.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 8.8.8.8:53 | 79.241.63.178.in-addr.arpa | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | d3fnqfpn2r2a3x.cloudfront.net | udp |
| FR | 3.162.40.208:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| US | 8.8.8.8:53 | repo.harica.gr | udp |
| GR | 155.207.94.27:80 | repo.harica.gr | tcp |
| US | 8.8.8.8:53 | 208.40.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.94.207.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.harica.gr | udp |
| GR | 155.207.94.23:80 | crl.harica.gr | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 8.8.8.8:53 | 23.94.207.155.in-addr.arpa | udp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 172.67.70.186:443 | softwaregamesdownload.com | tcp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 104.18.21.54:443 | yourrocksoft.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | buddy.bonzi.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| GB | 88.221.135.25:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | butterfly-on-desktop.software.informer.com | udp |
| US | 104.22.16.194:443 | butterfly-on-desktop.software.informer.com | tcp |
| US | 104.22.16.194:443 | butterfly-on-desktop.software.informer.com | tcp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | software.informer.com | udp |
| US | 8.8.8.8:53 | i.informer.com | udp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 104.22.16.194:443 | i.informer.com | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.16.194:443 | i.informer.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 194.16.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.179.117.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.159.155.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | p4-emxhpjdsvaums-dtgkbq3mhkuh5pw2-if-v6exp3-v4.metric.gstatic.com | udp |
| GB | 142.250.187.227:443 | p4-emxhpjdsvaums-dtgkbq3mhkuh5pw2-if-v6exp3-v4.metric.gstatic.com | tcp |
| GB | 142.250.187.227:443 | p4-emxhpjdsvaums-dtgkbq3mhkuh5pw2-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 104.22.16.194:443 | i.informer.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| GB | 172.217.16.226:443 | www.googletagservices.com | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | f416626d19271510c6f01dec95925c91.safeframe.googlesyndication.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | download.informer.com | udp |
| US | 89.187.179.101:443 | download.informer.com | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | freedownloadmanager.org | udp |
| US | 74.117.181.203:80 | freedownloadmanager.org | tcp |
| US | 8.8.8.8:53 | www.freedownloadmanager.org | udp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 8.8.8.8:53 | 101.179.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.181.117.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | freedesktopsoft.com | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | 95.117.46.78.in-addr.arpa | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| CH | 157.240.17.15:443 | connect.facebook.net | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| GB | 172.217.16.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| CH | 157.240.17.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.17.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 95.101.143.202:443 | th.bing.com | tcp |
| GB | 95.101.143.202:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 202.143.101.95.in-addr.arpa | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
| US | 13.57.121.242:80 | www.bonzi.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_1604_WHFGWMKERPKEVCTX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ed5cdc5018f67dab1aef54058b79897 |
| SHA1 | 4fbe9781294f845e5ba93978afa27acb0b7e7e91 |
| SHA256 | 4a0b1ce1e4ea329d6e0acab1fc36530b248f007d77bf4af6b69abae53f677cba |
| SHA512 | 2812af15a49abed2de24b504fa39b3061d2d322fafacd1e2a1f18e7882c9aab9dd62a017cdffbd1c0e8af7b169961684b4d07e1afb13577d9ddd86f6eaaf7511 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4701c0d72113317010f9c6aa92763cc9 |
| SHA1 | 57b78da6d40ed28e02c5e10645c83a6c9988bf9d |
| SHA256 | 95cf23c69dfc20f6d3a851b3efd32fd5a3472b9c634163d1a45c4bb596f5199b |
| SHA512 | 3ab0377cd0ca9cc293169d151ea35af236becc4963fc59ff54045677897f272e56cca84ad3cb3c75e9e8da1bc46dac94146af07e4f335e425057430e85592812 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c86f935ae2e07ba654b9658a64031fba |
| SHA1 | 70f587300145e726ca8c6dd9d84db469e7f4bf95 |
| SHA256 | 7bdeda40fa54d401af3865314d913d96f2b9299d23a23543e17cf7c00f866861 |
| SHA512 | 9e11d6357215c9e769727e263b6e720bb7f72014d7f5b67cb68ff5e61964242f68dc18ea0e3174f3e933d1caf8ca53defb36005926469b026a2c991ceccc8b3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbc76ee51157cb3c7b0ce58615d169c9 |
| SHA1 | 7fa3d2b275b5bec9f35f9154a26d33be7c77c5cc |
| SHA256 | 3267aab205879d87f18af317d6e52cb5ae5089e52fb4825ea8ced054b2c743be |
| SHA512 | 257db956af799ffdc11881e4e3a5be14a562bd321c89738592ca3a6b1e4fef5be83f18ba6733aae1b7bde17abf8afd55fb281c4ae35c7d747dbeda8e0772f531 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4706cb096443572a80f1d6da54bd3b21 |
| SHA1 | 96df3d45fa8288e266412cd5bd3fff589cbbc3b2 |
| SHA256 | d70e3ad4274be84e53c6442a806f51a70feb1c5cc9947ef2b7b87b9a4e619abb |
| SHA512 | e1251aa918af4ef581a93f556c3751a89e81c9a68b56b5b3cce683e1334cbdfb59991a8b3cc6464227df6c8de3acbfcf9c33ddf42b684690793efa58cd70a875 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f695.TMP
| MD5 | a8b3b0669661f1d61c37154e73326a16 |
| SHA1 | 3682c8e180296ce938c3f6f10a41d5c062f4cabf |
| SHA256 | 5af9e8e76bf15fdd086836e4798ab21bd930863e9d530b07427049164f923f32 |
| SHA512 | f4a22db519215e563d9e1de12ae48acc3e26c25ae5213c6e7991376fce398420005a974330d8228d2b6fc372e875f5c266c87d814937096c50661b51b59ea248 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e8c6065a808c8b9b55c929fdb135824c |
| SHA1 | 4ecb6c979660baa4cb7aac8fdaccaa0b1ab8c395 |
| SHA256 | 0ea770d12626c018c36031b6420f746aebb2ec31b03b3705131a3da90f2a9f2b |
| SHA512 | b7ddc1bf5b01d4e13ec152a8acf4a067581f11f9e7cccf2b1bbe40bebfc7deef5fc4642b53bfe42df0301d4f8f36ee57b7a7829d4d34b6d3a6fc9bd0c7e528a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc9d63c26a86ecee6a6d35e3c687d567 |
| SHA1 | 0f2d34f9e22b1f9daf358a1a36dadb3501ee707a |
| SHA256 | eed91aa8d5311f1a0e77e16bf54595d41310e4dd56b7dd085515accd4ba66f6d |
| SHA512 | 07ef74d09ffdad03db6f67881753090d869cbcbaf15eabda409e5dae8c1261181457b67b490aed3b8c1291b82c28eddee6b495ef0ef914c010738aa663782c25 |
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip
| MD5 | 3ad6374a3558149d09d74e6af72344e3 |
| SHA1 | e7be9f22578027fc0b6ddb94c09b245ee8ce1620 |
| SHA256 | 86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff |
| SHA512 | 21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1edfaaa204a7e5bf4dd07894ace760d7 |
| SHA1 | 061be6ba350a033ff48349c5b5d4d5eaead86461 |
| SHA256 | d3e7c41eb149c9faa333d595b826a774d35c60a31dd590184e9cd9846d0b163e |
| SHA512 | 9032468b01cc3a23b63785bf9fa30d460ec47b4ea0ea717c81b48857c76fee9608fcd60f247c182b22a7e7301b2cf170483f0fb6825a3547302bb7a706c21feb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a9bd7fa8a024541e88c6a40eff8aca7 |
| SHA1 | cad445eaac109e38c73172548c90cd65da64e53c |
| SHA256 | 1cc0585577e3cca133245193b5ee9441d816187764863565d365920b21da4260 |
| SHA512 | 5aa334ca8f45eb42c3a3a3b7947f6ca23b45d1efc233aaaf3beccec996eea7ca422592940f437de5b530d19461258f657eeeddf5ca605daa9d0ab9bd4912e8c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e26315b4fc266f638de1015bb3248e61 |
| SHA1 | 11f519032e26c2e624c8856cf258fd4557d25d35 |
| SHA256 | 4311410af2e86007072fa5b5ec20cd24c23ccee66da36b50280a3a99763a9889 |
| SHA512 | 861b3f66694d076a4d3dc600c8bbb70b77f4f74ea124c862d1ef8410729ba39608ecd911df154b3198520812b26376e0596cd6eaa79da37a81a4935f5cb1141c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8d8612d32fb4e41909c09eab0d7ae320 |
| SHA1 | 3101101291bc360afd5fe845b803d3007f930b97 |
| SHA256 | bdc7b895be421196caecc75fcc829b11ca20be89757076919708141715f6a0fe |
| SHA512 | a75d72359ec6dc6ae4c4ea3629b5efa2623d26ca689579b23df8be8aff54d9a5a876166300b4ae0a730ddee58915bf752b2e2d89dda87db7a68a3a8dc9910c6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 38b27dc598168868a3d88450dfae4334 |
| SHA1 | 5839a61d7678fd358739ef9815d99f3aeccf3e68 |
| SHA256 | 75ac59124f5d59a6b4d0659c2e1cc32492baeff57d263a487cf460501b2b001e |
| SHA512 | 688ecf91b2031451e1b3c8dd4d2d43775237f0a99d18bb517294c6b909116b2abee23351e6cbe6b65f8c8fdf8d67068f104be996baaeef9adc2dfc6aaedd517d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bee3747bec8e292cae5187c5a1122473 |
| SHA1 | 649829f470303b4ce8b5692e3acf009d02169407 |
| SHA256 | 236a609353ce16f47346d28bc73c02469f8d5e87402eef0f2de54eb09cdaf470 |
| SHA512 | 885591bf89b7e36c00fb2099f09da3633cb8f9f60471824a7d8ffe573df02b1eec9af54c6007a050a4d51c22232db281ce026f0dd2f6cb284ec5897832ff8404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d1884ece4e81adb890c4aaf5f205159 |
| SHA1 | dc0e51c6f6cb2dc29072d77895082d9acd95632f |
| SHA256 | 14a33acd739d61eb38843c7e99471097f044b867efb0f1c7d4b10d26f108d318 |
| SHA512 | 735c702d866ce09904156b15a68e73736ed0f9ad24a217a8ef4d6265d1c9b1f5a2da33eb0bf306309f8dcb866eb24a5942fb28e5857bd7be1c1978f4e5ac0a0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8bc6dbbbbec4b203be6afceadfd7dfc |
| SHA1 | d4554ca1d0d1c365e47a92d041ff3072db14a6c3 |
| SHA256 | af93dbfbe61d38d88d6b75f6e59f4f4cb6d802af18a80204164368f7a352ebcf |
| SHA512 | 12f8da9e5905122b1b4e0b4ac383fdd905043f01a4c7b812f25c550d04a4bbd637ec5efdb7a7c1c8911938e3a4a466d292840696b18121750b675ce80bdf75a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 0226f8de1e27a4ea1675c906aa32e72e |
| SHA1 | 6be3cda5fb935d130908ab0ba80bb926f38c75e7 |
| SHA256 | fc1a6e9a3ea7894abb8c67345924fe74bae481b0e351ce3eedd0cdbd0d9d8459 |
| SHA512 | 5a9f280e79ff805409d50c4de5f03fb827d72d692ba6e3250943af55c43beb58af65598d5e5c7d2fb583ff0e1fa5795103559bfd7aad284fe12060626d7b72c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5ab793fc1af7d72349de4ccbe3d0d0d8 |
| SHA1 | 26c12c7950e17162ae1ff727786ee0a227e2034a |
| SHA256 | 8b298e15e55a44cd4b6018b1092d5a86b6026da93183c3902f443b20ccba6d34 |
| SHA512 | ba6f9138434951b75779967fc422e3ff318cd05f004835dd839b6e38156d124c6edb3477879bb1900c80a8f430af4c58004a5cdd3006bd9883ab29d1c00fc2d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45e84ac1bb67575c4d02fadbcf14c30b |
| SHA1 | cc62a628918c5ed6277d35efef108ffc761dc771 |
| SHA256 | ca4b48f291ff9dc2e9e659a6b7b063729bb277040c2e4828746e5e33d830681b |
| SHA512 | 3bc5f14d749112b9bb9e9c52826bfb8a46dd5f69d13e3888207e3f8b3e07bb8b7dfecfd827e609dfbe8ffc92e572bdbd1bd54374d3e3ef6fc79f7ee1317e080f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 4e786ef6de6d058a7ee21d714b5878f8 |
| SHA1 | a25cf3a4ef2c4208064a295fc00bf84be1557e8d |
| SHA256 | fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57 |
| SHA512 | 79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 551ec1ab5799476429ed57184a6e0502 |
| SHA1 | 7bcf188080787adcbcf62dcdad2ffa9ad38e1301 |
| SHA256 | a26c3b6f6f77a35a297032c0ab11fa2be0a3e3d0091d7d2cf275fd40c84a43c1 |
| SHA512 | c9f59fa7160d68e2eb1cc8453a770423af23c2ea93a779aca1180111705096760aee976db84155973402731b113e7e4266772d32d1efd3fdd674d2ea0e5bf058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | bc85c721d2cbb8d85e396e8a48ff1559 |
| SHA1 | 2bd69bd75fc9217178e67ae829fcb4fd87eac411 |
| SHA256 | 7da0f63bd5f7d984babd0cbc20fda7ea38a66115f7e91702bc66e29845824f52 |
| SHA512 | 44e29b0be6be23a569587bad6a00f277f769d4894029e037e1da59d8a0a49473dbc0724145ed7c20480207c21fda8a84653fd1cfcaf8e2298783f006c0e99824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 37573ba0592fdbf40d4d9ed3b5fff664 |
| SHA1 | f16fcd431a0183c37a39824f2bef24ee4c0dd886 |
| SHA256 | cf11c85cd2e2ca3ff70c19dcc2b8ffea68ef263577ca3d3206741afcc88ec7bd |
| SHA512 | 340ba9f194bc8ab2c87152716603676bf3c4c36f6a508ee83c8d6dbfc70b22c8b9e5fe4882c0418cffd3f7c4b383eeaf5d11eaf42c5d11f88dc452c48d6c4afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 5a269260e64e2029ed9ab284a5c58114 |
| SHA1 | 5b72db446cbbfd581f4f7199ecc6e679036e19c9 |
| SHA256 | a360f70003fc7abf1ade82c6a6fae8847d80b0a9482940815fa24d869434c858 |
| SHA512 | f1f8fc0776bd5f44c3cb8f95b5f710fb50cb98a0a7d234571d54b18ef8c9f7c3f12ca248096925067edec1330e159e56c135c9e7a4eaaf5a2235f3f15df1a22c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | d34875fe1c47517f4081a1e2c5bc91f9 |
| SHA1 | 204fed3cda5eea26388e139dd1600682e7665cf6 |
| SHA256 | aff6fc26fb0c69a279bdf9b32b4d2560cd47039470cca8248534daf8d0876186 |
| SHA512 | aa164260951708910e1cc3d83c17f2d176427dcbe53e1e13cb539d65317a1750bd1e482850049e9c126aa5e70fbdd72db13d50367b90c8b8b37f01a264ecb148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 9a861a6a772b86aaa2cc92e55adf3912 |
| SHA1 | 85156e7eaf0d3bff66bd6119093610e8d9e8e5d2 |
| SHA256 | 6e7cc83f3b23d5f48bafdd934321de60485eb8d9ced04c6299e07dc6bcbc0d1b |
| SHA512 | b0a051e2e703227a55674fe235a97643ab1478af2384a5a974605cdd0e4ed79916d65e2adf61d19f59779da920699e74ac72cce05ec078f22f9b6678c5022a26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 1806db26c5d614e263c1cefdbb1211b1 |
| SHA1 | 412443dfdf346d3dc2d68e30cf717b402443f939 |
| SHA256 | 5c191b166a2ad5f70572dea7fd656306623e3274a544d8e084a3c5f28b9acfa2 |
| SHA512 | 43ffd45fafc2063328297193a992dea6e8d389943b3d39fb393e74d8bc64ffd50017be0978cc9b1c1e1242b88486e36d5b33840008e2482098c79814de4ab2fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 46c65c348f90aa174bfc5f9dbacbc3a1 |
| SHA1 | f3f1cb408e89e48b14532730632dba27858d2676 |
| SHA256 | 0b36587fac66193c3e84fc32c4edfecf3b9a8717aafea51178f5480239bfa008 |
| SHA512 | e18be3c74e039ff4297313b12abae8719e26eb852724a46f119121d008a7165e249bc17d17b3275a108e6de14b1bc443a7827589bc4fd46d616de699b8294ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8524baa64b0763c80dd689bbb89538ef |
| SHA1 | 94fe2718262c5f02abc8919955526960736de0e8 |
| SHA256 | 92df193dd808cdb4eb0009c45bfd18b098fbcd4f36595c3dcaefca2b9deab827 |
| SHA512 | f765e004347edcf312a6b4c6d02b69a765f3c4f1ee393bf0c7d122d082ec8d34329fb40ad2255f3589448b9d0e5928346b24e8e83d7c33beb4e36f0f2e06d8c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b4a69c7459e7994e9861b416ba4e7ceb |
| SHA1 | 7eb23492179769db9796406a8f3df721eeb0540e |
| SHA256 | 0b32f8a623086887c21acf812359b2d62fa6154f16610e56368aab3617081c07 |
| SHA512 | a9db23c7802b4d8cd657e487caccffdede3b36ed83872f66f1a6c372cd88047f5c8868c833e1400d8203144ee82c12e8dd600839db484dd54d2b87e0e6fd93e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 607c75afb8b60ab2a5c805d5e6a6f50a |
| SHA1 | 2ada596df3da6f2fa1dd7ea99931f13690584186 |
| SHA256 | 95fbd2164421989667d3ae873a2f8170a1171fb97432dc282fa4d70a0f7c8bb0 |
| SHA512 | f34cb982e91ed7427c8e596fb571d5852ce9aefd7f7a7ea2791c115bd628de323f3b5973472dd7e849a754446f7953e3f3cca61bd5b8c9ee4e190a777ed55aae |
C:\Users\Admin\Downloads\cryptowall.zip
| MD5 | 8710ea46c2db18965a3f13c5fb7c5be8 |
| SHA1 | 24978c79b5b4b3796adceffe06a3a39b33dda41d |
| SHA256 | 60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e |
| SHA512 | c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 57146d1939dec80428748ad553fd078b |
| SHA1 | 3cb41b7302ae152de708e8d48215f8913d60f9d4 |
| SHA256 | 403fab4da530e40e201169bc8ed0f177c1f4af8fe133fadb9c6373aed1d81d24 |
| SHA512 | 35ef1c71bd288d15f56741f4d90159fc173edbdc8290a5e4a579aad8c890ba8df28ea0ed234c858050957b89831b673ee6df043663174e753558f7de955449bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a35995d05d1417b62726f73428a6dbc6 |
| SHA1 | ec272a5117d0e7979e178f63685f56d943d66463 |
| SHA256 | 5b09a2d48b733e2fad16cc190b7c2457350c9f8ca387f5851583918da32d68d1 |
| SHA512 | c421147e6679c44bbee752e316bdebdb7c3c7754d4cab46dea32aa322f8c5cfdfde6c8b81c28a74d360b9a915f2394ce079f2a860e6344c21d420ce8ad5f37c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ddc316ca3795013f77d83856f2ecbde6 |
| SHA1 | eb817635ef703d32b84cb8fedee42bb2d1b21bc2 |
| SHA256 | de4a936f65cdfe07b8bf391a6b53e8d10092c903b522f2a7da1eeb7f619032df |
| SHA512 | 1b0602fdb25c225cb2857edea21e4ba3d56c51287ec2d979f69919236bf7cd79776e0667ea66c28387a693049b63899fe1a644b809ed6bd5e5c07c7015fa4323 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7db612633ce3eeaae18c03464ddda495 |
| SHA1 | c78ea3c1ed8fc8e242fc551762ec5d8ebffe9b2d |
| SHA256 | 2e105b9b8458b51422dded0602d02493ec5db897b8ece1dd6a0c7180d3404312 |
| SHA512 | 8c51a4a0245d24f30347096ee2a9fb5e7b4964b7e8b38ee5a3470b8ba2b52ef1953e59d7659c02af403bfa58179e6b23ec1ffb5b86b27a52e98ddcbc2c5e7c3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 189d8030044defd0fac9358287d4d432 |
| SHA1 | 52654f1ce060a5fc3e24b85ad5aa49bb595e1817 |
| SHA256 | 8c243e00654bbcc8927630d8502bbc1903f6dd2edd0acb69fa8d4570aab69f6b |
| SHA512 | fcc2b9d7a2da9741f2c850f43c2e4e66197c2ebd2139a6676db70e43db313a111da1ce9565ba881ce36df1366f62c5c12cb566b46cc20ca6581fd6173372ed07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ed12a11d5a6a7a7cb10dbfef974f2e9 |
| SHA1 | db414305e59650e2db000350338ac635edc716d2 |
| SHA256 | 69774a6b98a707b8af5e152ab2a47b23d4d93fa88ba3bda16d6c0bd262aa307b |
| SHA512 | 13b467ec28ae02f3a6330f6b5ac41a256ab0ad61a661619b4c265dd34c09c0bc525f0df5578a843c3045959a6b97adbc8fc026803cf870cf0cec26796b9b3268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 2227a244ca78dc817e80e78e42e231d7 |
| SHA1 | 56caeba318e983c74838795fb3c4d9ac0fb4b336 |
| SHA256 | e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24 |
| SHA512 | 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | aa9d4b0371cd9ae330d7b131493f54c5 |
| SHA1 | e83c2b6b6f023a6e00d18f0c9ed6b8ae9bab1459 |
| SHA256 | 1ffe9b8b344a25a19f33e5900aadb00e53b8bf1a22210ab66c7b50bbcbea45a1 |
| SHA512 | 337e27650c4b534683c8589dc4787eb9bcfecae020bcb1a507a1530b1fd7562ba8d185157e8af23b06e80cc70136f51bbc0fc0ac63e581e34e410c6d08d398e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 57fd36f7a8616221071efc002962ce95 |
| SHA1 | 91a2a8972b3eb1e6f1b300fa3f142121373773d1 |
| SHA256 | 7287f93786e02abe5f9c0d40b2cd376c242b59fca5bb42e7a7aeeaf38bb85a29 |
| SHA512 | a16bc3c59fa7432404796cb46771cc3648396e5c5ecf3d52ec3e00bdf70ba0dd0cf38532f0e57ef58f58c323737829f7c75a7c286dd69269dba4ccd55e7f7a99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0
| MD5 | 7c780c7d7fb470c60ba90ee1f47c0b93 |
| SHA1 | 3a49665b9ebc34003cc1027ef2d4e5b9a1085e41 |
| SHA256 | 770b81e9062cc1ffde14b98b1b813ed252a3bca8c135b63c3492e031b5e2ba51 |
| SHA512 | e7450d1e89136c086d754779aeb1710dd0ad9e1c2427bdf0cc6b025b999b96e5d4ae60624946806d104970b665b991e750e13e96e5bc1a463f95e5c974ba8e6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c17733a7298ea58f7ddb29494fdc870b |
| SHA1 | 87175127d21a1d60ee7ab90c655c81815b4d9558 |
| SHA256 | 7da0a64138403c9d5d36eeeaddc1277455a1f3d1c81b9e2ad3bf071eef3482fa |
| SHA512 | 4858ad84e9b6280b595864801e26fe34ea85a57fd5b231cc493fe60b7a471b95009a13ec91bf65b5c7809596217d49c7447646d48af98612833f4fecd9c27ec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | acb466dcef1269bebcb39051877c18ad |
| SHA1 | ed04727fae573f89589e7ab7c38080566ce4d482 |
| SHA256 | 92a1956cc6c760316db65aab3c5ca606db062317e0d75647fcf96ace1b73c922 |
| SHA512 | e67c9ca3322d117943aec1f33fcad6e87186c177aa1cff41d4b8c51a2c3afc511c4140527edd5b979cc5add023a4c7cf3896ac5ca671b9dc0f2e7586f556716a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 76fd0c4de10b3ee711eafbad5fccedd4 |
| SHA1 | 28ec64504a04936db71d50737dbd60a12309aa6f |
| SHA256 | 8751bcaf540a459fc4fa880fcee8ac8cb08920050fb96edfc3b8d097f3a1d159 |
| SHA512 | 6d71d963c26c7e32f7181d0329cf38710924dd6f1d652ad078c55b1b7b98e52e12201e91530a99c816cd2a42c9193c0a100a68cf885c6506fd3281c4eb0b6e3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3c5e70a47149c32c4d7280f281e4041 |
| SHA1 | 950c7dc20b5df9dfe24ba75fd3bdf7cff723c226 |
| SHA256 | 5b986d8da42085e03508679912a784bca113dce1e910653bba74c8f52c99f5c3 |
| SHA512 | ddf1938997521afd44be7d6a2d193370b0e84306b7e8fef6a80ff56991666844b48396c98ce40924f19558af486bdb60984a15a9ec865fd7b8d9e290dae30765 |
C:\Users\Admin\Downloads\Unconfirmed 619475.crdownload
| MD5 | ed4073b09d6634743b40c8e5dac7535f |
| SHA1 | 8dbb52b792c3e747a501f4ef323f189ab4abc030 |
| SHA256 | 039a88fdeefddf5b4a4e74f474facfa1edb07886aab3772f234809e8d214ec51 |
| SHA512 | 4cdafd2ebd902025ab78135cf5bddd6bead94dad6c588b25cc6130868c24f6a84b872547763ee0176ddcf9c11246218bb3c79964e1fbb616a3d079426f1c8c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 32e84a0ba35f9e670079142c8d4c5b81 |
| SHA1 | 0d0cba2f1e4c77e11ecbb73f75ea088f82dceedc |
| SHA256 | 7728565eb68cae62f20bc0e3ef0715332ad3231ccccdee83bb7b479736375c91 |
| SHA512 | fed4828193bcfae22754f40b0aac1e04569aca33767c781b64ed03d4198c467e50ce6adf36bacff3b9d5244deb85bb0bf0b2b081a865c353ef2b22f2b06cec99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c5fbf8a271daa8d4529c6185c23474ac |
| SHA1 | a22831df8f31f5d43bd15e62d0f5885295947a7b |
| SHA256 | 6ea56dd32f384eaf6e71a7bc1659f8db8ba2287318205b65648de0a7f451faa1 |
| SHA512 | bf00cd9ffb7c743595a8c453f318feb7e308a50194dcde7602e69f9b5aa70acaf1248a20d67f40519bb575120f7b7784c641b87d33ec4c78bfa3a0a1d8689bb8 |
memory/2560-1634-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
memory/2560-1822-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 578bebe744818e3a66c506610b99d6c3 |
| SHA1 | af2bc75a6037a4581979d89431bd3f7c0f0f1b1f |
| SHA256 | 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71 |
| SHA512 | d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36 |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
| MD5 | c3b0a56e48bad8763e93653902fc7ccb |
| SHA1 | d7048dcf310a293eae23932d4e865c44f6817a45 |
| SHA256 | 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb |
| SHA512 | ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
memory/2560-2515-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
memory/2560-2683-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | add641e4c47859b91211a9787726747b |
| SHA1 | f5df687e924731bf007d15eb81803c258307a955 |
| SHA256 | ecdba8a3d6729d8fc96c4cc03960eb8e38ce6451ab086258c2a1939bad93eccf |
| SHA512 | 03c0367738b96462dd13de7d03f14f1d5cc7459d861551ff71abe42fd866018da6a5a7b6171546da6734b83b29646d1c4b2d686580e9919c386e21065bb697cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6f611ebb9df6776afef388564e1bc44c |
| SHA1 | bb8c6f518a26138d85ee7f6b4a9102dc5457609a |
| SHA256 | b240cd90b500013cfe7b8e098c03aac97e9bc59ee487356be916dc8e63ed0c17 |
| SHA512 | b2978756f787bcce933149dd3af94c04bc6d941d6c2d5dd5d907019f060db00cfa23996d0089203273424aa383fd09cf8b9b4bbf4228e03b5f927be6fe8a1842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 589a21c9e05840e7f0303681137afb5a |
| SHA1 | bdb0cbda741e46dec4599aef05cdbfba4c93b6de |
| SHA256 | 4b4e608384161f0187989501cbcdce9707bea76d77a129adec005e45f741e29b |
| SHA512 | 46baaaa69713a1d4aff4d760b51b9ad85cab978605fcb312e476432f0400c6ab267d3428f5ecb75c3fc82df67f5faa04f2095406f5510f6ed9361f536d929852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3bb7abf45b20325914d9b65ef26710c3 |
| SHA1 | aafbd5f264265c38a4ce16cbf8829ac105908fbc |
| SHA256 | a8e82bddf05cd950c4c77d88611df68052155c6535214d6d6835488f8fad1d94 |
| SHA512 | 187ae7444bd995c1bbb10f20fb1e53265df09b93789a64d557d6c2375792fec7b35f296e7f4039253191466534b0777962bb3dbe3543d3e961b5509256b865a1 |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8796ae9e056a1790974314161ee9510c |
| SHA1 | 83e8a642a8f6cf5e57f9dd75cfba850a2bd9139f |
| SHA256 | e77c6c041edc0880c336a445664f6a6a23f97bfd31dbbb7f0b8e35d94ece7d8c |
| SHA512 | 664ed2e35c958c3cc43c15a82be312226979b3a740e702af5087e192192cb7b3ac9b8951329f964c5c174302a6c39ec207d02cee1cd3055d0a626473abca77e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55520d7f176e5762f0cb6dbd878a60e1 |
| SHA1 | e8c3d7645e126ec5c76b5d0035cb525c46178dd6 |
| SHA256 | 6caced587b61045dad5dfc295e04b6098d609735b51ea3b436fe1dc8a270881d |
| SHA512 | f664ec08a22abf9e4b4bfa64d01d6975ba699689f23937460dc481155c40c4b0528b7eff77911e850c11e672d07dc2b06e1ce69360e5d71e149d5515788e9003 |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | 4de674e08ea9abd1273dde18b1197621 |
| SHA1 | 7592a51cf654f0438f8947b5a2362c7053689fd8 |
| SHA256 | 56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63 |
| SHA512 | 976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ec0155aa1393a611de175a53aa31bc7 |
| SHA1 | 9d943790482f5cf2d2c6d14574198b880cbfe312 |
| SHA256 | 6a1ac274f6b58e1a8498201238d9109103adcef7d5d2d05ea817444d74c73f20 |
| SHA512 | e4f89e31e0a2027920d20b7f9500a3c99b3b920600f7ab6948fdd5f7c2fddf0ba7ef1a190b49e2e80eb0f013afc7ee2d2f120f65d3606aa538de444098b369ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a267665648440b9_0
| MD5 | e11980edc1f6e32aee879b57ae6d893d |
| SHA1 | 53c6b3b7fddbf81cf9f7106c3aa7f313fe2aa948 |
| SHA256 | 0bc57e95f6bc8e495e03b2aaefacf12f87ba64a33651b22fa92ee113115eb571 |
| SHA512 | d38d4a1b377744873dadbdf3308011d46acf0599ec14b89ec0030357eddb3fc4c8a541fb92e7eea08778fbbf32101e6d6f48545a43f44be58997fa3dda4b4e9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a334ebe302b12c61e255965c20dfecb |
| SHA1 | 24b67f3d0419314d3e4dbbb0c18adf5d06c34dfc |
| SHA256 | 329ea7cd4d0a534053b72175fa9f16e95caf15e3a2b192edbf4400e4bb75fafd |
| SHA512 | 81ac5ba6a2ab6c662d5c4a575effb1cead4b0126b471f98e173870319ea4f00bd9e89572b500d2f46cd134e1fd1da0565988fb3c6a14b4d69df5675257b5c4e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0
| MD5 | 7ac2e80dfde60a1b77a5787c7faa2cf7 |
| SHA1 | 41008441dd8d04f56f989efd283164adafb65744 |
| SHA256 | 77ddaa4ba89172e289fa4c8d734699e540e77565f8c71276e1fb1b1a2c43f690 |
| SHA512 | 1570f3f659915d34bdf83b3190a2dbb6c53a25e711db7ea098acd9d9039e1c8f93d0b74afdf35ca0063a26d1d0c8eb86f96951d6876b9a747e43a75ebdd9165a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0
| MD5 | 29bf0037538bc22c945bdaf400d923cf |
| SHA1 | edd1cae74870edc1c57e5d5983d9ad256c8f2512 |
| SHA256 | 2612d16b92642569d5fe5bcb6c42fed5b2b8b54dc067ffcd666c6aa01fb651d7 |
| SHA512 | a2a4354a6be09e94bede2aa2332bdf7b3a0a372b0d22173ed36ea7ec20ea1d6a2195f0a0baeed2179606ec1e54734acbcd001661bbaac651c2a2c44fe32cc35d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f54d7f2e6cf0b1_0
| MD5 | 81fe2d5d962b01f43af5c5e00a9ce3d1 |
| SHA1 | 208613c10960bc1da5a92003065c035b55cc90ea |
| SHA256 | cf3d73a49c2bfe90e098f612f3bf023774ff30aef37288670d616a5b3caa6039 |
| SHA512 | 95a212496cdbf882d44674d7cf1c0552e3b03437fb5f2fddbc9d0737516a8757a086b52aed61c0cfd9196c06a7a0532010faf32ceec8cb6c4d281360815ea81b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | f2f6285818b79ed1a77d8461d5349ba3 |
| SHA1 | 27c2d84eab4d18e51c00c22e156811d92ead00b7 |
| SHA256 | 60f900c41f27f6f4207b90ba7e57a0989b46e403f3b08f7fadf9e2016d27e67a |
| SHA512 | bb1f064193b7a9449d91a6eca1a7dfd163458840a5b9cff25840f3e9bda02f769e93e18d421217c92780531e3613e6be6430dc77b92c3fbf090160e96e07926c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0
| MD5 | 7cb7d99e8e54d56a4ddd7e0ea9ecec20 |
| SHA1 | ebb94436c806e881b7d5ebb26fb95fe761d8e02f |
| SHA256 | 6c1bb2c97aeb624fbed0823be5ac7b6b39f3cbbd2ff89e209088647efc11981a |
| SHA512 | 101558458435a320034e96a451ec03029778de3bea73ab4bfb1ca200dd76469f6aab612689c716b09e1851b3627f8c5af20b5786ededca59090962775cd84cd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0
| MD5 | b29b85db4766ca2b70e27d62e36b8d88 |
| SHA1 | 890651f58dbb056fba60e07434901afac4afe290 |
| SHA256 | bf586859b7b798e6884cafadd5a4ec18b35759f248253eff41c5cad49154357a |
| SHA512 | 5eb1c260d0d36e17b38442aedcafbc81024d8e2f7d15e3079ab39d01760dad475300698d2682cc9a1554165051097a55956aea0071b7e68806f865321cff62e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6f1ca0f2aa59416_0
| MD5 | e18e324aaacbfa891e1ad92453401389 |
| SHA1 | d6b72f1698d626cda0615d566deb96ada3c0adbd |
| SHA256 | c24ffa0710b99d57112d4de2f05b9822d3da75f573e829f495c789e6b425ff98 |
| SHA512 | 747ab598a4059c94870073820d5f5c02178ae84cd9e95279d0e443b5351837f882f3ca5451c9da8c19399e1f699a0b91697c6745dfb8f2045f70cb58fecbc415 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\605167868572c6c4_0
| MD5 | b5dc6ae305083f1c9214caaaa2af606c |
| SHA1 | 04c9a45469c497a9c1c936caa6d279d6512c3682 |
| SHA256 | b362f0c53e9ed8001f7c9cf9b3a9fbe060ce3c84723864d16a41c9b70344727a |
| SHA512 | ac616bc7bf1d20622056aaacf3ffe39c2a5a92d961940a245a3a0f2c49b724fc384e4a189f0412f2bf8545f4301e95000f692b13bb7974c551f2deb7e15744bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | d92005ff9516c91c1d58b303a1e5c361 |
| SHA1 | 66e0f078fb4129a26454f9bced7640544da80284 |
| SHA256 | 4fb00f306aacf4e1e7d878d78c7d2a6d262ba49f027e165a350e271d9f55acfd |
| SHA512 | 01f79ddd6365fe52f650f9f6e7df90b2421864af064e8290fefc4f501bdaeea25b2b7982a002e5de1ea41f9fc4bcbe05465500d1fd7240a34d49b00b35fda871 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | 8883e15027125d12e67522b674581a1a |
| SHA1 | 8ba42663cc686958ce345ad1f923df9c462a51a7 |
| SHA256 | b3be97d5843db7a4ed41d171233a93047c886c5d5d95bbf523c0e97c830dc802 |
| SHA512 | 16e7b6a2f5135d34546eb59adac0ae60bf9ad0c2d5f2b0afe252e38c2b3e91675ac1e4ea9db589eac99e632b196e5a0880e815f2ad16c2e5544af85b277c62a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 3e1e3f7c81720a3c1accf8c37fcf2bca |
| SHA1 | 8a329df773ca73146c72021666c281b8890b74c3 |
| SHA256 | 1ff46e828c61e1a53c881d14d11cfe4aa807367a20c2515ee5401a491334fbd9 |
| SHA512 | 5667f8dcdf68619bb10861af54eb351e164d807915e9b62cde3f27924b1298c2e13aa7e9d3ebe43e9814a312bcffc6902baf70e9677f79f8d3e958ca6367463b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | 93f36c396080323f4556b974d2cfb667 |
| SHA1 | 9901f02ca5d41099fcd1c62e5493c603d64f19cb |
| SHA256 | 458a73976443a0c7d402daba8e420977ceb292541276947f20107e4e5820c2b3 |
| SHA512 | 5c72e6f1396ff94484ef666b08881edfaeba053422779d494bc2192bab7cb4bce33fcec64e688bc5047335be8855ff9f63f1602e626f7d1660557f47dd1126e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | d8fc02dbfe8389b7d3d0de88673100ef |
| SHA1 | ee39056fee502d867d34fecf505b8f24977463d5 |
| SHA256 | a6060a8602d4ac70ee33a488df1f06cd9c672132a50b10b11d332d1a269e2cf6 |
| SHA512 | 8dffaa4e4c338b6cfeaa45b4fb1f9cbdb068e08e5b84fbb0eb360cbca7c989106c95c01f19843ddadac13257352f47456b55e3ccf47827a28662b50d830931b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | bb31f9da05d27c573c5f604e89b5c93a |
| SHA1 | 779923fbfded6b667cdb5784d9f58a5b80aa0150 |
| SHA256 | 1c22119ccf87fdf2d5d0853ba0d6e11010ca4fe0ce79cfcabd0bc7575d92dc36 |
| SHA512 | 00553d7754b2192fd616a629343ce3a0b2267a63b61fa375ffb968aa4481b7d76cc810e4e69ec5ff28fd90592f9afa7fd58eee2f461607415f9090e7f409943c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0
| MD5 | 24faa99f004a96f7f22ad2e595e042c2 |
| SHA1 | 5e1ac3f9d86d517c9dab1f782d209528c7004ec5 |
| SHA256 | 835138a0a18ef9b11122b6ff7c1ed7f1f90ef3d3ec98d3676c3f0cab8692ab51 |
| SHA512 | 055d4759a6d42d0e87447e678a17bd187a40ed6b7cfc892a59f9a842808b4acff28bc3f2ae79d0e32c4be6e6df35ea3665e50767009b11b5d354f03ed65f3ce7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | 944243dd0047841f128a9268b58a6e05 |
| SHA1 | 7613edfcea74f05c61f5b7491d0803676f9db5bf |
| SHA256 | 3aa0d3b99fe89a953ea09a3b295bce1ba94b1d408b031420fff0963267cadddc |
| SHA512 | 429963330304a1c100dfb00d13201e2ea575379b4c66bb034ad289f99080d04a5f1b94cc5f36f122491a85ec327285b57005884afe307a593fe1e9ca3878fd20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | af1710114fd377b9a0bd6b58f2d7b192 |
| SHA1 | 3282e2bf0bc43b0d2c1a5ff11138032dc833abf9 |
| SHA256 | 22f41a02822ced009497a772719b1bae781f465e79392740156ec735a8ad6709 |
| SHA512 | 5498487b44e0ce985fe1cc41bcd1159becb41804838dc2e4d10b9911eb78d1e128c87c042cda3234e2dfe3a8f3c7fd32127ac713f5c4a9c422f5d4f327b20ba4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0
| MD5 | ebe8f7f1d983f973fb66a83c5d63dba0 |
| SHA1 | f0ab9d1f06598147d2a484635d7c8984e8f85baf |
| SHA256 | 541f14ca5a817ecafc16aef6da749fb8a43396d750eed174ecf3c91218715126 |
| SHA512 | 70450c489e82f71e94e1fefb6c06423d73415a9aa1e66af5fb1acbb3d0ce770ac4dfceb7ed19ec97cd1e86768304961dd4445e4526b16485dc90a991363185d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0
| MD5 | b97d45f4a686939156e3ec407245adb4 |
| SHA1 | 11256a87e3508800a9e359fe7a78d0e99992cca2 |
| SHA256 | a51ec5fedebc325de92eb5b991f24e410e63d5f6cd62d5c444b1d5d7c2ae0f33 |
| SHA512 | 5b0b9e2bf1b18d003b78a953686eeda407a0b83ab685d7f9c41bfac326dc850ccc1cf1d8fb6afd0b69937f81f42161c370f00c3846ce98349854de5b76f26429 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d19b7a4da74b59c9_0
| MD5 | 436641f233a8b6fa2ea4c4265c96c5a5 |
| SHA1 | 100a4a4e8b7f7b6570bf4f79ceb01fe6f105b520 |
| SHA256 | 13aa3b73c210a19f519b5750f1410d02821d64bb7b838b51cc549cc2d91a837a |
| SHA512 | a5a80dbd7029b2a5e2bf9c9421d3a695ff232d99649667d5430dde152386587bcabb7dd6ecfa854d23a815c18b5d0087e08211f12cf8ab6559594ffbb385129f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | e8a36735ee7259d15b94caa523ff6126 |
| SHA1 | 07bc3bda0527c2917c8a784a072bba57e4de8d4e |
| SHA256 | c74fcead2c09f0d324a1cd75c8a850e9fe8af870a30c64d228f77de6437d079d |
| SHA512 | bf6e9cfed87e38b1f71db0dcc926850cd1df4a329d4a38ba88e5a57edc8fc4cc6d493ea01505e5bff5e8de2d66cefeff42d667545089ad097e5454e7af52945b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0
| MD5 | 534957d8f84bf2bc86f9564af77db8a4 |
| SHA1 | e7cc6279fc1e1cd20bd89c815dec518351813abf |
| SHA256 | 1fa7f3a600c56abe17031f0f4a2f0f4df7740b9ed09917767bbefd9d8ec2f672 |
| SHA512 | 570785bd82dfc705589980b25e0a91a82ff15de72bbb6f87e008dbfac3f5d10c8bec6646cea4489eb625a5f823f17bde1a1a4b474f1058a55c7ace1b754704b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | a343853933b3f2d341343477d3e50c17 |
| SHA1 | 663ce4daad34de609054b005fe507e7ada58c11a |
| SHA256 | 31894743d4081c895f2f830432e78735c100cd18f6add0c8b99d25d4084ae58b |
| SHA512 | 1f539a16338f42c9675eaaf68b716a7cbc6088455f274673e7fc370f55b813fff744987fa082866bcc28d9c535ce8cf2aeddff9b825fa8ac3911aa3cb3c2e3dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | 4c9a079a72b8759f0ae97288bc80df90 |
| SHA1 | 041137ef9d4cc6e4f86c51489d9c9e3cf46aa71f |
| SHA256 | 3d04748a8bd45a5e1f0901612f3731da236e0a635998b50c158386372c21eceb |
| SHA512 | 88dc1cd4dc9737826b39e4f714f646cf9af98278b42551eaa6b3ad1b1c710ebe290c22c93779a61ffc2fc9f2cb9ec4c12d4f73dab0dddf3148975911f5c784a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | 0b75e69692eea1e439916d47a19c24d0 |
| SHA1 | 853bc87098f84ecea9782af2821c320df1e0cdf9 |
| SHA256 | a3656c7c89420c5e904fdbbb74f40ff4f2fb2c1f070d1b1fd4c5131d50c7219d |
| SHA512 | 3336b45b8bf1fb19871dcd42b76cda76f178542bf52607e569899cd69729f82041ad39392a052fc1c6808da5cc4b088967f5c24fc58eab7aec12eb54eeb8d27c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e239929a95f56ab5_0
| MD5 | 3e688cebb171ac35cb590fccfaa1118e |
| SHA1 | b17cd6597a2e6800175932011ed25893562e3249 |
| SHA256 | 13c3725714c489da1270aff4274969d1d2a8114d18202a15c2abdb1af4ecf906 |
| SHA512 | c9b1f1b191200f0435423c6ea2dc62d7a66a251438bbf5b1c4d8997eb62af74943205863890de5e833a189420e54d688ce6339312943472c67efce410f480897 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0143edd150d6fe42_0
| MD5 | 953f2e4e93ff0bb41fbf882a36751b63 |
| SHA1 | fd0d9d35b7169a0dc4a37860586c6c04e4117497 |
| SHA256 | 28ef110bb98f67180a03dd15d47cb51d5244efc71d9d0f68edb92fcb1e414200 |
| SHA512 | a75db596ac8a845d496cb2651a22698829828b71846064e1c0f78d103452ccfbd30aa90db9bba3d312f89b81f3d176bbd353ae6e878ff42912b56d23e3124907 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0
| MD5 | 1f3ed811084c00d9a568b9650bff9e54 |
| SHA1 | f7127d5bd810722ae2c8243088be4a76425b55b5 |
| SHA256 | 8f3373f4c65e32ee88f77fab60d792db4dba88d1e688e6f87bcffb6d05cc1c61 |
| SHA512 | 5b638c2072fa875325578dca12794a67518c27d43ebe85ac4a772161bb36f5053769062c91e2a4dd82da137ea3cc0d6a5e8cb299f5bc7c83829d5e6c084d54d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0
| MD5 | 61a59e780f0989d7ac12c8757be6de56 |
| SHA1 | b3d791543711b60afdbe55bede948f91581ce219 |
| SHA256 | d2eae3fecd46132f664d0923ce23961809d63cb4fcdd28e185f859003b9fc87e |
| SHA512 | f927a0592598355fce2066f47d150b8a522da27e8d0c8f72b05fd3bb406f438b16a5a164284bde1200b7406d1e6d227c51610f724795e70aba23537ba8a7b938 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0
| MD5 | 01405a07f1c5d0fe7c3c7a8a7775dc41 |
| SHA1 | c79bb91d6d90ff67084b753e8e026be5b15d8267 |
| SHA256 | 0511bd30e309fe24bee8f5941b5313f750aa261bc6399578de5e283d286625a9 |
| SHA512 | 8e618300ceb55fa081edc978dc28bd83b06f69191465b2428c50389793b7440b691765d2c84e817104f28e6b067237112028ea7708f7cbd88acbc062891b5893 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0
| MD5 | 758805e439ad88db80cddf9ee4cd53fc |
| SHA1 | 511df3e2103bdeb2cc5b2cb76f8b1eb773e1d635 |
| SHA256 | ab3b4233473e1e52437cd8c44ad7130c894ff99565081b9681e9ca6a70d5116a |
| SHA512 | 027489ebc83ae0b60d507ab66d785eb84ea9984e0832c324442e04cfaee3b2228b3443085ef71fdf11f8d8907255563901686fd6f915e7fbae4055bd6eecca5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0
| MD5 | d91ce5d929fb21ad704edaf82b4e8695 |
| SHA1 | 8c5f03e1f7110e682f7764eb76c0b191253faa8a |
| SHA256 | bdd4b3ac0e712b52c28ecd880098774ff120942dc78c559ab91392374fb539c5 |
| SHA512 | 8499a0b370a29a1ca72c0fc27253cb2483018ee3ab11e0a378892ce7082360acb7c17db02f9812cd9dff924ff7b827e1c4a31ea675929583cc7ec01cd6bc6581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ec4b11de0b23393_0
| MD5 | 1e5623c013dc2a61689b53526f97c0a7 |
| SHA1 | e83b4bb49be7774406ab9b499db5a3fd3633ad70 |
| SHA256 | e5366dd1bcbab2cb245617ccfbfe60764236a6ce7902ab61d5629ddf2333890d |
| SHA512 | 55b595421af69a7c8938d358953ad049a6a0c0f6b78e87f233fc994a455b683bb2a0664a11a9939d38ee12b54da8af1a9c64ac7b6e3514453ffeb21788c50b4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0
| MD5 | cb6d5d6b3bfcaf1a406552cd1a19b3c6 |
| SHA1 | e7fc1ba54cf5bc93869f7f97488c076f4ec16fd4 |
| SHA256 | e1ecfe6e0ee426d99ebc89faa63a04fde6b417cb72a93c9fec473f41813b2264 |
| SHA512 | 5c215c92ff68cb890d7b5f5185efc120f5a0a8b60a1a2e608d2a99e85562e193ace759e0fb2252a2938b7c785c4b6fe9b87e62d2a88ecae1a7ea50fad919af52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46d8591239c0d052_0
| MD5 | fdaca3b779f83de1e9bdd517f83c29f9 |
| SHA1 | 8125838736f6ebca5f57120e302cdd4de486e34d |
| SHA256 | a9535b9abb994e80f1f7c454b593130705295d70711286bcd00d80d1fc2585db |
| SHA512 | 433c4236448877e5ef83c52b766b389ff28373759e49f008ede97237fc86152be9f9e8c6bd2fed254ff36761c972eb3b720ad22ad445f1f3188704dfba2d672b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0
| MD5 | a02e965a0fa48144e489e6f16ec922ba |
| SHA1 | a2bb7cafa312b94520141ba971e2624385380fd2 |
| SHA256 | 067ff2ab9c67e05a661dc056a7c978bd73320b5fa410b9608e9b16ebb2b79f40 |
| SHA512 | adf959d8058628b936a271c10a0f84e2964d07a1355000e28153a7550b28a816a717e4f75776eb0485187a40bf79ade54d7833c2dbe663d298a726d237dcf3a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
| MD5 | d997b83c8a28c93ef457e95e7cb6a4fa |
| SHA1 | 5d5125b38f53bc1ba83757b66632018e8bd51074 |
| SHA256 | 8468a6f06827922375ab194a12a210f21dcd2f6c1dbb5883fdffcfc4925e1dec |
| SHA512 | f958ab197421e3d6b05591e4704da0f49940a3bae7a7dd2a0803048428ed70e095c9fe9ae8cf58295bb720c671681d700d911e774d1e011d88fc3f79bac597f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d841345b724567c_0
| MD5 | 2fb673f453e9225cb5117439f80a8340 |
| SHA1 | 700c8fe9e781f28cf44584b36e6af747e7fb92fa |
| SHA256 | 675520c8f5bb5bf30eb8dfdcf0df58f3c9a9010878cf4ea89346f2d3e7cbbb55 |
| SHA512 | 2ac5841294d75e9007f2a7aeda58db4dbec68d88bbeebe66024650fe38a34a5ee4da579a0840e308c0e329392196dbd4c1407fba62e929904a751e0e52dee152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | 5cbbb18e439e8b00a1e182a6044d5568 |
| SHA1 | f4026fd98a000c694b586a7d813abceda577964c |
| SHA256 | 178797882790d2ce816b5482bd697c4f7991bcad7aff19f21d5e90754093c2de |
| SHA512 | 96bbe772c1387e4be728beb9e11bf62cc500c3a0ae77b81cd5cf8a96c094ee5c3a26a3cbc37c47cf94e6ecb62e8af15b33a9e7092ede58eeafbad28ff7ebb212 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | 186bed9388e48c87780820bcca09d7f9 |
| SHA1 | a012dd9a41c4837de4104699f0c6d24da588bc2b |
| SHA256 | 8892734e9b96a6387ca0d1e663671cec1c3543b6920b1d468464d1e5a2142d9f |
| SHA512 | 839f383527b6071e318e897749715c3291c1552a86ab351197f387d8d0e4b5c892f4e253bca62b8850cd186fd051943e83a1e84c897b6ae1286f5e41b557aaee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 799dc91ec5b52e4266dec940c6138371 |
| SHA1 | 766380e509cafad023e52efbac578b168e58e17e |
| SHA256 | 22a072dbc5e82688894b7c9cc55850306876c226c81b281c5b8ee02d54c27247 |
| SHA512 | cd482f504ad8457c3e8502126832ad67c564c81e0b2a8124488f744946eacc513f0628284f960e5826844d9c9a243790b6bf9d862a28f5b72373161aeae08833 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b34bf2e243c8e28dae15e495c36ed11 |
| SHA1 | 2cbd3d518b1eefdc58a5e0cbd4cbc0937d10bce5 |
| SHA256 | 5a62866a524bba79ae92b5ef7e486524a84404efe8b6f593a655ad94d661bba4 |
| SHA512 | 434640470193d760ae661a80cf09a2e9e1e655b29c5b004a1b7fb1ba58e10e96159ccdeddb3f3e4c102805f0f11ed2dac995b38e7128dc8b7c3e77109805a9be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | efa3df96b3999218a216dafe410f91ec |
| SHA1 | 79dfb60f61efa5753ac8ee23a3648fb16f8f7f10 |
| SHA256 | e09ea45d87bb157360741a81f2b8a16338bb4eb2fa796f712e01dd1558764832 |
| SHA512 | 4f6903859bd0359487276991ec70d8de71654a4c12674331dd8e56db98dd68dcc6357df9bc5cece41527e56477fb5d57d4fa594ed3f30e2fb711bcade571e8c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a
| MD5 | 347169d9d4cb0b0145b9f3ce648dda48 |
| SHA1 | 96c97f903ad13f31aab9eb7c06218eb6b0cfde55 |
| SHA256 | 29da1deed457e375645cdc4ff44c6695c0a85907cc8978e3abf0e4ac16d3f206 |
| SHA512 | 966e392c0d3d9f852e32efdd8ea63d4f5012f7f55883ee2e148769ead871ece5860e7de7ff150f780853b2cdcb4943e6734d41ba7d24d43cfab1d0eb170ca6ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068
| MD5 | 0ed1814f505eec2506f3003c31fa35da |
| SHA1 | c694ec9332ff1fa5474e2ec9eb504b7eaedd2261 |
| SHA256 | 55e81a8489541ab71d003d184ab3f5115953d031a5ff3315b6133e1a7a91d060 |
| SHA512 | 1517ae8b3162b0dd948fcfdf3cf355b1f6485da5018e21c0b81226e5bd2ac0db47bb9693d2d4019405fa35137375dfc1f242a9fcbf1bdcf2e23f2ed83644f699 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078
| MD5 | 05cb4b9f101e025994f9686f3999fd43 |
| SHA1 | 7450f129ea39792645b56de215eaab1d91182fbe |
| SHA256 | 07fba84e209fffc2a8eea1a88ec8c77cc92644c9050b7669b212bf1db30663b3 |
| SHA512 | 9fbf0e99a1f19b362d9e7e31dc0b6f0d49177cea922d9d6acbc1b5a84d1bfce40c3a07e123b5b47ed9a531befc9a2372be3393502b5f00221d74ae23fe80efeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 240a36ffc72a5c01fa119bf8263540c5 |
| SHA1 | 05cbacb14cf6145b9e3204a8436dc89c75111ece |
| SHA256 | 863dbfd0ffc8a41fbff4c7999022a15e357f8dfedc8b00fbf64b84017f515f24 |
| SHA512 | d5d717bff8e36841db691e8ad0c8f57e7b55369dc5e74986309d6cbafe83cf8089a72f38c54b4adbec0fc91f11e65045ccf5cb3b0237ac2d5151685af6f34c28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 9f2385157e4637a0426a9bf25312627a |
| SHA1 | 395b7c1428ee59ebd152d6917494ae39edc460ad |
| SHA256 | 6b20ede33b01a5b351c42913c5478fd87bda02c26c07782ba22a1112e16b896b |
| SHA512 | e220fc5181801c0f02bfae8784057f0800ff31ff05e1233bea9d6f95f94b501c2f1215e38590bec76ba00d3ddee29ef41158d60d3bca0613dcc73ea7b58c5e4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
| MD5 | 0d9f1ed9bd2214fe87b56511683d79be |
| SHA1 | b362517ade14b2ac3ec1c12f936f43329ec63107 |
| SHA256 | 58928cfaee589fa4ff06210dfc585fde1d17dd8fbb578b497f6d43535f79eeae |
| SHA512 | 58817554a7cdedc53965d6864f7c24f2d51e09a77253849bcb488a0dc411ebafba0fb3d7480f3167ae2d9ab827e0c38f62ecc52ee6e8e839ff5acd630e223c75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f
| MD5 | b415ff5e476eade718790e7df1217051 |
| SHA1 | f64de3a6a3ba08e80951dc665146affa23c41ad7 |
| SHA256 | 218ec6939d5844eb2e318d1ed470af91721cfbaa5d14f1ddf99129e3ea8f45a1 |
| SHA512 | d51e696e64adb661543b0237fce158e04a50bd76a60d824fdd97ccc3186e6cceeb76f7f39a295cb9c96863f0ec0ee28bbabcbdbde6485d1e4b0bae04edb5f681 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | bbfe947000a0a4155f94e070f5f3a82a |
| SHA1 | ca9de5f212a24535aa15d34ea1bebc211519e039 |
| SHA256 | 8314493337b731a1cd3149ce77a469725152d37e734644416130a1ffb43c77f3 |
| SHA512 | dcb5cbdc745476db749e396aaa33f7f4416ea44eba42a876a9f6051a4cfda5fc3c3d993e4a17ab4e8c226bc352dba27e638990db7613b4b99e0b9898a1e99f74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060
| MD5 | 89a776cd9423bcbad3efaafd54f30617 |
| SHA1 | d65300e2501faeae775d90098b324d037fec895f |
| SHA256 | c0cd41493be8c696dd89ed803f47816f1cfbab9a751a5a4a4c56178def5ef148 |
| SHA512 | 09b33bf57223a09d49e4ed0f705565839aa5b67b0dc657224a42d35e8a7688806ce9c960a4d1deb5cf616cecbb64674388708e73df69c7e9db054e56dd7c7953 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064
| MD5 | 967e23ff08473b6014aed058364553e5 |
| SHA1 | 0737a316cc8e956d59d17f18f9b17d87989c70c4 |
| SHA256 | 992ee29c18d6b9f11b46c53b1fa2248e8273036e9dad1116b5ce7d93dd885b0a |
| SHA512 | 9029cd920c20c6bfd9a4cea442f2db4af9ad0fc13465a5552cf06c97fb96ffe85b7b26615df8a1bcb76a8e523cae0b4c7a2b8218ef25d4bb73843d877ec7d104 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
| MD5 | c12602b8ebdfd5ea5113f42ee978d526 |
| SHA1 | 1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b |
| SHA256 | 412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794 |
| SHA512 | 00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
| MD5 | 728af6dbf44989df93a093c29bede790 |
| SHA1 | e5b18856bdf05eeea4c096bc8df2c7773795b507 |
| SHA256 | f10744f846b478fe066ce27179895955922e3071e4953f2d52bffc44d81bf386 |
| SHA512 | fef7c4f03a0ec8cf331d18dd311425fef0b86394838588ca4bb84b69571ee7b27ab1339aef88e9ac314ea1823e67465c48d6d8005a1357ed22666d4173fae4c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e19d0c70f6b70d6586484e70fe96241a |
| SHA1 | 2a82d1200bd9a80f3d60539ed84e8321727456c3 |
| SHA256 | 8322537c9ba16c9a52fc77940ada47966fc1999684f45c6f068b327181679238 |
| SHA512 | 98165008033e3fb0b2dae5894ec28daeba0bb6ceed6d22b63f77d286fd5e76644b95e87b4a01e111bc408f9dd58f113c09bddff97a575244281f7f1aca31bbda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe609474.TMP
| MD5 | 227416042d559f2191e7e46df29bf27f |
| SHA1 | f3043ea9cc42ff21335219e3b79391bbb8d7037c |
| SHA256 | d03e4ec269861152dce5080a62eb1a2f76f9c92e799fb6618f794f1ddbe42af2 |
| SHA512 | ac59a5f9873b5a0030041c58fa1ff16377775d9e7d351b8d484a5dcfde3c635db22da81097deb987b31db937a3dc6255b0152aadf77ca228a2858f8e33a4f2af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069
| MD5 | 33ca6517b7a76f498ddc116047bfdef9 |
| SHA1 | 19ae50a8fb43813a16b20cb165f11369cf71991b |
| SHA256 | a91e2971cf9ef015bf3fe83de0688bc78e5d3684ffc68032fbabe6839f27ca78 |
| SHA512 | 9b4af17384089f6f16d92fe78dfb0708aa6423f7266119c45d373140f1d75759b9c5bb053a5c4546f403f38558031db663c9d24773b4e17ebb8cd785fc8a0260 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c
| MD5 | f303275481893f00d8c1c2cb84dee8b4 |
| SHA1 | 66277c7a524854c84db7ac6e7d31b994f1671049 |
| SHA256 | f18f6261a09d2e3f1cd7cecb57182f92c7827aad2d997c73d55a43a4443c8300 |
| SHA512 | 0be9ceaea21a1329a8c2eb7c834c210fcc261435529794a78ef199c697a0abd147bc1687203088db567e3e82af51a52e8cf7bc5eb17ca789d7da1853c66e7618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4777067e58d4ffd1c77ca95d6f659de1 |
| SHA1 | ab4fbaf2bdcf2ce6dc925c40905b86fd4b5e1d42 |
| SHA256 | 64c94e78c202dba0538b9dcad1483977ae52b65d59cf1644f766d3142368978f |
| SHA512 | a1ae710a67baa3c243cc0ca407017f508867819d6ce611e5680e111d9d26ed575c1b452987ae17c06adbb07e68c7e73343210c3b95782b25ef180ec7a52f08c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e
| MD5 | fc9f1dce98974f8c8f06262c60f7dbd3 |
| SHA1 | c36a3a233aa4b0ea594132cd15f71447e7bc6eb9 |
| SHA256 | 2471e8e32537652c8d93ee2478e4364374453300811dd41207f5d73dbea72194 |
| SHA512 | 8d9ece290252b68da614edbc9ef077e9dfc13da1a4a47fa4c273a1bc57974f7d639fef8bf2a73cb66ef00559c3134a539227ddfc8998dc9b8745d264656db509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
| MD5 | 1b8e5496aca8acfc597832f2aee42ec5 |
| SHA1 | 9f8308fd46ec50e4de5419428107c5703ad36995 |
| SHA256 | 7c3b99a73f295ce216cd7d8143af310fe64cd0a6d6f60caaa7c7c4c97442bdad |
| SHA512 | f84492cf9efb9889e3578b0977d494367ca9bc9bddb0aaebdab5285850c59bbe918145abfa16a9725f4f47d5cd7c31dfefe98156e698a4a409288d5ae3e34621 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
| MD5 | 5337681d1dff81a4f4f5dca65cbce5ae |
| SHA1 | a271a1ce63cf89555fbee60a4eb8f84b8f12e4f1 |
| SHA256 | dc42a734c12a6629ee9e9dad0e12bdbd5c8d2183a9c92d173ea7bc44a5f28b44 |
| SHA512 | 7bf3b1d76c96434357a94979b470bf5909e70112f119211ee94d2adb8ae27a9f2e0d1d1cfec48d4c985405b9650b05b95971fb4d9e406bca8a3a8ccecd988df5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076
| MD5 | ea35549990f54b349e6508f4f4cac0e0 |
| SHA1 | 8efdec385374e1a3b51bfd29c3cc9315e7dc2df7 |
| SHA256 | 4a1c17a1326271540f84968f43e9f55f936ae9085e99a6d06592a53f98aeff2f |
| SHA512 | 67c956058c45810b4d06f4c3f2974c3b264289be435a06ca219df51cd51f9e25bbdf1db42c20d9f435f1689431b5106c21dff8a400ed6263a6b102dfb51ba7ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7fff3e4ea4c91b707c15cfd759297ea2 |
| SHA1 | 613246950f418ef29358f6c02e117f1cd9a2f363 |
| SHA256 | f6532dbe7ef113677c8d478831c0a74ada83413716dbf7efb14ade7f01251897 |
| SHA512 | b2a64a296a46cd4d1b82fd4cd6db0fd8ae01f78e7adb5ce2b5acd68f9024a5a1a829e4d74a5b56e86b4836b24fa8a49ae2aafe55220b9a0b74e63a13ca1a3f67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f1f31c070e4421967de7ed27b8c5a994 |
| SHA1 | 007e97a8517d543826f70fa18694f63af7c0c9cf |
| SHA256 | b167bddfbadbf18f08b8642590af417a770efa78d1e11670ea1a47c3bdddd157 |
| SHA512 | 92bab6e9354feee2ccc01bf37954422e3f429ee743f13e1696a06a6593c793b9607772916ed29ca68346060fcc11adceda4516fb04830d54ae37da66746a64ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
| MD5 | 9c4e45cb7d36af498d3254831355697d |
| SHA1 | 62ad7d1c2a96e141a6774e64283e8bf4746bf5ec |
| SHA256 | baacec95f11f56b82429e46704c721c0f83cb643dc51ae65b05e4e2543b727e6 |
| SHA512 | bb0899fc0426875ac980f65d010b51d05e83dec3e2c2095bb93594cc28c45744b90a90ae7a3547e631370cadbc63ea135ac804a6a520d55aafd2b76866e5ca58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0
| MD5 | 2bb9eab7f9b30acce60e59c5b5aeb586 |
| SHA1 | be2f04b2079ad77de0b0e77880613c0c09b56f25 |
| SHA256 | 944b58150fdc9bcbc7f11f0880843498fb536781c0bfa17fb454610d61d941d1 |
| SHA512 | 6f4596b1e9ad883da2c6a558c4c42f4a4aff56946722ac9eeb7b13aeb26d7b6db19f57d28c827ff2f17c5ccd4cb31ea4c63cdcde959d6235fabc6e9b22d367b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8908012b8e4a5af1_0
| MD5 | 9d10c5ff8f8416592684d1f5c16a6ebe |
| SHA1 | 13f8b8c112829ccee0e6220ca6fe642c9a56ae99 |
| SHA256 | efee3bb4aaef05951115edb6a86b7b2dae5652454a0e6a93254730436cde4ded |
| SHA512 | e384f8948f50ec4ec52c24422c7efeecd997736ae5427bfbc8dd2b32bb959865935055728462021beba42e11399f276a3ae55fc67152ba4db2cffb584948f524 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0
| MD5 | 6dfc39d6311d7362a2c96912f0b8b93a |
| SHA1 | d09a87e42c504c533c085242812a96240943642c |
| SHA256 | 7d90f7639acf18a46e0b56a9f1e0a4fd5d93b3862dc3ce6d19ce2ceccbaae70e |
| SHA512 | 34573425cf40ebd154d9e6a1a1d96cc06d461fbc397ec70f0964b31109d28ebc77b2a8c8bc915723e3375fd1f11f2dc48e4d0452e03317085da61f01209fe8ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b7644cb858ee390_0
| MD5 | 7a7e2a7666077fe403181085ef9ef0f3 |
| SHA1 | 41fd55c3cd678763a6fa07d8cbf86f0d04475478 |
| SHA256 | f3f415eca6e7ef696cd97b05ca5ba50c54dffc87cb10c78d1ebef9423c1036c5 |
| SHA512 | dc04392ae0cdb3e54b26fc82934f57ff8585419c453e69a0a600d74ec439f6fab33b2e5bef402fbf797932be257989800b99870a8df3017a8f41af93d707dfc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\476831ba582729ec_0
| MD5 | be4b1c005bb8d5dd746a30f3e95e05a8 |
| SHA1 | 45ed577de0e6aca27f9a72eb0f504daff77d153f |
| SHA256 | 89fb3f2cbc4034362a67585b2a055b15eb6388f8c63b5cf3208fe476ed63d230 |
| SHA512 | 784916b6930ecf67c38e655114c03e0e287769846b7e1cd7e6814d356cfe831d2828f2defa63f128cde340504db7ef88d2a718398e31a4e6b8865f94fbeda6d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\534ab76442c26020_0
| MD5 | 7f4cf10cb72bf6580e88a64ad397b6b4 |
| SHA1 | 70e6dc719246e0099928fc01bd0d1d29cd85ac5d |
| SHA256 | 14fc8ee4585613c736975550dcbbac37c1d93a5bcf417c4f6a0f89a505403605 |
| SHA512 | c731924e6391b321c03abec531c5a0d09881801c39bb554b8d84d56b3ea4e1cfa39bfe74d54e5555aeedbda2576f527735a99f8e97b410585f2c7783986b122c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0
| MD5 | 880483c6976ede946446efc958d4d6ee |
| SHA1 | b2a7906b91dcd5010846660a9734da1e11455789 |
| SHA256 | f2ac9cf9c0b4cadb5323015d0bbf5715760f999d8214795e40364af487a237ae |
| SHA512 | 1714b6bd16bce8dcadf179245b72fd8d1fd2c308fd88874a56a81ed52436438e7f72fbba1c8c6fa53300112a625a401a765cfdee8d2a7722b69707be929c7a79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0
| MD5 | dd42cabbe0dcf7e2ce87b640d63a1ca2 |
| SHA1 | 6500540f043565d8bde42e1f5fb2c28402136923 |
| SHA256 | 6f58320e3aedebba897b2caf383c398972d2e2f865c86b3b09f8831bbd536162 |
| SHA512 | c4faa65905e7ca010785f09b8b8b130001c98321e10a978c57f039bcf6d10cd014f91ef0d234aefcd2cae79ba14d07036f867e3f8f81953506f6f3b9927a1a3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | a345d2eaf1d320ba548129070b1a60d0 |
| SHA1 | 530a74b01d7ba7dc9a85005220393310c2453754 |
| SHA256 | 1f1e50cdbaec154e4047775705134da05fc4f3d1458b0032dff7f8d74e4d3058 |
| SHA512 | 8112772b16309df215f9ebc98a2f333234836676789fd3e9e2b14b7bf1c70260487841bfcaa758307abf28170e74b5022e08f2058cca6c462d4d67647d8162fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | 92ab9d472d3afa24bc0668433046bc3f |
| SHA1 | f1b7f216e35999b385e8076b8d3a77f790746c48 |
| SHA256 | 23a32e8ccc1396ef8ff924a1efcfc62d413367fa50d8c1ccf73f783dd35a91e2 |
| SHA512 | b3822838cc11eaaa92c9961ccf51fda2def53e22fd931ed5146989432846f8a40ca8ec9731ff98afa8f47f268983dac320feebe30382abedb377eba59586c3e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f8e643f5975e4df27d77a40e0431549b |
| SHA1 | 6db0f50319fd8dc2534e105ecc0a43fac33747af |
| SHA256 | 82b24a2e94ae6bab84b6b857ae7cf075544291f50f1ac59636447e00cbdea661 |
| SHA512 | 39028e27d79dac9d9f2a58750cfcb7be72917b3ce4978c22fc0aa39ceb58cb423600df5fd0d6533ebabcd428ed238ba55921cfb4c055645039fa7e301928a659 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b95df54e33220119d3e7f9ce1e0ac0fa |
| SHA1 | 574a99b8da5983f018580b4427a6a69e4cc5e657 |
| SHA256 | 6eae22fa440bc857c8a8d15e5c11020591cdb0b0c57ce6ab8e0fc4eaef1081f0 |
| SHA512 | 265107297f1bf36e4116c52ecd50819a17c0aae81a03e64a2ac8a43996f832cfee800957502611df1d70be0aa01c27c63b8852ef921f96412d6d2f88fa0daa62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed959fb462b176042500d09785ebec04 |
| SHA1 | 56adc3c0c5ecd9bba52a7b9ffe3dbf7391d8bf3c |
| SHA256 | 5c2d9b0fb20cccf4078993ecd3bca6a2c09e087f51b8682abd14f2ff5805cdf1 |
| SHA512 | 0a2ebad5ebf019866ef870d54905492bf5b6ca971d8849e6a7ff9f77493afd4ecbd880d6a7d61179410620f7ac817c3fb7418b75122bf7f20b37700300e91636 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 44b6dcd4fddb0fe2420a00ff3b47ca68 |
| SHA1 | b4620e248abadf688c4512cca8df9e510b33dfd8 |
| SHA256 | 931a7aa10b86cde947d7f842b81d40dcd4f341e745822a5f8ec829005050b141 |
| SHA512 | ce9d66088ac8a72e713c1528d7f097f0572b5664fd20387547d581d5b3264088732d1dde73aea903e294ecf9ab9ef5c67901a4c6584c7963d660287445a86e35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8c334775537e901a79d28e4aa5c9cb4f |
| SHA1 | d3b728e11e93db64fdcbd4a4ca83937fd3cc51dd |
| SHA256 | 62e01d93e4639022e0e107d3936eea41dacb069ef8524bab1a0582d0297dcd07 |
| SHA512 | cd366f7107c64289f6008ef9a9e8b19d73cb9184af8f75db86e6f5cb38593811cae6a15d2e09618939c46fedc9f073632e278652e9c714971a78dc4855e69299 |
C:\Users\Admin\Downloads\Unconfirmed 522702.crdownload
| MD5 | f21000dd0945ec5ec6ce3e360b3d62f8 |
| SHA1 | 861de62016053c3188c1a12b83f128df335d874d |
| SHA256 | e11264533ae7c73899515272df4a23a27f74c12207de268ad9f58e9010fbd409 |
| SHA512 | 332a537072482a15af5d5edb7d503f617832e3931b3cd91915f9fa78e2b69ef582c4e4bd46a9dfc985b4121921864f0b72d6046035924b2d924ab4eade17d58c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d30a8ee38e0b9640f2078ce9c920a1a |
| SHA1 | 9e6d1fba62114d14bc8bd5ce1b5efb99a99a3ead |
| SHA256 | 60f4b2795fff3881736fc57f4fa747b86dc565566fe4a6ee5637804337aae53f |
| SHA512 | 0b3ad5f9eec8a8aa407d67026635f14ee82cd630edfa68ccacd05904c9304d5a78b58b35f2ed03ad87c19a6c5b06afd7f86fbb4c6df6bc7e76a8effca08dbb13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eaa43ae9b5a55aa90fc06ef6732a0356 |
| SHA1 | 2352145f5075a61f308f0bf2885afe85e14ef38b |
| SHA256 | 8d608ae0f75069afc53ea7246668deaadeae066856fe9c846ee3950dd9406fb0 |
| SHA512 | 6f93fc119ad29b7ee72696b6751f37b85540589a21bee3bca4335304d454292b70cac268ed69f12bcb1aba9b609e44d2ee42cdae198c2d1c725067bf7cf7d0d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 96928462d476432bd276c8e0db4a6bdf |
| SHA1 | 9c80e572af64547b81fd15be2eb68b4e7aeabd61 |
| SHA256 | 4d1f7aba2969bc759621edc400c029673353d68fa52d664c73110297ee9ff4f0 |
| SHA512 | 0a0c1d3552d129a919a3a5df491a0cc4786ed7cbf160a15e47cd2c0a83714977255a8f1c2ab3c428e2709821874b60ef1b61ffaf419221272da524a74297ec04 |
memory/3388-4345-0x0000000000400000-0x00000000029B3000-memory.dmp
memory/3388-4352-0x0000000000400000-0x00000000029B3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1e106c30dce64f845e834658db79e56e |
| SHA1 | 8c977ffeae52c2b683034e79ee241a032fc111b5 |
| SHA256 | 0cd322b8f003302c02dc963551e5268e0f0cc1f540b5e80a0c27bcfcacadf044 |
| SHA512 | eee307225b26ce94e6278963f3fa7b49786f4a12b255e428c3cfb881f66be26f997a4e8721c6084d1abb9a7dc98e23964b465eb656828645c6d6dca9c0dcc9c7 |
memory/3388-4619-0x0000000000400000-0x00000000029B3000-memory.dmp
C:\Program Files (x86)\RelievedplanesdsfUtility\RelievedqUtility.exe
| MD5 | a6a0f7c173094f8dafef996157751ecf |
| SHA1 | c0dcae7c4c80be25661d22400466b4ea074fc580 |
| SHA256 | b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4 |
| SHA512 | 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94 |
C:\Program Files\7-Zip\7-zip.chm
| MD5 | 34208890a28244903621cd32cc3fbdfc |
| SHA1 | 15fe9d3706366011749707f2b4868bcf2f77c6cb |
| SHA256 | 4b6939646570c9ddb5bfd39b8503eed99d8c64337e72f6dd4f9ddcfb4ac76703 |
| SHA512 | 25239239bc7e134dcc371d420d34a3f10f83f239fcd1e73d7de8123fc24c6cd8acaf17c5bee456a15dcf296dc1dcbb7fa1e4df505614bde676661789dc63048d |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | d36deceeb4c9645aab2ded86608d090b |
| SHA1 | 912f4658c4b046fbadd084912f9126cb1ae3737b |
| SHA256 | 018d74ff917692124dee0a8a7e6302aecd219d79b049ad95f2f4eedea41b4a45 |
| SHA512 | 9752a9e57dd2e6cd454ba6c2d041d884369734c2b62c53d3ec4854731c398cd6e25ac75f7a55cda9d4b4c2efb074cb2e6efcbf3080cd8cc7d9bc8c9a25f62ff2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c099eb9a1d0d1dfdcc0ad49e0df9087a |
| SHA1 | 73cbbf36d23a3e5fa76eb4edab920cc1a34c7492 |
| SHA256 | 4ec81936ec9c882c95ddb8ad6863fa1f8252a71e9b9aebfbd572dfe1ea8a39b5 |
| SHA512 | 5718e9873bbd3e5206f6208b83dbac6e893777e69358a78ac92611eb4c312c2e2b5f6da322b4f05bd27be3747a1d0d5417e01a28c7c73dad304a835851d2d5d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da30fd32079f1c91efeb9ec83febefdd |
| SHA1 | ac2baf1553bf30ea3881534eead38c1ba8c6eb75 |
| SHA256 | e9ca4d8c673f0d04ebf59850c182cab081336b5afc0959b7043c402a038fc40a |
| SHA512 | 99d1d2325ee07bb222bf8eff2ea5502235d85f6a66400c4055e5528395ad2a1c67c1ff68e169ff7b00ad7f295512b3060af7ccacd62de8c769fc8e12cad0d3d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55738adc133ea3b60a443a9a2bc8a833 |
| SHA1 | 8c6a3ea0abd4490e1f0f13fb7373f8f9df55827c |
| SHA256 | dcbb6996f7d4e30f62f8ab4e2e05f3b31760a0be7e4a062baa551376529ee3a2 |
| SHA512 | c724baf0170255836075449c806766768c3a006a5794db99361a4ac6fab72d6f8af19442f8d6614c9399583c303e1a60a6e9354f8724e51054d57a19f3680ad6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ff
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010a
| MD5 | 0d7efacbf81f99f9b3b82ac627cc34cc |
| SHA1 | 54ba921739b19ff14708d61bf424e4713a51cce8 |
| SHA256 | ee19dc2db1f7d41b35f1a8bd976f452d5fd58012d0eff83c53fb835a4ffd8764 |
| SHA512 | cf8b4b0f8f586c1ac11d220b4033f91a3a98f167110bae904947407a8b4896afe18bef08871d09f6a2634d58a7118345e90a358b386d889f83abb246d8b6e44a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010b
| MD5 | 1dc06492f582bfc9afc32518c5b669a8 |
| SHA1 | 3ceb77de90dfc8ad8a38e8df30f44ccafc5a074b |
| SHA256 | 4cca2caca18dd3689fce9fdb2b27bd6bf9e779967f12ae9c8c0d4666c1e4c2a1 |
| SHA512 | 80114c72ce7ac3493602db99d3b042c928dafbe7fe2d43e8f5e9d273cec0289c6c4742b9cf55a38df4a0bb9376c68ac9fb0ab3e8a6de292bf62dfb6a0c4f9e78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010d
| MD5 | aca2ac9e8cce596b4b2634e178bad5b2 |
| SHA1 | 044ba3cfa81281e5bd94b74db368462d91f52b76 |
| SHA256 | 582fe1ed173fc4122f65819b94893da320d119610de7d93c10ba0f214242f41e |
| SHA512 | 473c8810b5858b6e89f4e929039ee381f58dc5d098378feac1c5783f0a484389e9f5c7a9c21735abc5c601f00516f6d77f9ef8926cda6210dd1d96c486e919ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c7ec3a02111dbac69f9c4ba2be76a5f |
| SHA1 | 633dec4776dae038c5da6c7bf8f45fbfb5f9cf8e |
| SHA256 | 47651bcdcfdf7e6187a3247a5a7a1b5baa8b8a41f507a24f85fb9d4d7252bf1b |
| SHA512 | cbd29426d381813cfedcb05af096de868ae91ac8ccbfc4057f9db4e12f5ebe6c0178c40415e51c80311fedee3b3253f0c61dd395c6482e83a3ef0995c893e8bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9bbe729f73742c4a2e9794812e77609e |
| SHA1 | 54ca4e54e2f4ddc8688101548d828f146509d52f |
| SHA256 | be54e53b1b6f7d73c9c0dc52495d84ff227e64fff51228f7a09be6fbe2b20fe2 |
| SHA512 | 8639b5ddff4df1ab1264afe88a2f7bfaa181a5dd9c6213581f16d5456608a20fd5463b45696a806b184b48ce3f68e0f894731ea8a4a55be6d5e252cbe071f01a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt
| MD5 | 49fd30c84465db20fb18c992ded9dcff |
| SHA1 | 9d741ad8652fc837465df4ed71a722da28d2f6e8 |
| SHA256 | f56e7aa26ff5973ee69ec71ad34e755009dc5651b4ac3095093983ad6ff7e927 |
| SHA512 | 8f2eaa2ae1cdc29d3b7e5f8eaa30b85b2f24c7a74edfe423e063c2d63840cf963298940da06fcb28207033fc2af4571a8add275ef539d1242a7d168e54e2e1e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt
| MD5 | 64fe3fc441531c96494c6a5584ebaabb |
| SHA1 | a0d207b497bddbc50f03ee06a3513e22b4e14b6c |
| SHA256 | c42eb7dc496003e9cf66495e35638dfd29c99e0a096d3e740ae9963062afdcb5 |
| SHA512 | 1fb0cea7dd5352b206363a1a4f1490113700cbbba6edb2844b19302e1e5a452fbf351416e38cfad030655f3fcc14b4a1eec308888a6959a126658443c5601cc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt
| MD5 | 83b941b4a4827dca9d8eb0ffee61d702 |
| SHA1 | d6371aefaec76abe4d203ef6195c28c70967c609 |
| SHA256 | d016d37fb20fbc7e9377cbea910304d7484ffb33d01e923e94ddedf06b60f509 |
| SHA512 | 47defd08445b3e33ac2fb5041255a9bd2dd83f5c8c00e3dcf686ecdaf2807e899df7000295d0557e2ab031fed7152f012b64e6c5dc9417e1a951f26ce24e0bdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53f581874569d9f29665020f1bb6388c |
| SHA1 | a31bac8ab9eb4ad6bfd41c92028f5d15c57c951d |
| SHA256 | 48583b70ed72521bc1ef2496461d8b27ba848ef6fd5d549d0bf8725e1de9b2e2 |
| SHA512 | 3548a17c87a960b12f182c349285735b567a12864b19d17dd7ec8239d16020a7b16b3dea959d89ee0e961d313d443d26b117feba5f67ed35cc6c83463a4a5c07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8
| MD5 | b7d64b97496e964c759f5d4680bec8c8 |
| SHA1 | 679c0d67248c7c11fdb43ad32d1e9613210051b7 |
| SHA256 | 3be4fecde385083f3c3fef83ffebfaac7ae8771056c576920b8c5e06d85f2423 |
| SHA512 | 287281b696dea821705fceb17531d6afc2f32a10a50a051f031ad4be7feb23fab25d08b23004b4285a997f8b3d6e28da05438cf2bd57d45c41c89a0c46a0d2c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000119
| MD5 | 62a93b04de8006792d5a3da41ea57be1 |
| SHA1 | c8b64114d38bff16806e905aa893aa9a444a6421 |
| SHA256 | fa5ec81ccc4fd3dcf30948b5f6116a18988b71edc7851183a71be6d779cc8297 |
| SHA512 | 484705170da233e6fedc9d26dff7632d766666ded7e2539ed974ccee0070066e341b07813b7730f62d90611c579d9a024af978c94f8a81ba37068a0829fd4c32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102
| MD5 | e7ac76d3239e9c64a3f786b3edc4ea2d |
| SHA1 | e5b995311bdcb224c95877b8e8bc4f8ae9d98a42 |
| SHA256 | be82f9e21c62717e63eec10f7c354a5d64327c212eea4256d538ed76be9189de |
| SHA512 | 70da9fe1344bf34c2743a4649319e131460add58c10c42177827a8e0df0f0bf13b7c63e6f388d105abf2816746d10eebba44c069fe263ad0f6a33ad2eeb2fd64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0
| MD5 | ae1a092ab6eee936a894c5c5a75787c7 |
| SHA1 | 2247cd0e12750313b2e062496df83395cead7143 |
| SHA256 | b1468c60462244025525ef4eff7610ef706db693ee26356c16e5801c97ed6e76 |
| SHA512 | fd3fd518bb290b622c7acdca28e28239854ba0accdf9be59dc27591d50632b141b09c27d2d43b1344de19df4eae56fb77965790900294f5428688333bbb4fe0c |
C:\Users\Admin\Downloads\Unconfirmed 780195.crdownload
| MD5 | 1535aa21451192109b86be9bcc7c4345 |
| SHA1 | 1af211c686c4d4bf0239ed6620358a19691cf88c |
| SHA256 | 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6 |
| SHA512 | 1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e27f1b859b40aa7482b8300370dd13d3 |
| SHA1 | babb852413f9abd2bf88fb292b25e30cbe958fd8 |
| SHA256 | 8fa5748c88a5ef656d757142c5fbbedbd455c8990f38c90a203e65c7c3c31543 |
| SHA512 | 34a2c120659a02a3e5c0a641df5b7e7d90fe6e5b1a56ebfe1242f7fece288fdbb65d531aeb6d1c13010e769310cb95bab8032c4804f7171492cf32544d197608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c9435881b3bb3f90039deeb77e26cc22 |
| SHA1 | 703a966feec7dbc90ed67d468b57ee8bff031b3d |
| SHA256 | ff2d91ec2161ae082d391c56d311179c9b4054f8dc187ab9b51d7a068ae3354c |
| SHA512 | dee3b8e8c61ec14127a58fc5562d1957570728a7e52a34f57b0b85f41e70f3a2985f5799524d6b97b5193bd7fd77da2fb4127317b913a2e0ca2ad00dfe07b871 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\d7d4da3d-e495-49db-a812-164444ae8ac0\index-dir\the-real-index
| MD5 | f5d5751051220a80224dff32dd9924f7 |
| SHA1 | ed6d4ef8472130e89a02f5202f4227c672d99346 |
| SHA256 | 0536101cb42476c8eb011c992b685ef01e6f6a0ff0937496031ce05a7c60e7fa |
| SHA512 | 8e0250b0359bce66ca5f9407517b6297e62ed36152f9281cb8c077a65fd7e6ea2d7c757bf6bee1167f9986d01082aa35f4fe2637c42175b4402a9136d8620d3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\d7d4da3d-e495-49db-a812-164444ae8ac0\index-dir\the-real-index~RFe649ed1.TMP
| MD5 | 80791b28442d16f7667e8db661b1f008 |
| SHA1 | 94ffa590988a62439a1739ceaf8b8255fd9b8940 |
| SHA256 | 6333e69a35b5cfaa7364fd2d987a265f1abbd2e7a793cdc65e4b8c48959be7e5 |
| SHA512 | 986c80a5ae98827d3cdc272acb058e93fd3345749d8290ec48e338bcefdfdcf68fb68510d74ffd669afca673ffdcef23bfea4a02237df9694be951b233a7f38c |
memory/5864-5337-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5072-5341-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ecba22549ecc5744b44591a6d6bc11e7 |
| SHA1 | 01dc96c9739d1f93e7a68d835b7e3efce7b1e3d3 |
| SHA256 | 026c2e6cda4e9f67cf3326bc82339a76b349b4ad76339059abc847acd8e8bbaa |
| SHA512 | 73441e3b7cbb960e92a143caea7e434685b408e6556139dde2755616416023c2bad5346bda767dbb71e53bba1ccb50b839d8e6e0aed9528e8ae4f7c701c12e54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 92cf9520f7ee15fdd321cb75902b055a |
| SHA1 | e163e0d5f6f945a6026c95589752ba82848b7366 |
| SHA256 | 0ef487c71fd2ff6d9ca1dd329d70f7e326a1782b82873ad4bc4b3de7a75a61de |
| SHA512 | d119e4caa0bd8085ec5b712fc5a5d9cec2e602cc21f6c54c1c22c74bd8eb210871c4a788a5638f2a59aa95c26fc0c3875b5cf487ea3c1405d315c6ab75cff5af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\261d518a-d21f-423a-be8c-3ee64ea4017e\index-dir\the-real-index
| MD5 | cd3a89fb0e838094efe04231da048226 |
| SHA1 | 84e92ae647764dc5c3a8e7204bc3906da4ad91ee |
| SHA256 | 9e3fcfe6b947b3d7b81a9bc4539a3aba656a0dbbeee319fa4b6a202d286637e7 |
| SHA512 | 911f4fe6779ee173b3e7f0ebaffa1312b0b588f3548020c8d3d945c18b450a6cd218ebc4f1e362accaf4e0ccdd53d43b0dc0ee9295a885029eb4e0d58be7c4bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\261d518a-d21f-423a-be8c-3ee64ea4017e\index-dir\the-real-index~RFe64d310.TMP
| MD5 | 93416db8b53d9d15438bca2da58b437d |
| SHA1 | be0ce526715b557c23b4eb2b9d7b8ff3416fd179 |
| SHA256 | 8a3a41f2103a07a250e34594fbfd970ad067c6e932add89327a008491c165e04 |
| SHA512 | bc21482732d8101fff8e1377d8e58433b21f4e11a04a5bbfa826b975cad4d65290aaa81065400fa529a98c0c8df01db31abc93ee72c935b6eb063f442efc33ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f6a010f792be2f3fff556d29d8a6e776a28b08b3\index.txt
| MD5 | 867334e5a8cabfea449f4d8317136c6f |
| SHA1 | cced0f334b6774a1a952e8e39d197c2a51992ac6 |
| SHA256 | d059a3c88eb5303995df110691722328d177432d53405c4c779bf3c621ce7937 |
| SHA512 | 3c6b49a8a16721b31bc6066c92bdfd1bca82617e961c74c3a4d27c04ecff736d33209fa92b51087485cbf657109c0dab3d3ac0a557ea81c1d721c6f75aa42644 |
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
| MD5 | 81aab57e0ef37ddff02d0106ced6b91e |
| SHA1 | 6e3895b350ef1545902bd23e7162dfce4c64e029 |
| SHA256 | a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287 |
| SHA512 | a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717 |
memory/2296-5445-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/5072-5448-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b8257e6b2ac2c9e3ac506865fd28a51 |
| SHA1 | e088ce70ee9da74511f5dcf850e9bcad52536e4f |
| SHA256 | f81c4bb7a1d80a62f0718cda28932abd305f260385848774cae293f8c4812d32 |
| SHA512 | f66f121f47ae50a67a54c44867c5e4e0264ca6db1d22ac28468bd6c3d0205f962efcd97347a5cca4fcd1159f602733d695429c31e8bbedc3afe269de2ffefa93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1e8afbb6ef28423ed8b9921636108b5 |
| SHA1 | 41747fcd6149c8536e8af280b62e73ac092609ca |
| SHA256 | 7d9eadc05029f8cd86537cdbb5832067acf8801832365da27572bf55605f0af5 |
| SHA512 | a744e61762cf92498c464856a7088d7dd8c3d07df3ae47724be69b6b55ae085b46ae502207839ab0ba48e8dea40bb2b5c77e8c9bba8b35f92c1068a4348b580e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3545d2235e4d178c141860ba9eed9572 |
| SHA1 | e269ab5543c41a93c43a194f68834ca241868851 |
| SHA256 | bc54e7dde49a1be6fdbb05dedf661969d59267c51413211c48899a216896a837 |
| SHA512 | 310b7985542600df597bb644eedc1077da9039090ff2dd8584af79f8ea76028b0b64af3229badbc5ab6af0a7fc09c8a21f6b9563c8a68399775e0823c5e31824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ba5093350cafd8e1dd84853d76ac66bb |
| SHA1 | db8102cfc5a7d5a4b8c3043c8cc50be3c48af5ad |
| SHA256 | f2947505a075ae670e200ed030871dd87124873ba17188951a977a467884203b |
| SHA512 | a26da80ab18c4126c0e32a5f62bab4ae62b5485ee697e6b0f16d90e4346e4a8a0c591f487a26be8b2c4853c0993ff136794f7a6e17b55044b2a5f56fcc79c989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 67367618ffd5983ca4f6511af24875e8 |
| SHA1 | fda4b8689cd9a4b3695aa62b427421864ae8a459 |
| SHA256 | 68ebb80532f4b61c0b61468529e7d48fcad07b58a8fc09d277b84a796be87d08 |
| SHA512 | dcb664add8aa93abdbc3ed056cec6a325068a69cfb5768a297ee6cf738502812a8fec3a0c2ae408fc4389a1435f7bddfb559108d009627a1f3e44cf6980901fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9651e151c03b4be4148116b3a3e1aa95 |
| SHA1 | e44857ecfca9b9da54515072f6dfc915272035af |
| SHA256 | 31835de3d8c2292df9d9ac09bef62514d003629c3e330085fd8b054b3ce7476a |
| SHA512 | f527ebc2a0467b35347e1765161d5650e84ce22932e2abd80221dc40c283c05ca9e9564d8e8b597881e4454adb35392d7399efaff4da5f4839af0c85d6f7c165 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9a86f3c2a1b4fc09168e9762473ace0d |
| SHA1 | 571074cf3283f926fc2b6547deed491e83a5fc82 |
| SHA256 | 02d17ee64dd25cdf0aa02eb5af4d20127078040d95f6867d77ffeeb21c4d9af6 |
| SHA512 | 1f381bf8a3e224c6e96592a8b90d67a7dff7f58dffd586b2b0d3d9815dcc8824dbf32c6fd34a6e701d7a4ed62b7fab13900a80cd710ce9e6c188b24c1bc4c9b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3aad14bbfdc7ae8a8e963950d6c61eef |
| SHA1 | e6408227e7bbfe3fe14b5fc24dfd49fe6fd3665d |
| SHA256 | 26caf2a4f7209797b501439a02756dd529dc2120008419be2a29ea7af327b1f6 |
| SHA512 | 3485b48b48737f0409b8b0672a2f3a492d5be1e39b0fb75a673788445f92a36653b7c4bd4bfdbdb15f12c48a60145569b6ee28ff8532b74b0741ce00e9f28159 |
memory/5864-5696-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5196-5695-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7535de8e03928419d3b6a43332673136 |
| SHA1 | 0b370edc08aeb1b0ce514d4533e617b2875977c5 |
| SHA256 | 80ba92d8daf5e264ef059883b4f15852fd62675df058c61c7b5510090d89e99d |
| SHA512 | 419dd6b3d1792d0dbf7ed3a2c3f562ba1c35a9a93001df0717c2f339537621c4efcf3ffec1ffebc22c4b67f0539db2f81aa91677a924e95864d61f65518eac54 |