Analysis Overview
Threat Level: Known bad
The file https://myapps.classlink.com/home was found to be: Known bad.
Malicious Activity Summary
Wannacry family
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
A potential corporate email address has been identified in the URL: [email protected]
Reads user/profile data of web browsers
Drops startup file
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Program Files directory
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
NTFS ADS
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies registry key
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-15 16:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-15 16:56
Reported
2024-11-15 17:16
Platform
win10v2004-20241007-en
Max time kernel
1198s
Max time network
1201s
Command Line
Signatures
Wannacry
Wannacry family
Deletes shadow copies
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD73C0.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD73C7.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CockroachOnDesktop | C:\Users\Admin\AppData\Local\Temp\is-9Q8NB.tmp\cockroachondesktop.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop | C:\Users\Admin\AppData\Local\Temp\is-IDTIQ.tmp\butterflyondesktop.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" | C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop | C:\Users\Admin\AppData\Local\Temp\is-8CJ09.tmp\butterflyondesktop.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dndvwjqosrws018 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\SET5242.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SET5242.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\BonziBuddy432\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t001.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\Butterfly on Desktop\is-HJL3S.tmp | C:\Users\Admin\AppData\Local\Temp\is-IDTIQ.tmp\butterflyondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\sites.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\fix.bat | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\Cockroach on Desktop\is-VO32D.tmp | C:\Users\Admin\AppData\Local\Temp\is-9Q8NB.tmp\cockroachondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Regicon.ocx | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\test.vbs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Apps.nbd | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| File created | C:\Program Files (x86)\Butterfly on Desktop\is-V9FHR.tmp | C:\Users\Admin\AppData\Local\Temp\is-8CJ09.tmp\butterflyondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BBReader.EXE | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t2.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\Butterfly on Desktop\is-BI9P7.tmp | C:\Users\Admin\AppData\Local\Temp\is-8CJ09.tmp\butterflyondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Cockroach on Desktop\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-9Q8NB.tmp\cockroachondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\Cockroach on Desktop\is-351JO.tmp | C:\Users\Admin\AppData\Local\Temp\is-9Q8NB.tmp\cockroachondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j3.nbd | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSINET.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Snd1.wav | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET3D84.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3D14.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET51D0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3D01.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3D25.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3DB7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\SET51F2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET3D84.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3D85.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SET3DA7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET5222.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3D00.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3DB7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET51CF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\INF\SET5222.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET3D00.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3D26.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET51CF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\lhsp\help\SET51E1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3D02.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3D26.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3D03.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\SET3D86.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SET3D86.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET3DA7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\fonts\SET51F2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3D03.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET3D25.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3D85.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET51D0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET3D02.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3CF0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3CF0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET3D14.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET51E1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| File created | C:\Windows\msagent\SET3D01.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-8CJ09.tmp\butterflyondesktop.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\butterflyondesktop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-IDTIQ.tmp\butterflyondesktop.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133761643836987307" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB35CBB4-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid32 | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F4900F5D-055F-11D4-8F9B-00104BA312D6}\1.1\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\BonziBDY_35.EXE" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\ = "SSDay Control" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\InprocServer32\ = "C:\\Windows\\msagent\\AgentCtl.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComMoveSize.1\CLSID\ = "{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\VersionIndependentProgID\ = "MSComctlLib.TabStrip" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD7-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB35CBB5-A1BC-11D3-8F99-00104BA312D6}\ = "__clsBBPlayer" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\ = "SkinStorage Class" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE7-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.2\ = "Microsoft Agent Control 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368C5B10-6A0F-11CE-9425-0000C0C14E92}\InprocServer32\ = "C:\\PROGRA~2\\BONZIB~1\\SSCALA32.OCX" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2\CLSID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A70-69F0-11CE-9425-0000C0C14E92} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\VersionIndependentProgID\ = "ActiveTabs.SSTabs" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\InprocServer32\ = "C:\\Windows\\msagent\\mslwvtts.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AA1F9B0-F64C-11CD-95A8-0000C04D4C0A} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus\1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD5-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSFrameBase" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F58C996-9C30-11D3-8F99-00104BA312D6}\2.0\0 | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB35CBB7-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPanel | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE1-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCommands" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F}\1.1\0 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\1\ = "237969" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx, 105" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComMoveSize.1\ = "ComMoveSize Class" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D31-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}\ = "ISkinScrollBar" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\ = "IAgentCtlCharacterEx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F58C9A5-9C30-11D3-8F99-00104BA312D6}\LocalServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\BonziBDY_2.EXE" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\Version\ = "2.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322982E1-0855-11D3-9DCF-DDFB3AB09E18} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus\1\ = "172433" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB35CBB6-A1BC-11D3-8F99-00104BA312D6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPopup\CurVer | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 524539.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 873044.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://myapps.classlink.com/home
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6600 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c 0x308
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 /prefetch:8
C:\Users\Admin\Downloads\butterflyondesktop.exe
"C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Users\Admin\Downloads\butterflyondesktop.exe
"C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-8CJ09.tmp\butterflyondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8CJ09.tmp\butterflyondesktop.tmp" /SL5="$601FC,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-IDTIQ.tmp\butterflyondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-IDTIQ.tmp\butterflyondesktop.tmp" /SL5="$2035C,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7396458098350506656,10486292178838797398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9955792701118735136,1049187367063763022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3973576992824267748,8720781225895411995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3973576992824267748,8720781225895411995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,3297142683739795890,2454334728449740493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 237281731690436.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dndvwjqosrws018" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dndvwjqosrws018" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7232 /prefetch:8
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7384 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Temp1_cockroachondesktop.zip\cockroachondesktop.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_cockroachondesktop.zip\cockroachondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-9Q8NB.tmp\cockroachondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9Q8NB.tmp\cockroachondesktop.tmp" /SL5="$2051E,2593994,54272,C:\Users\Admin\AppData\Local\Temp\Temp1_cockroachondesktop.zip\cockroachondesktop.exe"
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Cockroach on Desktop\CockroachOnDesktop.exe
"C:\Program Files (x86)\Cockroach on Desktop\CockroachOnDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/cockroachondesktoplike.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17808631549489182489,3463461763743365959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0xf4,0x120,0x11c,0x124,0x7ffb51fccc40,0x7ffb51fccc4c,0x7ffb51fccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2296 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3580,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4404,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5252,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4816,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:2
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5216,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5260,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3260,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5456,i,17072547804372168403,9304996105651917904,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16012206553501714789,13582844342775279941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 /prefetch:2
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | myapps.classlink.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| FR | 99.86.91.99:443 | myapps.classlink.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.classlink.com | udp |
| FR | 52.222.169.27:443 | cdn.classlink.com | tcp |
| FR | 52.222.169.27:443 | cdn.classlink.com | tcp |
| FR | 52.222.169.27:443 | cdn.classlink.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launchpad.classlink.com | udp |
| FR | 52.222.169.98:443 | launchpad.classlink.com | tcp |
| FR | 52.222.169.98:443 | launchpad.classlink.com | tcp |
| FR | 99.86.91.99:443 | myapps.classlink.com | tcp |
| US | 8.8.8.8:53 | 98.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| FR | 52.222.169.27:443 | cdn.classlink.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | applications.apis.classlink.com | udp |
| US | 34.192.12.214:443 | applications.apis.classlink.com | tcp |
| US | 8.8.8.8:53 | filescdn.classlink.com | udp |
| FR | 13.32.145.124:443 | filescdn.classlink.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.12.192.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.145.32.13.in-addr.arpa | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 82.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzibuddy.org | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.29.187.198.in-addr.arpa | udp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.softpedia.com | udp |
| US | 104.22.12.228:443 | www.softpedia.com | tcp |
| US | 104.22.12.228:443 | www.softpedia.com | tcp |
| US | 8.8.8.8:53 | cdnssl.softpedia.com | udp |
| US | 104.22.12.228:443 | cdnssl.softpedia.com | tcp |
| US | 8.8.8.8:53 | windows-cdn.softpedia.com | udp |
| US | 104.22.12.228:443 | windows-cdn.softpedia.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| FR | 18.245.175.102:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 228.12.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.159.167.99:443 | api.cmp.inmobi.com | tcp |
| DE | 18.159.167.99:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.159.18.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | a21747f744e4c0e242615129c463f189.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.179.225:443 | a21747f744e4c0e242615129c463f189.safeframe.googlesyndication.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.18.29.101:443 | cdn-ima.33across.com | tcp |
| BE | 18.239.212.52:443 | cdn.prod.uidapi.com | tcp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| FR | 52.222.169.121:443 | connectid.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.212.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.169.222.52.in-addr.arpa | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | tcp |
| GB | 2.18.190.133:443 | cdn.doubleverify.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rtb0.doubleverify.com | udp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.pathtosuccess.global | udp |
| FR | 3.164.163.119:443 | cdn.pathtosuccess.global | tcp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.44.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.163.164.3.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | rtbc-ew1.doubleverify.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| FR | 185.235.86.246:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.52:443 | gem.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 1bce707d08afa99b8a55e62ddeba3202.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 246.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.87.235.185.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | softpedia-secure-download.com | udp |
| RO | 146.70.213.157:443 | softpedia-secure-download.com | tcp |
| RO | 146.70.213.157:443 | softpedia-secure-download.com | tcp |
| RO | 146.70.213.157:443 | softpedia-secure-download.com | tcp |
| US | 8.8.8.8:53 | 157.213.70.146.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 6bc141af2cca81131cc19ffbe60ecb5f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | sda.softpedia.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | freedesktopsoft.com | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | 95.117.46.78.in-addr.arpa | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 216.58.204.78:80 | www.google-analytics.com | tcp |
| CH | 157.240.17.15:80 | connect.facebook.net | tcp |
| CH | 157.240.17.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.17.240.157.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 95.100.195.135:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 135.195.100.95.in-addr.arpa | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.78:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| CH | 157.240.17.15:443 | scontent.xx.fbcdn.net | tcp |
| CH | 157.240.17.15:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.8.151.12:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | opensea.io | udp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | 12.151.8.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.51.177.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.21.192.23.in-addr.arpa | udp |
| US | 52.8.151.12:80 | www.bonzi.com | tcp |
| US | 52.8.151.12:80 | www.bonzi.com | tcp |
| GB | 88.221.135.25:443 | www.bing.com | tcp |
| GB | 88.221.135.25:443 | www.bing.com | tcp |
| GB | 88.221.135.25:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 25.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.195:443 | th.bing.com | tcp |
| GB | 95.101.143.195:443 | th.bing.com | tcp |
| GB | 95.101.143.34:443 | th.bing.com | tcp |
| GB | 95.101.143.34:443 | th.bing.com | tcp |
| US | 52.8.151.12:80 | www.bonzi.com | tcp |
| GB | 95.101.143.195:443 | th.bing.com | udp |
| GB | 95.101.143.34:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 195.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.143.101.95.in-addr.arpa | udp |
| GB | 95.101.143.195:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| NO | 185.11.180.67:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| N/A | 127.0.0.1:55659 | tcp | |
| NL | 2.57.214.222:1338 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.214.57.2.in-addr.arpa | udp |
| GB | 88.221.135.41:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 41.135.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| GB | 88.221.135.11:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 11.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.182:443 | r.bing.com | udp |
| GB | 95.101.143.182:443 | r.bing.com | udp |
| GB | 88.221.135.41:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 182.143.101.95.in-addr.arpa | udp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| US | 54.177.51.234:80 | www.bonzi.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 95.101.143.182:443 | r.bing.com | udp |
| GB | 95.101.143.182:443 | r.bing.com | udp |
| GB | 88.221.135.41:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt6.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | drive-software.com | udp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| US | 8.8.8.8:53 | pcalarmclock.blogspot.com | udp |
| US | 8.8.8.8:53 | myvisualdatabase.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| CH | 157.240.17.15:443 | connect.facebook.net | tcp |
| GB | 216.58.204.78:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| CH | 157.240.17.15:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.14:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 172.217.16.227:80 | fonts.gstatic.com | tcp |
| GB | 2.19.117.138:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.117.19.2.in-addr.arpa | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | tcp |
| DE | 78.46.117.95:80 | myvisualdatabase.com | tcp |
| GB | 172.217.16.227:80 | fonts.gstatic.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 78.46.117.95:80 | myvisualdatabase.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 78.46.117.95:80 | myvisualdatabase.com | tcp |
| DE | 78.46.117.95:80 | myvisualdatabase.com | tcp |
| GB | 172.217.16.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| CH | 157.240.17.15:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 143.117.19.2.in-addr.arpa | udp |
| GB | 95.101.143.182:443 | www.bing.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 95.101.143.201:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.33:443 | r.bing.com | udp |
| GB | 88.221.135.33:443 | r.bing.com | udp |
| US | 95.100.195.143:443 | th.bing.com | udp |
| US | 95.100.195.143:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.2:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 95.100.195.143:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.138:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 95.100.195.140:443 | th.bing.com | udp |
| US | 95.100.195.138:443 | r.bing.com | udp |
| US | 95.100.195.138:443 | r.bing.com | udp |
| US | 95.100.195.140:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 140.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.195.100.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 95.100.195.138:443 | r.bing.com | udp |
| US | 95.100.195.140:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_960_DPSFZMPZSHIOUXCO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dce21c0d98a87e40ca80103f35141ec1 |
| SHA1 | 1d87f2a76167487bb165c40baed3135fc5ac06fb |
| SHA256 | f456fbb33ea8b3148f737f28465ef29e382e4299a8550e021e438156be3c1b73 |
| SHA512 | 142e989ee95ad7e9050bfce38cb1a7d5dd4c176ce2dbc0cbaada27b5e18cb579b1e96f017e13c220c961145d0ebb5995dddbc8a31802715fddb0fbc8c1f17f20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | 618f5ba7408819fee51f58efecff927a |
| SHA1 | a90d3bffa05e68a4d660a4c740e4f312b383872a |
| SHA256 | c6b8a22e425fbeb7e625ac831d4de2838791e1a00c3ebb838c2eac47ea46645b |
| SHA512 | c77846ce683b8bc6c588d02e6887cd8d085644e8f0d6f135f12ba61121f4f998fbe36b5bb74e2a466fdd42f6cc33b0fc6b26788cb273c0589a9293b1b8f33fd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\37e5a750-e08e-4eeb-8dc9-41e745a2fdd2\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | ff5fba6c0167c218d402c2a53b61516d |
| SHA1 | dd03bcdc8f6425eca68d53f34718f46a2ee54413 |
| SHA256 | 058c50c4e2ec2bfa03202f83f28ebbd4832809e25f53ed83970fc01371c79c95 |
| SHA512 | 51f1a345bd0d0267b655dc7989ea57d823e38190d97754f3b2c1230d7cd4f6d24ba84e0c39ced7d633c03d0376c8367124ed5dc6df4b1da1fad1219865e789d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | 9c87538b1d7cfed378c34a1fef9ccf6b |
| SHA1 | 9bba3131950adc0610d402139f3863bb1a9e4655 |
| SHA256 | bcf71abc7f21eb5b0572657334e32414e341b783e8ffd1b1ad4c960e4963b1a5 |
| SHA512 | ed95487cf216bd3f177d291f96655c47e41981226326acb77ded36586135e39f853eed39ae4b56ba6347ff1f31228ae2d2cae01385502f98c29d5514566c59c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | 5beaa86ebda953d4cca757ad99081a3f |
| SHA1 | a0ad8b2917019ae1ddbc6a932dffd5c508612ab2 |
| SHA256 | 7b0864c574afb3dfd082a08d0655d2a41c1dd9731ed454c93ea500141923c8f0 |
| SHA512 | ae17ca155c26000b4b545ad24ab6fb2125c7c6de0100b96d0d6e9916c6b4ca17dbed761925adbaa950ade051a3aaeb925947f3f7581d579bf00efde2dcc6e6c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | d1fcfe5dd15d19359fb99eabf6ae400a |
| SHA1 | a902d5bddc0f740e52c54b974bf7cb530dc767ab |
| SHA256 | 5609068686cc8be1a83683300228b4a72195dd11dfebe65f02a34761b528531c |
| SHA512 | b34ad1183448657b65a68575a49603b1647b9da1ba9dd7f0d8cdb6525bbd186455285cfc662282dc22b1d0d24982ee602e763f04328494b1df2b49b6fbf93702 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | c5f008b4f0be70617440e218c595f39c |
| SHA1 | 2425c5d4f524b593ef035d9f4ea286da0d11f0f0 |
| SHA256 | dde220f04067f0d6484c8fbccedce03b3078d18434108dcecd3665598b64c21d |
| SHA512 | 03c40658c3c8c0fb51a871d3c1f0b12f607531123919f549803268b05822c1dbe775b513cd634790c6734a3c8f32315bd331c74a5429756da4188d9026b0569a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | 5496f2c4d058f2d2edf9a3dedbd687cd |
| SHA1 | 93d50ba09f1b33931b0d513142d85c3c5a634b05 |
| SHA256 | b5e85894ce46443f4004eb2652449ceaf27ab8f22328a42cebdbc42810d8d952 |
| SHA512 | 0d256fe6ba30009d6a11457afd27e5ce8cf88c851097f9160fc5254cd7f3979d5129c288b5f5dcdc71d17d71c96dece079e84430cd3a7678a4276c5420965215 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | f2430af6f6dce7f30e8b1303916e1cad |
| SHA1 | 1c8e984f05f88cf698eefd15c45e8d7752ddb4aa |
| SHA256 | 145b5b3a71b134d8b04411f9257fc7afd19c1eff56223a637803b7a7e101b476 |
| SHA512 | e4a181c829b718e326d45597ca827c4ded4e5cd81b6ea7c3231c76049269263ef29cdfaf9e5ff8856bc3160d7513f421dbe5005a6fc6905296d789c336604dfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a9f5626bc713ddee03758b30ab75ea68 |
| SHA1 | c2cdb38cad7b13f8ab21483325713cf0f319f8a9 |
| SHA256 | 88a1ccf66238598d2ffb08939448be4fbb7d66484ccd2b1e6e06b443ebf0072b |
| SHA512 | d57bcefe30eb4a726a87c3511a7bf5928a2b79aa842967332116ecc3138b9d9a50d75ad50733bbd5ba8b554aa130a857a15c1e54e485248a1c70bc39a02d882c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee2bce34d356fa0c48cce8ea98617066 |
| SHA1 | d3ba87fade38e69299b46c8b8b44ca40bb7f2873 |
| SHA256 | 321177dca897d9974cd9db112bfec6b1b5fa1cc4f407a8a9b0b43a1438688a1e |
| SHA512 | 253662ab844e05622939f443204d6e0443420a2ec2ecc69b8c8af677f8e5cd2ef20e288fa206693914506ef78f27c357803f7216fab6865e6253b7e8cee240e5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4af455e6843edb36c9d0db40c44598ec |
| SHA1 | fe3d52c252780101ddc9587816385b21531dcdba |
| SHA256 | f25fe9d42c452d7c35600fa87c8ba070995f2dd72f70ee21c7b6138eb7589704 |
| SHA512 | 71d15d88a6924bd9635dfa19b25da9e8594a53c25ed7393e9ddbd916ae92f3fb05a94bb928fdd1f90e0bf9760d529a620f930e7a20494bdc499eb58144887421 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 220420e7c6e6b817f2c1ee62c0ad8bae |
| SHA1 | f82a4b533645cc616d8642dd5d3b6b43e9560b87 |
| SHA256 | 301f5cbc407b89c994a9ecbba95c5f612b546187e7602564b5ec9796853b95be |
| SHA512 | 0e9a6e22e4e8c36a7344ef7f4dec5bf4a09715c4f3a09b57c09c245f971e1e9f74e0a608f31353b1f100cd9770c48d4d4c1ded3e38ddd22659516b7c6a2a5edb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d07f.TMP
| MD5 | 44a85d2157f9d95740b6db15df14715d |
| SHA1 | 7b1af9ed9bb19ba52f8e11d11d017e60096ac33b |
| SHA256 | a6fa9b2e4c647db70cf673ddd5e48aa56a7db0a8fd66e387a8fc1c4b1117adda |
| SHA512 | 4a5f2d4186d78fe8b978317d7a21010a28be0283140951c9ec0017bc44a75a0c51c4eab4423c3c5d944fe7c3f1efb81a5532e199813374dd7b15bbb08d4604ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e4eea65086e595eff3dc9e15525fa728 |
| SHA1 | 7b5d61bdecd8d7741c404ebd683546eefdd5ae79 |
| SHA256 | 422ae65ecfa7b781214f6627ba31632e0d0dbf26d25e9ff2eef34b57b5a2d8b5 |
| SHA512 | ffabd3831d8aa63501c239ec36abf27245388461d29d45fd09896a536460df2903b2434d06cde7cb236a04f3768fa26217dbf274b43612ab05be809c2acca40f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d2c1.TMP
| MD5 | d2bfb74c671b2e85ef1c180e7a19d687 |
| SHA1 | 2725e577503780f2f3bda5b6960da17547a4743c |
| SHA256 | fd78a1c06470e1e21a8710a2840e5b1350045ed4b5b3e9ad828a68c0cad26311 |
| SHA512 | 2679a588d9c4a200ed62504ad87c629fb7549c833fe4da36ff00a9a604f6d568e98d07d806fdf843805e61a28608e2818dbbc4b1897212ef521bf21e5a6fa5b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\2590855e-142a-495f-9453-4e169b87a753\index-dir\the-real-index
| MD5 | a3f1a283d2eca098b9b615d18ece9a5d |
| SHA1 | 732ac194484170c0f0089e1c60214ada58ddfc7d |
| SHA256 | c23c9bfa549bf86ccee5b44f6bceefa5e40d56e2a53bfc6f61e4d88f279fb164 |
| SHA512 | 0a5e73c5f089575aa96de6e0a91f3313e280fbb13eeb80ca716721d0e7689a1bfa3d6e0d8571779981d7ba120629578dedcdd08ad40fcdf19ef838bf7768a60a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\2590855e-142a-495f-9453-4e169b87a753\index-dir\the-real-index~RFe57d39c.TMP
| MD5 | f003b72bb07796dafde1ddf424222abb |
| SHA1 | 0e10ef53ee80336894548260172b50c259ca1a2d |
| SHA256 | 246cfb3f633665daeed414c9aa8d26b41df25a65ac7b9a41c47eb0d253be52dd |
| SHA512 | 2c525820eec48dcf49eb9ebd82e4f87eb2f1ae8893954e7d258fb07d7e891b96b3044ce99353ec784f069f1344608641a7bca19d13e196695bcd476c1265f022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\37e5a750-e08e-4eeb-8dc9-41e745a2fdd2\index-dir\the-real-index
| MD5 | 0034bf02adda449ceeeaf1d53cb7b0b2 |
| SHA1 | 9c3cfee303aa6bee8350f53950662d9a6bb19205 |
| SHA256 | 8bb7d42cb84f96081b43d61a037aad9936e3ae3d34b9bd551ef56ebbcebd20b4 |
| SHA512 | 479e04a3ad448e8a3735fc7f317f9b4b29d6dfa2ca35a9c8bfe9e5d140c5c308455ae075108ca95e0c06889a3557b1188f453793555f094771de4bbee2a5556d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\37e5a750-e08e-4eeb-8dc9-41e745a2fdd2\index-dir\the-real-index~RFe57d448.TMP
| MD5 | ea2d426ae2bf8d16f9f0ed35e10493ae |
| SHA1 | b6c3c5ab411e376a2fdaf56bfab319146923c630 |
| SHA256 | 811f0d73cf6672c9c7bc6a8915cd674a620b3ef4e6cf43aa9f8b43e7b7f266f6 |
| SHA512 | aa1dbb371fc3352afac54c7d9ea7c9f8cd9d5e1366bc387859957bd759817efb0b03dd06a5eeace437404aace6f64439e0b59ff713b3b4839804f26c761944d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\e22570a8-8d2a-4b3f-acc0-a6d578e0b921\index-dir\the-real-index
| MD5 | 1f685f24b65fd7432a746f854e26c769 |
| SHA1 | 17f51c929a6984514863492d215383cd6f17f3df |
| SHA256 | 4f1437372a58a599d285fa404833435aaecdea667118e669f98d269029ad5bc4 |
| SHA512 | 5fb2dfb3dd3c604ab4ee6aeb8e9bb95c26a0acf1f8360951f3f74349af7d86227c2f4db09938572b85fa61949e3c203fd362d51334d8240b037647b4b8120ddc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\e22570a8-8d2a-4b3f-acc0-a6d578e0b921\index-dir\the-real-index
| MD5 | f06713de9743bc1a37a9a3f2ee5cbb01 |
| SHA1 | ca4843d01b3cc071bafe4cbefa0e235cdbdbd71b |
| SHA256 | fd3b2cc58c1e52a912d7e781e3fee145715c68abe26bab2c457fd65c0da84a6b |
| SHA512 | 46f198a259e3c34389938bdef55f8750dab16e00532e07b49d5e8b249a0597921e3e80dfec86a57e32e25b08dd65cc3e7477c4ab84e09b14c2f850bddefeef37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e1decd2c72a74d45fe3c8a1a787445243c8ec03a\index.txt
| MD5 | 68e9c94c1b42330c12a3075c6291863a |
| SHA1 | 96f19ee602de41a33c038ef01853ebca66ffb2db |
| SHA256 | 97b8d5799006875a233e6501bfb7345df50a4c195b82d3b4d415726edaf36caf |
| SHA512 | cd3b084465629bcbca9599cc25f2c75e20e421b761e88cf2e550c3e85e4dcefe4e27fa0b289c50b35dfe35a0c6b28a78f427f2c4534371d6e5200fe75687c7c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49058829e48dfe1431fe45cdd37d9f44 |
| SHA1 | 5b0c3ac9eb6edf31d97aa4954b3f33b0970b7d46 |
| SHA256 | 1fe673e969dc24a8b72dacfe8d8bf586b0c50a543b21adab1ffc351542c250dd |
| SHA512 | 0ac0a92921556a2eff5860c9dfb4bbba17a7b9604b4b4f58f13ede65ecba9ad8f819d2d56028e3505ec0f1976293ae80a1131cb79222fbc9c73921de5ed1e13a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0e2ba53e53657d3d31324b0d5615c24 |
| SHA1 | b061bdafaf62506c651dc92c3451261ae691d54c |
| SHA256 | 64be566104f0354b0cc41c20b88f54c9d7c5b3db1e8c41854dcfc2359a819b5c |
| SHA512 | eb4426be26b2c2005ef75e89625dc348af43211531fcdcc0506e6a412adc3245d0dcbb969ea6421d342649e2595282c91fa2e332cbfa7ad7e8dfe7c4b52dae24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 79f2a1fcefc43777f38778f4cea0652b |
| SHA1 | 72784397e4dec049ff712ba4c05ceb7fdd2d92e6 |
| SHA256 | 23c66bc5dcbf4670a653b0080211f48ee5063c3aa2b6bfdd13d66ce35b74b1a7 |
| SHA512 | 415b58c2fc5d21363052f5fa40090a157a1524a715f551966e7003a111706a91679a5d78466c6b6bc629272214912abe0c0355180b16f780ef2a4997394495b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 5471bcb5d49130e822726e45b6ae42e7 |
| SHA1 | f145fda1b19ceed3a74e2b4241a1d8c4b6d945f0 |
| SHA256 | 63a22888f7724a1581a3d70bd792d9d9780e9ef03d3a48192ee2be4c981fbb0c |
| SHA512 | ab52261f630229208ad1d285734f34a0a50067da50f43b8267302edab4a3b480b73f85c229354c41936ff942cf5af7bee6b80cd8d554cbb4359e890a01430f04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b29b1abe0bcb31d543b30a5b78927f6f |
| SHA1 | 3bbf6a1dbd132d7529533b3d726f1e379c592360 |
| SHA256 | 694733bc31d06246f209a57519b694d164efd12ea2dda4fb7416717c27ebe0a8 |
| SHA512 | b33d0f3f1fc06e11c756f4dd9ef560006598ae1d30c4b513e770dd66962ed6d35979523851404c1969b45b83eee7bf13d767f09edfc4ad948c1d0c34eee88268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cad1a49ab7ea49751d6937c35501817a |
| SHA1 | 5adee6b3f2d2f3c01689b148dd4c8f0c2bc7303b |
| SHA256 | c15a87794b42749da4f34a4c858c0b6190142c1e545c8e581540141c0b4f64dc |
| SHA512 | d842af9d91d2ae62f9c094e3e318e61c2eb5091ff9961b0b1902d9e0c1a923b874284e44f5db7344f57130a4e2af121cc2bfb839314aa6f51bb2057600b20731 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7cfc56d0f07d456b7688a0c03bc940ec |
| SHA1 | 78fed9a4c4476f37601e72590906c32cdf6b7520 |
| SHA256 | 8e524060f9c1b4f85f1b780022702c34f8800db07c1a51b660ffa458b08a4f21 |
| SHA512 | 4045a06afb041652fee01ee5115a2da1d91e188d2592d842610b546d76f5c18234b6cf52f829fa81e320f19558694b3a65da13257f10a45403df828ac420c158 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
memory/5308-1045-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 578bebe744818e3a66c506610b99d6c3 |
| SHA1 | af2bc75a6037a4581979d89431bd3f7c0f0f1b1f |
| SHA256 | 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71 |
| SHA512 | d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36 |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
| MD5 | c3b0a56e48bad8763e93653902fc7ccb |
| SHA1 | d7048dcf310a293eae23932d4e865c44f6817a45 |
| SHA256 | 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb |
| SHA512 | ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
memory/5308-1287-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
memory/5308-1651-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b55a031d1e9ea21b03bceee93aabb6b |
| SHA1 | b99212be1f00737855e0a7c162cd5a91a1ca2ca3 |
| SHA256 | 52d7a754e8da9efb39200226cc497217316d949a04cf99c8af19d4d988ed220f |
| SHA512 | 006cc843c098c1d33d96cf9653e034c1504e07c3aa6452ea6d7cd5c3d0122e332e0478a9899c7959ed25ee64522e190ccba3dd6747b5485c88121bae9dc1cb2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7737d7b2fe667bda2e72f351bc3ab344 |
| SHA1 | 4ace3461f9ce86e0d7c214f13b3c8ef081b5189e |
| SHA256 | 50e1c4f4b3600cf225134fe8b074220bfae646dd53e65227ac1ed774f1e2228a |
| SHA512 | 8d3498f0b319f8b00d20eff647dec1589a4384e896b69cf0166150dc1ed256593a5ab589c0db8caf54b81016e4afe79d824d6d74d2fb93befd063bf28f903f07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38111f6fc7da6d23b9e95b1e2d67c750 |
| SHA1 | b7433f118577b706c91f51ac43d22b911d240a4f |
| SHA256 | 2a796a3e8ccf5639e000c30d5da75c017b6e3add51bba9623eb25e47e6735080 |
| SHA512 | e0ab7abe5c41fc95da12ec8f4ae0a00712d95993a49b7bf949221e241dd45290d07347814c93a0735389788c5937a8ccaf0b0eef87d29dcbd5249789d1c71f18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 765201ffb9abb8d11108276c2e5d8ca4 |
| SHA1 | f023f639d8b824a71cf06ed851db7768833b75f1 |
| SHA256 | 83dfb53959e6df32058755a1e4a175237c69a3fbb81e807ae2c570e65494b9d8 |
| SHA512 | f5d329860991b30bb09aafbbd9cf718466dcdd3048bdd0ff214ce4b6c0a2da99dfd3e6bb23a076f3a60a2a1500a049ddcf6b79bcc2b2d06ad123fe8bbf648cde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e7e8536fe57f90f154ca1fa54f120e64 |
| SHA1 | 5b99f0a63f20c4cde274e66368b92128b24ec6bc |
| SHA256 | 28eb2f87963d1e44c1a076e2e0c391bbaeb4f03039529beb716f3e310570b63a |
| SHA512 | dc3a8e18d0cd1466daaa3dcb5d6236989fd2bb30e73e7218faf95652981558d1f1401ba4597899931d549823b714f152ac6ce4a99a6d02435f9f19754183981c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ab8635e8523ad59a7ded06e377281eda |
| SHA1 | 74557903cc381aba0033b2593708ac857fd3e4a3 |
| SHA256 | 49b68a4888b3e029e9269804453092b2de59435b2fa47bc1935ac3bd8ff89f45 |
| SHA512 | bc8143b87662c3b60b3f19ae5b50f4144e547f6fb513283148f51965431e66a03101d0fe5e5f310c622c3cb082084285a39bb2f6ea523a27f19d95b4a1aead52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d6d78a134ad81b3966c7566b80c3ef5 |
| SHA1 | 7efaf3c8b16a08f463e6946135fdf79a65f581fb |
| SHA256 | 755c8e03fd64fd1e35c3c3d01b712ecfae0721ba60ef9fa3d74c28937166718c |
| SHA512 | f4e19ffb5753e9366d0ad240d43b569c509794dc81d781f6147adadadfaa7e912512af7cba514a94f8679b212bfb3efb943c933ee50cab3114d00cfdf43677ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 6c2f3d357123eeb0b7ee1719d3a39b8b |
| SHA1 | bfb75b0ddb78c8df89f857749ea09e1fe2c4bac2 |
| SHA256 | dcd01aca6054cea79779a5cc32cb16d0847142bfb3c89f10c1c375ffbc6e4adc |
| SHA512 | 1bf112bb9b4635a8540c80675f8c0152e2994f1ea88b4e5d8e3454bc6514f258c746ff8f4f59114c11d7c650f96b6884e9dd01fc78d570b990f04dc09259d6ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | ea35549990f54b349e6508f4f4cac0e0 |
| SHA1 | 8efdec385374e1a3b51bfd29c3cc9315e7dc2df7 |
| SHA256 | 4a1c17a1326271540f84968f43e9f55f936ae9085e99a6d06592a53f98aeff2f |
| SHA512 | 67c956058c45810b4d06f4c3f2974c3b264289be435a06ca219df51cd51f9e25bbdf1db42c20d9f435f1689431b5106c21dff8a400ed6263a6b102dfb51ba7ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 292ab4f17f2e0367543660f0dcf5a6e8 |
| SHA1 | 98d642f560ece292449267bd95a3be947f50a0a7 |
| SHA256 | 32f3be849e69bba0df7c89388ff4bdd4a14040e16627b1d43d4d84752fab26b6 |
| SHA512 | a3676f0d433192c83ff05cb3a5f3820ded7eb3f0c8cabe4e4ffabeed31a601b94b018ed35a7724a164be31383699360eee72eda11651a0e15e92ee40bde0cba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0fab3f348e7850977a7403a093a0a078 |
| SHA1 | f7de1d469ed2d15aee1d96c8c39f015218b8d859 |
| SHA256 | 8b15ecd32c2d2d3c56035118cbb77f21ce6e1dac9e348052d978e204c13880b3 |
| SHA512 | bba5002a489831c0ba98f05c4895b54523007b2f25e69fc8a144a33e04585733676f03da368fa212b79919ebd7143e49bd283f3d03c4c67df6c7b6acace40604 |
C:\Users\Admin\Downloads\Unconfirmed 524539.crdownload
| MD5 | 1535aa21451192109b86be9bcc7c4345 |
| SHA1 | 1af211c686c4d4bf0239ed6620358a19691cf88c |
| SHA256 | 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6 |
| SHA512 | 1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6149506506131a0b7cd94e8c806708cb |
| SHA1 | f6fa2a6cba0c2b6c52163bbd6a74c8187dfc000e |
| SHA256 | 0f622bd63157031fee84c8a0d7410a0d3550ef916a80cf4a36fa71c1ecdd13a6 |
| SHA512 | 8f69531e138796c0e23c1eac1af88e93b0e64650fff80d50762e7a69262f97c925ed1485b0c6bce8d50c9c550fbede97851cc2544080f8d91d9522c03192d5cf |
memory/4984-2203-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4824-2201-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | d536220c7e2700b71ec5c4c70bffb6c8 |
| SHA1 | fba839e50cd52503246e486a1a7ef0cce510f919 |
| SHA256 | aaafc7ee382944c6b9d98e123fd22ace4d533f3b2e258ca68bf300bb3e178524 |
| SHA512 | 6bb5a6246be03e45559181aadbe4e28af7cdaaa1eb16c3634354a8eb199dd1d7febf528f6c398441edb4ab3803e8d5c9b7d59cb2c758dd08347414ce17d43366 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 1fbd4305ceaca6a2b6fa46faa8807d44 |
| SHA1 | 67a2b20e4f7a5c69678a22d89ef8cdb7095dbe40 |
| SHA256 | edb28101698341f8456949c8bd0dadc73dcc94bc33292d9d805a7e9c4bca4fde |
| SHA512 | 40d18ba53b7d721bbb948f551274d19c5865f89288eafdeeec1c9a65d05aa44b1f4bb8b751a386802a817426f0a75f59783242410ec4701f87446026d4c81f76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
| MD5 | 0dab0c7b42350e02cc3a2455947adaf3 |
| SHA1 | e16e426a82b24d209854490b1d42dc3c572ae1fa |
| SHA256 | fa8500a32e9b9c7fe120b9c3f494389d6e33dc3e67f1e542299116f86de35777 |
| SHA512 | 424c139044079cd0c489b394ce1556cc9091f85ae8e0ae9956a4622678d6fdbd3a1133c43167fa44460cb27f4e45fb81685904ce8357607fe57e91abd43e2c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 0ed1814f505eec2506f3003c31fa35da |
| SHA1 | c694ec9332ff1fa5474e2ec9eb504b7eaedd2261 |
| SHA256 | 55e81a8489541ab71d003d184ab3f5115953d031a5ff3315b6133e1a7a91d060 |
| SHA512 | 1517ae8b3162b0dd948fcfdf3cf355b1f6485da5018e21c0b81226e5bd2ac0db47bb9693d2d4019405fa35137375dfc1f242a9fcbf1bdcf2e23f2ed83644f699 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 96a23cee992e2c32e0509b228e9610d9 |
| SHA1 | c63c14095a88fd5e9039bcff4ba18880821c3dc8 |
| SHA256 | 24964adff5ce7b2076f99a4ed7cb17b9868155285d0a32f76422dda0bdb3c711 |
| SHA512 | 9d0380e1eeb80c6ac06e7834ce8b033fe17101d351fd9cf96c8932188b40b623f63d3fe6acf4b2241ff62f0e2d1ec0acf6610de45a297d80f67a11d4bb2ff382 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4644eca583c5523f5c01fc9e6787c473 |
| SHA1 | 008eeb035617ae69db3674e4fa5b3f085a6ce126 |
| SHA256 | 092477090e339ec4f20b0ec101b7540b625df7855ea1e7a17dc11ff5687c78e6 |
| SHA512 | 6c9b05692237c83c7fbf1ede810c1211fbba2a5700b05a269d43a1750d0ac608bf2906ec2601524b8d8ab58983fc916c42921de2030e5e6d11a55a8392147d14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61d8464eeda91a3c90f60c8732df3213 |
| SHA1 | 7487cd8aeafcf8a2659bb266974a7067b1ca1d9d |
| SHA256 | c6ca5ef0a2a1401d155863d417bd4a1560b278753d0a240e3ccd47b803e87384 |
| SHA512 | 325694e472f5c35edff4a0186864ee9255ea8eae695de09b8c2ea4501276693d8af8f5f704395d05b5d40fab0c845c6db0399f4c70dd417647193ee7bd0f3665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 05cb4b9f101e025994f9686f3999fd43 |
| SHA1 | 7450f129ea39792645b56de215eaab1d91182fbe |
| SHA256 | 07fba84e209fffc2a8eea1a88ec8c77cc92644c9050b7669b212bf1db30663b3 |
| SHA512 | 9fbf0e99a1f19b362d9e7e31dc0b6f0d49177cea922d9d6acbc1b5a84d1bfce40c3a07e123b5b47ed9a531befc9a2372be3393502b5f00221d74ae23fe80efeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | de8ed43606aa444409787fea22d06dfc |
| SHA1 | 4095f01030f602413afaee665b0166470caecc5b |
| SHA256 | 13d2d7e8556e17440a49c71ddaaa976c96d1bb85c07dc403fb09ff2f1620e734 |
| SHA512 | a11114498ac767bafdeb0895e714b8df29fa82b38b2d4746794cd466a96e1d543fe7c112d7b95814252a7b21022eeeffcdcf8a731e6599a4c61db2c8201f7d45 |
memory/4824-2313-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4984-2314-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5084-2315-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/5864-2316-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b43e203813a4fb641cc64ec16a50a9c |
| SHA1 | 5aefaa9e416ef896572120c9ddfb94f8e6dc9097 |
| SHA256 | 90c7f08787a3d879ef2fee19815e6bc812925a01b9df36a5cfb4ef2d106d0baf |
| SHA512 | df66e2cbae0ade79927fa90c253a872b04badc2b3ae0f69f99e9005373e884485b9cb2c2c597c8065d78437dc8e7121a452397d5cdb41c9d2869241141e247eb |
memory/5864-2329-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
| MD5 | 81aab57e0ef37ddff02d0106ced6b91e |
| SHA1 | 6e3895b350ef1545902bd23e7162dfce4c64e029 |
| SHA256 | a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287 |
| SHA512 | a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d6d426674a8a633e6b4c912422427a99 |
| SHA1 | 9579b04f760eaf6372e2574ee52c5702dfe443bb |
| SHA256 | 4907443b3d45fd4e8a35f181d8d9d562f08b07b844842d8f7b845691733cb27d |
| SHA512 | edbe64f9aff7175c234f3fd9b61974f8957b0c389f52904fadb8d28e3065b0950030991fa89e3afd8b3a8b1bbf311864a0ddae7658032421d1925e7808e81a7e |
memory/5864-2370-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/4984-2373-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 876f3b79571cd48f613e458a6f62dfe4 |
| SHA1 | 06dd6074f8814277ee2ccf367d47ddcfa07bcdeb |
| SHA256 | c49ffb2d9c7b9024a279c783ee806c347cf63aacedccdc2c8e006c904ba1335e |
| SHA512 | f00480d78003f4c3d945218e49f93ef96a79d26403848526165f675bcac3761e3f2859346d947c74966feef79d605071551fbfba5b26fffff7580a8e0233fab0 |
memory/3928-2436-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fdc1beb5fbfb8a3f3ec19b1c214ccc07 |
| SHA1 | f5e018b9bbaa2d877c1833c80bc4ce4a656455fd |
| SHA256 | 6ea5e78cafd2b0f723173b18b0c9d2ec930cf29854a41604653910a5207e6584 |
| SHA512 | e5bd80e83c9998c625200c7b8375a22c4401452c0f654a33142a866a8620a8ee35741eb3024a40dd75d1f8a78431e241c19ced14378a39bc291e0b72a535cc96 |
memory/3928-2448-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d5485270b75954895c7f5c02d0ba556 |
| SHA1 | a10b7943ad4588b581b8d6cc0c503e47580f93ea |
| SHA256 | d7dade3dc47234eb66151c87d5406a38eca7964d68923e84fbc675546c274844 |
| SHA512 | e7269050c54c9d92c720d823c77e96db81d948cea6a849465a8b53f594b6d277597085c3795510dcdaa63eac0839331e6736b11c8dc01a5d0654c7d75c913354 |
memory/3928-2460-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d60bad10ad2981e4681e1a0943dd67f3 |
| SHA1 | 3e83da528cb674e7a87a94cc6636aa3a0d84ecc2 |
| SHA256 | 7d0b08eaacb5297e753cc1b4e74a115cbbd752690108dde82cb1c6e0982183f9 |
| SHA512 | 921da0f6943fe0b86ca9888a94a6e6ad3f220c479c78f870d0d46e2252e7baccfe38b106e80056f78e81ad8cf68dcd8e228395a2de41da554014ec7a7d66ce5c |
memory/3928-2472-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f8a2780e4250ea752635996daa5bcfe |
| SHA1 | a545c967ea54dfc4024dda04fc92850b61ef81f2 |
| SHA256 | 1ecdff4f8b3ef072621098ab9eb2fd4eb6a166770151b2965b8c3640b74fa917 |
| SHA512 | 9093a0ead04caf4d987fa83d7cd4348e4e6a9604178fdd6539e4851dd27f280239c12622aec2b5756df09bcf593ab0399213241201f8a82cf9d0a868b0f412e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6c2726f144df8b47e059acee7bc5552 |
| SHA1 | c09f33e07ce27c8a6a2a75dba1a34328ec09db4d |
| SHA256 | 8a0f4d1eae5c088ac1de5d33a89994537480bbea6b7fe87329029862361abc32 |
| SHA512 | d76553fcb9d5e4a4cb585d5c79c34c6eaa2dd3637feb1bd1c9379bc28478f6f60897760302220a14e840f4e5c9231fc87ed2d6d7e939ddd0fbf5ded5cc4925e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 84bff36919661d97cd455e87b9946ecc |
| SHA1 | e692b2ca5c4d0d165c1c324ec9719c400d30f231 |
| SHA256 | 7054f6d41eb3503b9e32388444d9a6d67d32c0edadf72ff33bdb837b36a998ac |
| SHA512 | 52b641f779608cb4bfa186a7c83932586c51be0b5a2108c84c4a2d3c84480c4d654ebd2c8e4a8c1622b5830759c82e09569e80078ecb44a65ded9fd27849baa7 |
memory/3928-2622-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-MVFJV.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/3928-2630-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5084-2632-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/3928-2633-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5084-2635-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/3928-2636-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Program Files (x86)\Butterfly on Desktop\is-BI9P7.tmp
| MD5 | 1fee4db19d9f5af7834ec556311e69dd |
| SHA1 | ff779b9a3515b5a85ab27198939c58c0ad08da70 |
| SHA256 | 3d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36 |
| SHA512 | 306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65 |
memory/5084-2656-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/4824-2657-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b6b94f640ea33c284cbca4f1c5e6fb5b |
| SHA1 | 61b4b9e39b702e1a03c469ff251e892207799b00 |
| SHA256 | 99cf20ebd49bc39fa6809e67327913e68e0dc4a5be7fc2dd41ad351fdd3967b9 |
| SHA512 | 9527e72b0f3ea69f94bde193bc32f419ba5b63ae0829287d1589ec9ee0d373b64c177ce2db3031bc3858082ecdd4adf743ea4aec7c7f5e6b95389eb4de8ecc3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c122778754bffd0babbf743ac488c34 |
| SHA1 | 70d316f0774c4217b636f9edc4d7de7898e38fe4 |
| SHA256 | 8ddea751f231dec396531dc277ec2eb106ab4e122cc0e5c03030f08b4dbfe40a |
| SHA512 | ee941b60cb700cd7176785225608877f034cdef89fd0810550b5b8a040c3e702aadf33d939f110bd32002f4ab353b6b851cc644ad226ca2b28c490183833d506 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/5224-2709-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60e65dd673a8c37d894e51da54b9ca99 |
| SHA1 | 734e4bb2cce270f55cf5a23c5e804ea9a8649e87 |
| SHA256 | e884880271bb2e3df20729e4ed50771b89c60694eaf0c7db9725af01515741ef |
| SHA512 | 93ef4a01a3e691eaf2a960b7cfa2981e0aeeadc6693c90a3e27b9f4ff3de7e0d604d1bc82f867fe9dc24f89824d86a22153ff888c460b32213949083d4335f36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f8901b2c8110f3fc5d116f0e2d235eab |
| SHA1 | 81bb74ce6f68608c1330dd77c1e0ebeb3bb27d4c |
| SHA256 | 7a9dc20797d347fcb6f69fff0514c1870ea08ab87385cffeed65fe36a5ebab7b |
| SHA512 | d2f18ebb754e67b7dc6f96da8918a299d4af4175307e2b18415e9c15a58b2ad4421e77f892a5413f3e18abdcda93c8aa0dbbb2456b4b21ab8aa6d5fd266c2652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b2adc37881887374baf7c228a47aa4c |
| SHA1 | 24af24f9a574455614164c53915b62269724c1c6 |
| SHA256 | f2c77ccaa6e0ae51c6f7bbbec931dbf5b23d1a20ec553f9798843614551306b5 |
| SHA512 | 33f49f8a5c5ffc936b90e6c24ce31e87645859b925f40fce0df02eda747955074022c77d1bd8e36478ac53239a42612013387d2a67e72e14d6ddb2a5a911f31b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be8e562d024f1186ce20c051ee1f6bbd |
| SHA1 | 3f13075781c0fd68b0335d9a41bfa508572cbb99 |
| SHA256 | 62dc03ba3c26d21e885d07c13727ada76bbdf5645cbd6e5eb4d8a7eda90d0b33 |
| SHA512 | 983dd9d9d2a399d447333358cc3515709728c24374113f07f17c5dd40071acf04ca5f2388f4b332967217a9f0f4f7de53e255cc80e92545a12588922b83c056e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 115c95f43a5a4c0726a73ba963a50371 |
| SHA1 | 59e1997fc3c1eff4410d3b740c87b1482dcc1971 |
| SHA256 | 1e748ad21348e8fef2a31465cf3abed1930df9e2263052054a9dc2cc2a9d60f1 |
| SHA512 | 866e80238fc02e787b86cebc637268c83b9fd35ccfab127891ffd27b3dac8d5cf3752ed4bc858dd4f41073d77289621b786bfd55aecddcdafdee8a2b817dfffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | b993d887fec94e447758397e2b766899 |
| SHA1 | db60598fe5c21878f29fa07b51bf04e443598cac |
| SHA256 | bbfd530b693edf2d384d4c22d18a2c927d709d8537361113917413341b8f664b |
| SHA512 | 0fd853a1956f3619ef8aecb705cb04e74f9c54a28575ebc42a904dd53f437265430d99eca13b8e233e665165f9ebb67d3ed6652e7bff87425fbd1aec458f1a8a |
memory/5224-2824-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2825-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2826-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2827-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2837-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2838-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2839-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2840-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2841-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2842-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2843-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2844-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2845-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2846-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2847-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2848-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2849-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2850-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5224-2851-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | 4de674e08ea9abd1273dde18b1197621 |
| SHA1 | 7592a51cf654f0438f8947b5a2362c7053689fd8 |
| SHA256 | 56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63 |
| SHA512 | 976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ccccc2f-0b7c-4b3c-9b0f-289ecaf7f4af.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a4a4f894b30a13cb2405c7fcbe011b36 |
| SHA1 | a0bd7144804bb8e667282ff598ab05117ed9c78f |
| SHA256 | 715d0e923e3c4920118f8c67325548f9a3a2edbb1d8e95ff13380174b6a152e5 |
| SHA512 | 01fa64d96408cfb722206af782b2332e3a2783eb00fdbc8d2b32ab77374e48d46d8f0347aec3705f3b7434d552b91f6c2e3b2bc8ee579fe59c3c854acd650361 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe5b866c8b80eb51eb1ba73dff610026 |
| SHA1 | bfcf4958c70b5884fce87ea09fa4dd68f254add1 |
| SHA256 | ca5fdede57795618c2f234d8638facbe1c440e7f587e91442f24159111683ef1 |
| SHA512 | 69dff1eece515f4776840f46173f2d6d38dbae47f4dbcb37bb747aec6c1b13512c5e004ba1290b2556e452f5de137ffc15baeffdf7ca85f6747a04e6cee1a746 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7589ed42b35c38b39c9222ab49c33821 |
| SHA1 | 243d5f18ec88fea02e2155f2cf10ac82eefeecfe |
| SHA256 | 1b8c68b4b06a42c3e168dce84771d7f51bbe0b6e3d12c6f6d70147100d9bad6e |
| SHA512 | cd0e0985e0efe0bc93a32b169e9981f3170fd9e9d41da68ac38d0433b049afac8d7de39671d77e241a4cd09831fbab8ff9e53f6a3d219abf95725df36a4027ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f38ca5c22dfac61fc47fae664e9baf0 |
| SHA1 | ee411b1e48eca2d8f0872bbdb3681add1bc0ca3e |
| SHA256 | 95eefa507cea3a688dd6a6ba2519769f32c1b626ea84de5a1c5f57e43ddef6fb |
| SHA512 | d7427c670fb01f03fc9cf441a6636daf73defdc9c45e38a527c31bb2a5a0838ee5d83d24d9a803c5a958fd3556dad4c34591c976a0f148291f11fa2c0c54b6eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c07ade10adcf6586e4c2110dc7325c7d |
| SHA1 | 1755efbfe151d2b2a74d78f2a6b365b47d6cb977 |
| SHA256 | 12474c2dbf4f2912ff54a46f12a61862a50092371f9ca34b848c75377b6cad99 |
| SHA512 | 0b358c53b75e5a4a371e545b6e01cef1f1ebb7837bbdb2479eff0e1fe94f25904ad150b0555ee50eaa3dd34d68b98eef9bc923dfda744e075e36ea28382ba715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5aa97395206b5a72579929380fe8ef7 |
| SHA1 | 17582147a2c5dc8e7fc81728bddb03059207595d |
| SHA256 | 7ab2281c17980e63219eb5817520c45100455301d7ff569aa6e4a8774bb87dc2 |
| SHA512 | 80d22fbc51288dc5519c157379f78567c4de068d707172f3284cfca0e9cca721ce2bb1fb2af23a4bdd4c094cf6d278f36f02636385e53d61dfa7741a99a5776d |
C:\Users\Admin\Downloads\Unconfirmed 873044.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b715f9088b48227c0cfa909b47e4738c |
| SHA1 | b54ea804cd40ce09d9a9cb03c49bc16b161d61cf |
| SHA256 | a5036e099860f2c4f59c8af325a7bf5dd9b86756e4477c07201a36a6419d316c |
| SHA512 | bcb1f965a204f5c47ee1bf00532153eb42df173d4fb45f1db2274c92d716e14cf8d6dfee65a4d8daeba28450548f9d36b49ba0b24c430b4d6c739be8b1b97440 |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\Downloads\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbe71f7a121f21f5e780a149696c4bd8 |
| SHA1 | c676c8278dd55441c7ad91b60cf64f2b8a302364 |
| SHA256 | ee3088ce3c49d084e40e7b32701930afb249780abaab74d8d469e079e068fa5e |
| SHA512 | a815668792851835c06dda855cf58f947b0a742ff3e1b2f9d351780afd032d681c65197450e7211735e860eb0345d80a9960c657e2e128a8bac42111f1a767fc |
C:\Users\Admin\Desktop\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4af6f58627e2df9e49f9f1d9bcc93d1e |
| SHA1 | 6efec1ac3c9dfb0d552abbe4cc9f6610b6e6e5be |
| SHA256 | 0673677afb8a7717a51d53335b7094256354df304411710abb5af489f8a99b14 |
| SHA512 | 1ea6bbeba80d5d9ed2ceff24ceba39b4017274592ac62ea5349e607a042cfc86d4f8cd60e533afffc194db7066b32839dbee1c5c5ced0e1f5a2c71b212e5ef7c |
C:\Users\Admin\Downloads\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | df96f0a1d0729243e3fa20a36378d2c5 |
| SHA1 | 0d78c878776a810dae6f888e3889e002d2c066ea |
| SHA256 | 39672ddd0cb50cafbdc5f35c3638409f77f84a824a5486448f2d1808b86e975b |
| SHA512 | 9b45fc6c9893b515787cc0021411492b6d4c1769857b7eba18bffae58d5a309eaae96c9dd2ec85d81eb096ccf68fe896308ff2736f849cda31d01037ccf7813c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81a9a6a3d4c55166fa471d1b6313c602 |
| SHA1 | c6c154901f095ed061a7877098456d076221ae0d |
| SHA256 | 023cfc2bbcf2553011a7e84861a53aeb3ac19e94f53d1e7be6d582ddadf89edc |
| SHA512 | 9b8bc2f192c9a70ee5a437d89b15e6466b9384aa2bf9f9d5a6131fbd991ed19a2e6e396667ea925a65eb496729deeab41b0de86a370f8a021123868db19aa3cd |
C:\Users\Admin\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\Downloads\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\Downloads\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\Downloads\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\Downloads\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\Downloads\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\Downloads\c.wnry
| MD5 | 383a85eab6ecda319bfddd82416fc6c2 |
| SHA1 | 2a9324e1d02c3e41582bf5370043d8afeb02ba6f |
| SHA256 | 079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21 |
| SHA512 | c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252 |
C:\Users\Admin\Downloads\s.wnry
| MD5 | ad4c9de7c8c40813f200ba1c2fa33083 |
| SHA1 | d1af27518d455d432b62d73c6a1497d032f6120e |
| SHA256 | e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b |
| SHA512 | 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617 |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a2afde1682d030866bd8ce166cdb41a1 |
| SHA1 | 5f832184fd2118939a46ab49d93d723ae6a74db2 |
| SHA256 | 2e1fd5b325359eea162557b6f1583e6c42903da265450e8462a4f2f6e73a2409 |
| SHA512 | 082b809498a1648c060b3ddceaf950dc1182199122b2311d8cd410e00c9f32e91562e132aeca79be0c198b2bd563040fedfc72aa567b06004c8ec6d1e6735124 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 8285f1052a0f0d710dbd1a66a8ec6a20 |
| SHA1 | 4adc9138fe3fe2f74fee61dbfb45517e63ce83a7 |
| SHA256 | ca45ef1526302d9ff01e1325018bb7e683b7a0610770ce36dc7b8d2fdf108d81 |
| SHA512 | 89d9a80da0d8881c810ac190fc8efb02fe4a81e5b5047a17ef1643267133af733dafe13b59d54ae2ce7c6976a0db8bb0eee8d8ab3c44ee3bdf568040775308ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97ea89ff53cf8b9cf74b3917ad2455d8 |
| SHA1 | 666ef8d5a252a92b9e953f4853769df71158734f |
| SHA256 | 8151a00ade33f0978cd31f97d8211fa8824d993f4803c312d2ffcdf4564cdbce |
| SHA512 | 77d6765383bbeb404c8db4f88935f7e9547f462db696c9d2ed23e877c5149bfe9b83577bd980dfae9d74a4fcfe19cc8b5f9e2aff235878be525e806a3883a3c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12f84b75c8ed8796009ff5ed288cd91a |
| SHA1 | 436f69c875169f1fe65510ce43a1d05c2e48b4e2 |
| SHA256 | 0a6903eff72883f0794b8e211f23a167b857ba21425ef1f8f371cf736d9ba475 |
| SHA512 | b77d331b54de0a26d6d4a097612c2d9ba63d5d438b1da39668fd3b81abdf3cad14afee2bd09c5985d0c727c9fdbafd4cd82d49666d7e0c545ea88a06b79849ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ea548f6b78a7acf2380faddf4e33af6 |
| SHA1 | 1a989163c204535a40a88d67e4ed8e4a6d73d05f |
| SHA256 | 201d701d9caf2aa18c71aabed50e32efdf928e114975f8d03e84126ca8b4f52f |
| SHA512 | 1ae76f2e6b2480cdbdbf667973f3002fd8a464f0d3b77dce3b24dcc60365b20fc2dfc2dfe13469e9c15f1d7b0ec3df630f93bb416450e1ad75997f7b7232aa5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ceb8469019fc458d3354964c92205606 |
| SHA1 | 99b647b96bae1bdfe81c14e89cea4b4875aaa422 |
| SHA256 | 4ea36611b930f8b8938e04a05405d0ea64f26f28274590de592096aa50071cd3 |
| SHA512 | bfa8f5abd5f09f874f544dedbb62b5f2ae784360fd0ea038a9e0790cb747d74bc41102f0368103414bb379e64304610e22706b52c6414e4b07d7f22c4043ed71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c767bcd374c6ed916a3bcbe9651cd19c |
| SHA1 | 1d25ef6f716eb7b320819e534462de8a14bc2b5a |
| SHA256 | c247bac7bfe23cc003ee092974b8044a0caf54a5791d5df80fcadf7ec5c6406f |
| SHA512 | fd6f79263c840cda85c654cbdd871653e4d53c7f93c536c89dc7d63919d5a0fab01624a6a65b131879b2db1b3551af35e569ee91669817b99ca43672d244280e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 795e4dffa666c3796a508f6885813dd4 |
| SHA1 | 231100dd503683954a2a7a24ed1842567aa4cadf |
| SHA256 | d6e31212d041a2e6a9fceff4f5db8c93cdffbb84038799fbd1a71edbcc25d944 |
| SHA512 | 629fcfd2910beefa91138e3862d71e13910d4ec200615c5147ebe04cecae47a7c1dcb771f9b1b7531ff502f01c198fd585b4de55ad39eb295206c047bc36bc7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64f2b31177b8f2212baef92e364d599e |
| SHA1 | 802eeb97b97eeeae79f223775b4bb22862b34992 |
| SHA256 | c3615f7d4653ae65d9e4375aa24eb2f22f47a0d8fb9932bc83eb630f8d675434 |
| SHA512 | 4e70468dc90a8dd8d32cb0318f13364da4f491659691af65d320a2380f4d4c6f735c34941454dc6a827b6d362b4ee386e4a4aa8d3f99c02195abaa60302c5b9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a47977045a0a32d9d61e89236f038f04 |
| SHA1 | 33c81e1a014c102300b163aa52c43533c2e5cb4d |
| SHA256 | 18eeb8e0d802978311dced5120c6780f75a914e937799ce74127e34033fceed8 |
| SHA512 | 917e7a564fe5f829c9665bc74159871063aed77ee403a689c818144b7224bc3630111f1c1b55776006e90826aa269e0a8c1fda19193c8f52da299978b95087aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe63096c.TMP
| MD5 | 49242e9f017a993a295eae7cd5807315 |
| SHA1 | 10aace44b26124b54804aace04c9923ff4ea778d |
| SHA256 | 821f31d16ecace1bfec71b8616f724f2e938fe8a7006f2d57ed1f08770ffb1a8 |
| SHA512 | f9b517377e9d6cf9e4fb9fb9e872ba8d9abed328d510aa54deee26f5dd713543f0cef0693429d1cd81a5403606ddbaf5775d8101037cfa31fd9fd66c9d0891da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31f1f7177dd044a1a60526aad86f8bed |
| SHA1 | 01d590625e2421c1d23003d5aa40aeaead5d5a50 |
| SHA256 | ac2fc86f4aae258df439180265840c7c4b70f7fd056b2f8fad98f976393e43ad |
| SHA512 | 65527f0ad45ebd3d95891dada14b7e2cac3632b601c7c8c979597f9b1125624fc139db33bfd9b7d430c44aaaefe503f82e0970a8a70a063f0d662404a0aedbb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09bb1e119c951f16311d6ed936c331b7 |
| SHA1 | 383bdeeb37e1c670c3783d3eb1623d14acea169d |
| SHA256 | 8789215b6ee11c64b0503bfa302d5c4e96381b513d61242678dc7c509b00c0d5 |
| SHA512 | e404a593c2e5705d3b7fe01f9823b275c217d130ac0c4712e9e65d78fcc844e43fd5fe29c8eec285f858358d5f58e146906cc18b80848f0b0a4b5c394d8192b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e4d5c4bfd30f635f2c916957d6215b9 |
| SHA1 | df8885b710abfd899005590e2a90e967a2ca7132 |
| SHA256 | a5650e29e587afb390f74245ec9e27aa75c85f305bb7afcdc1c86e58d942dbd5 |
| SHA512 | b71cd412e5d3cf488b66544ecfe161794a41f06ed206e598c98a6c5709cc4ad12a20e5f3c058666af62e2d2a49415602753d3834d94813827f8f94bbacc0e7b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6a35ffbadd96f4f2626d757d59a44700 |
| SHA1 | 636f0492427881fe3a71c8e44d9ac74d4af433df |
| SHA256 | 8bb194be4415b0de76865dc850e1d7feb17d65ef7dc8fb8fa25376074b8f1f88 |
| SHA512 | 02800b66b6ce6fb0b2e9de2f95cf079d775e272bb56fe643b8df69036ab39057eb72c9e797f0fd2c760c8030ad4f37947b95349e36b39a320c46d6bf09eb48fb |
C:\Users\Admin\Downloads\b76b9f0c-370c-4e70-95a9-0e27e8260785.tmp
| MD5 | 4b318671e6013f704673c7cdc20426f1 |
| SHA1 | 7e64e2e801b7fc5fe2fc2b4892bd16ee2725c5f9 |
| SHA256 | af70cc610375a12cbfbda6396069e6a5d58ecfe5bd1c227e129b9deea3b41d44 |
| SHA512 | aa3f0780b8695643c3b20f2087cb99710b31c2f9c7c6111229b5629ab9b7753dac733a4d0fbad51a82768f4016afde54c3a36bb926dd36d43ae3d1c3a2006ae0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 709ab5216393c65449894fe5002ed45b |
| SHA1 | d246f47870bd574176f171011d773f45c8ad9e0c |
| SHA256 | e4cbd7bca86b21430dcaa96669f35821d9a769451c7faa8af07f8e7f8a4bc804 |
| SHA512 | 4c78e7edc0f6d4b637faebe98cf7dc1764f6a03096822acebb0abadd5bbfbebc4d2ee8cea3f2fdac5a23182b2c9dd8a3a22476ae4611b23413cd8355df389f3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ca0424e520029380ed7f8878d670c007 |
| SHA1 | 27d6be24736499ba6d0981234b85798ce6de6179 |
| SHA256 | 20137fb9b0a6109de7be9e1ef8d766d0a74fcd41a5672a0e8262dd4dcb8420f3 |
| SHA512 | 2affe77138b87d10c515e8b0a8ccfe217006e83d58e04ebdba9907b0fb578d72ff8f76eaf8e6fce5f1710143fd08bc828bb762d5f6bd5fb2b8e8d9163f99d302 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a9c92019c27aefab3a794cf736df6c99 |
| SHA1 | ce24c65a46dde00c7bdfce6fb0396d41f90832ee |
| SHA256 | ae3fcf0995431762f20e502b44e933271b95a604226bf2f42a00d3c94f51a3af |
| SHA512 | ea1ccc58ca37c54ce3ac61f642eb25c02ffa4c07bd4be58bbf0bcb7f99a7268d782897c3ba5c3c81011883f41c8ccf4f0af1609ec9b27ff33653138929d852cd |
C:\Users\Admin\AppData\Local\Temp\is-9Q8NB.tmp\cockroachondesktop.tmp
| MD5 | c765336f0dcf4efdcc2101eed67cd30c |
| SHA1 | fa0279f59738c5aa3b6b20106e109ccd77f895a7 |
| SHA256 | c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28 |
| SHA512 | 06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ec46f80de8502bdece39a8c97af3be4b |
| SHA1 | 5525aeb380fdaa7b4646469c99abcbe3681b691c |
| SHA256 | 818f4f4cc19859338a52b4547f1cb944dd81c17c3da7a99e4b64f8191dfc1b75 |
| SHA512 | 53872d3b8c4c0b8dce404743f8dfb9626609b7933a7c62c7504c6c625c82b983385e9cc623c50d8b03519ff833ddbf64a0018ee65054d69eb22663a3672ff9a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cafad105e9ab1f41bf525c3995bc9d67 |
| SHA1 | 444e12f0fdbf0f820686e1c7a18741a8a79aecea |
| SHA256 | 750085954a8436bb6d7d49ccb6a61814cdf83a8fef4faa197386e355639709e3 |
| SHA512 | 83fd48bb1049e0dc8d5fc73799b684de493587cbe998d09c7d84454acafb8a0e78168bc7f39bb86710ae950aa656e88d38c0dc3196e0675f6879b40c20c2e869 |
C:\Program Files (x86)\Cockroach on Desktop\CockroachOnDesktop.exe
| MD5 | 7810ff23f876f29cfb57b5682b978947 |
| SHA1 | 3752b2236412acca972f90c527a93b65a2f74072 |
| SHA256 | 3a42fea56a20ecd96ce04e358460e6c0d1fd78c62fcc59e3e5d5373b50abcc67 |
| SHA512 | b37d02e913b94536f7b979c2a4ef3b420327bcef6b3f40b3f4c26d4d28316cd8ebf4f1ab11bd2430cf7c8469c20f0e312eb1972c92d79be874c4adfeb77cb00a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0de154d16c4d18b58a3aa2c591437961 |
| SHA1 | eb0a4115c26afbff1c4f1f861015af763dd0022f |
| SHA256 | 7713422e82a92ea7db07fcfdfe13c7f25d2f6df88b5cefbcff30f853b8eafafa |
| SHA512 | 18a697761a15e4296fcf9a71b83243ce29c5c88f65a97441be7edc15ebd824dd0bd3802c1f3cf2c3ae71488a2d834109b6687c643c2c38ffe0c700d90e7262df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b0f4116d26a6d21d921705bd0a4936bc |
| SHA1 | a164265380fef36b0a943d681c7d64cda6e7542a |
| SHA256 | 28d22cbfbd91caa86cba6cad27370bdfcb64e09580f70b00bbbab208aaa11ba2 |
| SHA512 | 2932ce48c6711537feeddf09831f3570c2dfc4a1c4905b9963910ce3a70488cccc51d74a5c3710a3a6a048620b8de058602b5ecb62a01eab199f601bed752627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e3e190399110887969b71440548baafd |
| SHA1 | dd45a04036282c1e57edeb4741467143fc0028c5 |
| SHA256 | f0ba08ed0282b32ff0daabd9bcbb319c34b65b80d035ef82f76361d59d0ae7cc |
| SHA512 | 57ea698e8f77099930e23104576c3cd4ae0aefca64ef5446ea66cd6ec53a9c9224256f93c8712cbffeeb2dd343037c6ff4a94ff2feb6e52d3dc636bf51383cc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d66212bbd8b0c2516d27f0782e2664f4 |
| SHA1 | 7ca45808a8055b4adad91b3ce9d83e18e0e9b08b |
| SHA256 | a9f270cbb461401391ff4f497db594c9b008b659c72ef9031b328ac3c1da3052 |
| SHA512 | 08ef5d799d18e5495e4920a40f2aeaf2745909f3f40954bf1b09c8ff0925ee4c9e4283ced6f2bcac54e55d08601a7e71e0474f1890dad562f8b7637e50336307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1480_1283031818\d517ebfe-f506-403f-b99b-b69b96ee6fd2.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1480_1283031818\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 24ef535920b45c97f43f600968bfa988 |
| SHA1 | 379319b8618894cfdfca237f57344ae8b4bc48eb |
| SHA256 | 612897bf420b5378458251493e7ea9c61e0232b4bf5743403f52be89790e2541 |
| SHA512 | ba5276160fdb691a037e83c81b3f6a9a0360afea27d141e7617e928afe0c8e842383f90d98dcde02591b586f1bedd9ee8d5c754ce4432200a082550571531686 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e5e903edec55c7b6adc4d0ade95de24c |
| SHA1 | aac536143c27051aedb797983a69347e891e26fe |
| SHA256 | cc11d3af79b2bf3797bbea5ad40deed2c78f365506b9559839015679ae34076c |
| SHA512 | 2422b1e4a93da440517ef5bb153f4569a6068c62292210ea78213e2d7c49328e47ff76aa382af8c939d1dbf8c207910dc3a0e1a5e3465e5e16f43bbaa17d4500 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 95726b0a08340e91aee408ecf393ca50 |
| SHA1 | 3312c03b0309dc941542e9e731bd93fffcb4754b |
| SHA256 | c2436fee77b8f0561cba8f19135c0581d94a0c5be97c6e0fb2e5ae6945ee9092 |
| SHA512 | d374ad8d0c16a10fac42735c004e03619b3db97f143d5bc3b1aedacfcd6f8afd323c774c7301e6d4fcdd8cbfadf5f5545ea585d9097e6c18e7a537b3d59b5b3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 902cba753099757b1c567384b8a88b6e |
| SHA1 | 14a4d666d0df6402cf7c5f70723866aeb23bd58e |
| SHA256 | 0e5408c5eaf11b054de83d6c2679fba24c291e232dedacc97dce22241e8bb5ac |
| SHA512 | 47112bcf2838acf70ca3c6e4716273a8e7ea2125b712e46d92edf9da7fda53bebf1db846d921b813947624801e6be6d369d7b5771e46be1244677c435b04a8ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e5e1fc5d1b77848d9875af10bf9e0c07 |
| SHA1 | 72399bae3c7a18d8fd891bf0fdc4318d65083462 |
| SHA256 | fdbfc154c00244186a7fffada83ed85f52f551f46450a0b35e5676f133a7d59e |
| SHA512 | 9d913c232c4c54d0e00d04a33e555fb80bdc582b8f1d9483a9f98bbba83e6884b29e6ed10fe19d75a556f52d5993afaa623d0cbf406dd81c467564fc6c6d104a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab4665f2c8e08d422c81839b67588a62 |
| SHA1 | bc51ce9507647651e59aa0ec509c1d96abc1305c |
| SHA256 | 49606127a9d3948fad62f68fb09d579484e09326ae9a613b2508c02128dad9a8 |
| SHA512 | 2b9b60faa442abac512f8ec9a0a46afa6699c79d7c4837655cda7f898af46bbfa5f99315d898d3b0a5d5f2e3baf59d7233e4326788232a22b2011b8f0b7c26ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 77e3faf18ddbe0fb7e722070ad2598f0 |
| SHA1 | 6215604016b559012dd77229b50afc202cb92be1 |
| SHA256 | 8411def661b79e44b472b3422283a6a566b99ab172fed4da8407f78dfc187cf0 |
| SHA512 | fc72a3572035c33dcb5f7eba8eefa34eada3e1c5b9b7093ffd878dac718324234afc222e9ca3d72ce58a90bd1744c31fed7da563ff334a35f9c3be5f60d0d14c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe67067a.TMP
| MD5 | 792620be31f035b957ca9d03b960ce0c |
| SHA1 | 9a492be747d019f5640e1df3ad88267efe7f30d8 |
| SHA256 | 2b058715c3ec6f8691ed417b056342027520c1e35f68b07f5e2a487471d4ce61 |
| SHA512 | fc310a9f36de8e1afb7e5d7afe30460bbbfd4b041b6241ae0a3fe62a5424efe6531b49b8158b6c2e5819ab3527650f1e85d954313a02aa3ca106b86f057e8472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5c117560a174b4a9dabfc0e2c4320dd |
| SHA1 | 20117aed943d8b9ef2c5f2b225400b77a7d560e6 |
| SHA256 | 446c077965c7a8ff38746091efed07e00d89db79f7cb3ce3d0a379a34777bfbc |
| SHA512 | f5cb8d9836641714c17dae019f3ae58ffa903056a36229e855d50769db47c2813cc9fe3bee21aec1284868b540604876b89381c3ffcd2b1bb9036ca38d55c031 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f3bf06fba2132df650a6e2f51d51a2a8 |
| SHA1 | 3c9e161c13c2186fe439b75c01130d7c270c1b2c |
| SHA256 | 50c4f71e924e1d0e7fecbffd30500acce23662907800b027c44aced8f904cd82 |
| SHA512 | c522365230fdec9079becd7fe8d4a4b89aaca2fb5934790609db5584dc4e26651fc9f8cd7b8731656b9e76adc2201b86278a7a2c5a45e1597ac18f7b98fec983 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4a07421f7466b3f6b16afe5ef481a741 |
| SHA1 | a9d341133cdcabc5b04403ead33da91ff0ee4117 |
| SHA256 | 1f6b1c0e18d1a55282654b3d4da815db23a5a6afdd4e69a74c6bd00f9620e05c |
| SHA512 | e03afe428deed2a18c4a17d0e712e7d1e29ccb5bf333c116040da4299c32f08bdf4f9a0f91afde3ab885f879efb56227ae2f6427523bbf2d02be896e03266675 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5a226fae736df7f318892a033b06f8cc |
| SHA1 | 36fb06aa2d08e2f26f752bce8fb23f9ccd3868dc |
| SHA256 | e4ee6db24baec861eb9575f6a73a34a2cbb4838ebf1d21e435fbcf8f0ecc7452 |
| SHA512 | a899c2f1a40666d3c9a4ded8eed976f73ddf6945e650777246d75b75d4c2b59daa518a7929fc507c72e66d8166c53d356be36f354c4f64230c6bcacebc285b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a56559090fed40a1d30d5a231e6cda56 |
| SHA1 | 8d2e15f10faa2f5642089c18f926f830d355d6b2 |
| SHA256 | 46d3050c5d846e59e279906af37b5633c832c4d248f0f0d81faca7ba826c3279 |
| SHA512 | 37e7d2e6100a6781fc197edd34aa9516d16c95f8905bb68674b094fe778ec0f91412e554b8a3982c16bd60ab1942dbc88f5b3ed931a0470cc2e5a16d8f15be66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 281391b658015c64f26b398f7ffbdeaf |
| SHA1 | 611f217e6e7e7ef25f0d1a7304ac790ace59c5a3 |
| SHA256 | 43f018555a166ba41be3f93f1155e812e0b3ff50662f08bc96085db3d1e2cecd |
| SHA512 | 5afb2f64f61a6da0256d7ee67d63389dfd3aff84a61a84f2321c77ddb06bf868aa047f37d7be012bdf1e275d9891a74fc0f0963a63f7273956b256b8006089d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe6755c3.TMP
| MD5 | 8b1cd9e4c5a4fc09a5a4dda442e9af46 |
| SHA1 | 8a112692d1f974a5ca8e6ee025e3c72736b10b7d |
| SHA256 | f949c7da91f43823d5a1957e93049efbd8f1c34018f5c1b87f1b05a52c0e0f84 |
| SHA512 | b3954b59f43ad2e689eaadc52ac97a874d416ccd3cdc141a5957c82439c2198b0d45bbae98da4136c327474cc3bd784420c846493a9c8f7b8b2121ab703a4611 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 94fcf864a6c2e22aa5705051480b6787 |
| SHA1 | 89e982475a160ac64f1d1f7aef0a7c340ee43a6f |
| SHA256 | d4e5ccc3585694b8e7fe6cc31f122d06ecc5aacd86ad4f96d8f76907a26196e3 |
| SHA512 | fde62f5cf82d6073fc0aee039b98ad7cf790145970b13ec78f8bc8255ce8584b95302f0fa3b6669d024ac2f5d7571109fd358a011fac47cde948b09bee91d103 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7f83443623de3b0c1f128b08810538fc |
| SHA1 | 991adec5e5622cdc96d334e984542691f4f1e1ee |
| SHA256 | cdda2eb9909d9fd2e94e266a6a6d4c93eb5a412ca680c9ec723aea335de24fb8 |
| SHA512 | 4ffa7b58e8b5a28c3d64f44c84175cb5a82df663f790ae8d9ad7d5e6878162560a2ed7827f05ba405dd236e133ce3717c00b66c4ce998413ecbbce19c6e4ed66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | df8dcf8a5b73d145a97c421bd9749a61 |
| SHA1 | b5feeb5172cdf0f0d2e5560cdd5694aec1c5c732 |
| SHA256 | 3dc54e8d2b52647113051e5f1dc3b38016859a269bb8dcd17371048dc7ba5a36 |
| SHA512 | c6f1cd31d53c2e88410528c681a56acf5100720624db97c03060d4dd5dc05a055fce068d4d9e7cdf484189af534b236912af2cb2d95f355c14f28be05e1a0827 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db5aa305137128dc7d489fd3ea8ba106 |
| SHA1 | 498f748a159c4a08a00718fe3283a209322c5c75 |
| SHA256 | 866399c1e72dc1f4e3563db8227902b972e2300657e7ee2ebe405a9e127c38b4 |
| SHA512 | 7888726925f5b74daa3be37042ccf1ab6eb5a325a480fa013d6bdbf063ff7ceeb82ce25f0a0e660c2d8723a7ebe6551fe31609c9c54150ec07866b8307b2f45e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | ab6ab31fbc80601ffb8ed2de18f4e3d3 |
| SHA1 | 983df2e897edf98f32988ea814e1b97adfc01a01 |
| SHA256 | eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8 |
| SHA512 | 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72ef5febd1bee6828e82728a173fefed |
| SHA1 | 786f07f4965a0c7bb8f5d4e3b63f92c970d67c1c |
| SHA256 | 6907b71a2e58caef300550e0e7739cb1be6ccadd8c1c441c29d7eda6e4ca832d |
| SHA512 | cd7ee964fd787aed2a59c665cc1b142ed8c96104e0c7468d9eaad47da880b877ebda9be23f5cb9f94df8d9599b6d877b1b0df7f4d09d47c261678109324ff59b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43b1410c028812daf8e32b79f81d75ff |
| SHA1 | ae7081676c8bb19f4c627b9c7ab8572bc147c3c7 |
| SHA256 | 525ead80268effb000c6d4fc16c8cb6a8b8c3f3ee52ea9256f88d6c60741aaef |
| SHA512 | c3f1cca313aaab271dabc064879d3763b4c64b3ec6d3b6838fc1f94a40ae1b233e4c1c4b7e7f811a14de625932170bb2722ffb42e6bcf885c2763bff10eb8e17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a79f595659a5afff084ddfd63ddc26fe |
| SHA1 | cbd934457cfd8ee5342e225163e45786d138f388 |
| SHA256 | a848b5ee9642b4198504cb254ce65f38f2234a790e50b94db9d2456a634d9b00 |
| SHA512 | 03c98cf8625c9795bda103b6ac10cd68bd46218cbf8580e0d6c70bb2abfa1d7d4203a35e080c78c52f9293243dd72945da038d44651408a9842a69805c2b8f1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 34e00781015217c8c406831c79c8c412 |
| SHA1 | 7d9f44adc0d782da96c23e4109772df6e633c554 |
| SHA256 | 8cf2c19b98ed170454d7fa289f3ff2797a358740c4e2ee247b7d838a160e3e67 |
| SHA512 | 2b28f5163bad45cba28db5e16f552df2d6d8a18ff7be4d8e4dc1a3e375fafb658f637a9c9edbe2d03489314b5a449f66b018fb73f239ed1e7b7cafde44dc5eb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11977c964043de556a18f1296e94dca0 |
| SHA1 | e00905924bd22d5b03b0c2ab1dda0bcb7d01917b |
| SHA256 | 77807d42a0ab5edba73daba66442879e385e43d6a3520dd983e99281fc28de11 |
| SHA512 | 5238d19e45cf5edfe9fc2b2d995d5db268198c4fe2f5836179411e501c58aa701880be609b0e006c4529441c42a7d0cd1e209bd3efbcc2604c532c5b956c782d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cf8e00fd0d426356c795f6841e8addf7 |
| SHA1 | 986d0793970235325904541a769ea2b8bd295faa |
| SHA256 | 9d75d3f4bfba7f7a6b50c6fb0617ad8e1c193036a9fbbbfa1bb2719e84e62835 |
| SHA512 | d430ab50b3c48101e9dfa4d04e24a7c12723ab19ac71e5c3d9ce884f8b9ed9cb39ccdfb24ee6a539a57b27b6490379d4e4ee46cfc14141f79df7f7bd0954fadf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e22ed20bdea36676babd3b9a67d297f0 |
| SHA1 | 08eb8a7be01081f5bf908e72d3d9a5e8c71927a1 |
| SHA256 | 8bb39e282f7668e0354c17b3ce51f66743a6968d1cc0cf54e4523c5325fb3fec |
| SHA512 | 04958d2ecafc3598e2aeff1407aa630fac47e12ddab4fe7109957a2be861ae375657231d970cd15fda61617f7c14aa14c8d3e94a0bf617a7ad9a2191a9eb8c81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2586cad84f42dcf6f2180db33f61616b |
| SHA1 | 3407b4fdc87a390b3d711ca3e481e3d2e179c389 |
| SHA256 | 6f18a7eb0d9be21a26a389306f2600c1d60f620ff6907cb43d88db130d024ba3 |
| SHA512 | b02301417174942f48ba66fc7193276f935c160d60ea1ff80933882c256230000017f41c33ac1cb4a406a7a63876e131c598e592758c31e019878c9737437349 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f5e93269d3c3602a8f25bb14b53a7d7 |
| SHA1 | 740d47bfa2c3235755c1978fb4cf751ce52d6f10 |
| SHA256 | 3316d4305a3477301559f9e3d6222be7b7378c1cf8a320c2a33784e3331d4b6c |
| SHA512 | f0d4ab291823c40edfa7175430a99a6b3f3595edf3262d483c85967ca3d85eb710843c735f3714eb7e666b8039e334d9a0e91fddaeef84457b428005a11b21aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | edd063352b983339973fd17ff514295b |
| SHA1 | 39edea4b25542b8a15ae57a61b65f3b9b13e9b83 |
| SHA256 | 1a7fa2da243865ac0a16d1296a75ec74334d05101649bd6e083f0543222ae991 |
| SHA512 | 7b6b2a3cdb09abbf4382a886f576e9fc424faf0a5ea260385ee4759c4a6bf39232453e42d36ed9d14e8a6558d62f981fcbf1231718f14be87f4f4595ba496e1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2360a7d9269814c9e5eaf24219a05210 |
| SHA1 | d2a33c15b7ea680af22099b209bad929e8423b9d |
| SHA256 | c72c958e2ac918ba511d3aa230aef3d810985e48c09efd7f6e60a512e2360538 |
| SHA512 | 2ae88d9a3d8c3a4507f6b17b71b9c2f176356b5c0a40c1ef163ae8ae60fbc72c22a47468e15d670626384669f37315e762145200066f41f543f86d87e40debf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ba95f25e440e1be36e77add5bfab6fc2 |
| SHA1 | c71a4dd074d15765437ec27ce628fa413c30949a |
| SHA256 | cf42ce3a3ad2167edd12fcdae5b5a5c5d3c935cf61d83e37b64b80de1adb5b59 |
| SHA512 | 364ebc288d6722091c889788fffb1ed492a968479dad00491eae10176a1ba26aa752b4faaf47c233852b3e8dac7261ac1401a63566fa7ab01f93e827eaf0b2b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6e4a2eecab716f5904d664ae46e6c377 |
| SHA1 | 2de0951053673e29a10c5747cab71bff4f794073 |
| SHA256 | 2384bf77efec134d4aecaf4b62599dc0ee69620b5f6ae12b20f65a2bc14ca883 |
| SHA512 | 0e3754d832e0a36ba55e657644a27f678bb365ed0f272acf28b1ad5acc0136ed682db3d785ba406cb7225164808a89664210ac32d37d8bebd0089c26a60e9c6d |