Analysis Overview
SHA256
7855bee142c5abc5a3aa7f58a6a43cfb85df05d94fbb3a07bfe83cb73cf81281
Threat Level: Known bad
The file 2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit was found to be: Known bad.
Malicious Activity Summary
Wannacry
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit family
Wannacry family
Renames multiple (640) files with added filename extension
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Reads user/profile data of web browsers
Deletes itself
Executes dropped EXE
System Binary Proxy Execution: Rundll32
Loads dropped DLL
Modifies file permissions
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Writes to the Master Boot Record (MBR)
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Checks installed software on the system
Indicator Removal: File Deletion
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Sets desktop wallpaper using registry
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Browser Information Discovery
Views/modifies file attributes
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Modifies Control Panel
Suspicious behavior: RenamesItself
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Checks processor information in registry
Modifies registry key
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-06-06 05:05
Signatures
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-06-06 05:05
Reported
2025-06-06 05:12
Platform
win11-20250502-en
Max time kernel
425s
Max time network
432s
Command Line
Signatures
Wannacry
Wannacry family
Renames multiple (640) files with added filename extension
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BadRabbit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7ev3n.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CryptoWall.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
System Binary Proxy Execution: Rundll32
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-330179853-1108322181-418488014-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-330179853-1108322181-418488014-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Indicator Removal: File Deletion
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\spool\PRINTERS\00002.SPL | C:\Windows\splwow64.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPtwwwsxgnvi50t_gb8dzr82fsb.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PP97m4ue_gtcwrpc7hri9az1fpc.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPhaqkqw9iw7okm4eqs9jlucw4d.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SETBF8F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SETBF8F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330179853-1108322181-418488014-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\g0Bwcr1Ri.bmp" | C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330179853-1108322181-418488014-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\g0Bwcr1Ri.bmp" | C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\empop3.dll | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSINET.OCX | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Reg.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Apps.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\SSubTmr6.dll | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Intro2.wav | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\fix.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\sites.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\speedup.ico | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\msvcrt.dll | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\p001.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Snd1.wav | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\menu.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j3.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Uninstall.exe | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\favicon.ico | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\help\SETCAFE.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\zh_HK\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\ur\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\ka\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\dasherSettingSchema.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SETBF8C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\lhsp\help\SETBF8C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\eu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\zh_TW\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\offscreendocument_main.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\fonts\SETBF8D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETCAD6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETCAFB.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\kn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\ta\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\lhsp\tv\SETBF8B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\lt\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\is\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SETBF8B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\occache\tv_enua.exe | C:\Windows\system32\rundll32.exe | N/A |
| File created | C:\Windows\msagent\SETCAD4.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\hr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\fr_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETCAE9.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\id\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\INF\SETBF8E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SETCAFC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETCAFD.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\cs\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\mr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\sl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\en_US\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\msedge_url_fetcher_4360_1418293422\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_92_1_0.crx | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\fr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\mn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\msagent\SETCAE9.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SETCAFC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\kk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\msagent\SETCAD6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\offscreendocument.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\nl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\iw\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\en\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\hi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\ms\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\gu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\lv\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\et\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\ca\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\sk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\fi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\ml\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\sr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\my\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\hu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\PowerPoint.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CryptoWall.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\BadRabbit.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\PolyRansom.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7ev3n.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\B3A1.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7ev3n.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330179853-1108322181-418488014-1000\Control Panel\Desktop | C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330179853-1108322181-418488014-1000\Control Panel\Desktop\WallpaperStyle = "10" | C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133936599394449958" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCommand\CLSID | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD33B25E-E99D-40C3-B5C5-7F5C3F130777}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\ = "SSMonth Control" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\shellex\PropertySheetHandlers\CharacterPage | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs.2 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtl" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330179853-1108322181-418488014-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\1\ = "131473" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame.3\CLSID | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\1 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE11629B-36DF-11D3-9DD0-89D6DBBBA800}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSRibbon.3 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4F2C1F0-6FA6-11CE-942A-0000C0C14E92}\ = "ISSYearX" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.2\ = "Microsoft Agent Control 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\ = "IAgentBalloonEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A70-69F0-11CE-9425-0000C0C14E92}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\ProgID\ = "ActiveTabs.SSTabs.2" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\ = "Microsoft Agent Character File" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD301-5C6E-11D1-9EC1-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F59C2A4-4C01-4451-BE5B-09787B123A5E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{37DEB787-2D9B-11D3-9DD0-C423E6542E10} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\TypeLib\Version = "1.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\InprocServer32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\MiscStatus\1 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}\ProgID\ = "ActiveSkin.SkinLabel.1" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSOption\ = "SSOption Control 3.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\InprocServer32\ = "C:\\PROGRA~2\\BONZIB~1\\SSCALA32.OCX" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EF6BEC0-E669-11CD-836C-0000C0C14E92} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE7-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCtlCommandsWindow" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD33B25E-E99D-40C3-B5C5-7F5C3F130777} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\ = "TreeView General Property Page Object" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74179610-5A56-11CE-940F-0000C0C14E92} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSMonthCtrl.1\ = "SSMonth Control" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A}\ = "ISSTab" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\1\ = "&Load Skin,0,2" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Programmable | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7ev3n.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\BadRabbit.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\PolyRansom.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\PowerPoint.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CryptoWall.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\malware pack.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\system.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\7ev3n.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
| N/A | N/A | C:\ProgramData\B3A1.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe
"C:\Users\Admin\AppData\Local\Temp\2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{E245B4D6-352B-4CC1-B338-B62C295D8142}.xps" 133936599257580000
C:\ProgramData\B3A1.tmp
"C:\ProgramData\B3A1.tmp"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B3A1.tmp >> NUL
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe776adcf8,0x7ffe776add04,0x7ffe776add10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1836,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2224,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:11
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:13
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4020,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:9
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4628,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5332,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:14
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5364,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5596,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5736,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4832,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5824,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3264,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3544,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5836,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5896,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5760,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5632,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5860,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3592,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:9
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4056,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5900,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4112,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5620,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6260,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4820,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=1576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6164,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6468,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6680,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6792,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5780,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6796,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=1484 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6992,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4580,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7124,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7108,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7020,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7116,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7136,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7156,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7036,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:14
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7052,i,12902869873120882502,9287615507726449062,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:14
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\malware pack\" -spe -an -ai#7zMap14125:86:7zEvent9095
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\malware pack\Bonzi\" -spe -an -ai#7zMap26155:98:7zEvent32502
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\malware pack\deadly\MEMZ 3.0\" -spe -an -ai#7zMap15991:118:7zEvent16843
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\malware pack\deadly\READ ME.txt
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Users\Admin\Downloads\BonziBuddy432.exe
"C:\Users\Admin\Downloads\BonziBuddy432.exe"
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7ffe8f4cf208,0x7ffe8f4cf214,0x7ffe8f4cf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,12016630461462573066,17300160968109481781,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,12016630461462573066,17300160968109481781,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2524,i,12016630461462573066,17300160968109481781,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3408,i,12016630461462573066,17300160968109481781,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,12016630461462573066,17300160968109481781,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, RemoveCabinet
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\system32\rundll32.exe
RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, RemoveCabinet
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b8,0x7ffe8f4cf208,0x7ffe8f4cf214,0x7ffe8f4cf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=2060 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1936,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2448,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=2488 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4620,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:14
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4632,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4616,i,13560842177096257784,17244634776611609089,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:14
C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
C:\Users\Admin\Downloads\BadRabbit.exe
"C:\Users\Admin\Downloads\BadRabbit.exe"
C:\Users\Admin\Downloads\7ev3n.exe
"C:\Users\Admin\Downloads\7ev3n.exe"
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Users\Admin\Downloads\CryptoWall.exe
"C:\Users\Admin\Downloads\CryptoWall.exe"
C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\syswow64\explorer.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Users\Admin\Downloads\PowerPoint.exe
"C:\Users\Admin\Downloads\PowerPoint.exe"
C:\Users\Admin\AppData\Local\Temp\sys3.exe
C:\Users\Admin\AppData\Local\Temp\\sys3.exe
C:\Users\Admin\Downloads\PolyRansom.exe
"C:\Users\Admin\Downloads\PolyRansom.exe"
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\DiIUcQcw\bKQAgMEM.exe
"C:\Users\Admin\DiIUcQcw\bKQAgMEM.exe"
C:\ProgramData\cEcIoYgc\WoEUUMQo.exe
"C:\ProgramData\cEcIoYgc\WoEUUMQo.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\DiIUcQcw\bKQAgMEM.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\cEcIoYgc\WoEUUMQo.exe
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vysEEkos.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\f049b39f\f049b39f.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\f049b39f.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f8055 /state1:0x41c64e6d
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 193091749186743.bat
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000234
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
C:\f049b39f\f049b39f.exe
C:\f049b39f\f049b39f.exe
C:\Windows\SysWOW64\svchost.exe
-k netsvcs
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
C:\Users\Admin\DiIUcQcw\bKQAgMEM.exe
C:\Users\Admin\DiIUcQcw\bKQAgMEM.exe
C:\Users\Admin\Downloads\PolyRansom.exe
C:\Users\Admin\Downloads\PolyRansom
C:\ProgramData\cEcIoYgc\WoEUUMQo.exe
C:\ProgramData\cEcIoYgc\WoEUUMQo.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Roaming\f049b39f.exe
C:\Users\Admin\AppData\Roaming\f049b39f.exe
C:\Windows\SysWOW64\cmd.exe
/c schtasks /Delete /F /TN rhaegal
Network
| Country | Destination | Domain | Proto |
| US | 52.109.6.63:443 | roaming.officeapps.live.com | tcp |
| CA | 142.250.69.68:443 | www.google.com | tcp |
| CA | 142.250.69.68:443 | www.google.com | tcp |
| CA | 142.250.69.42:443 | content-autofill.googleapis.com | tcp |
| CA | 142.250.69.78:443 | apis.google.com | tcp |
| CA | 142.250.69.42:443 | content-autofill.googleapis.com | udp |
| CA | 142.250.69.42:443 | content-autofill.googleapis.com | tcp |
| CA | 142.250.69.46:443 | play.google.com | tcp |
| CA | 142.250.69.46:443 | play.google.com | udp |
| CA | 142.250.69.110:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| CA | 142.250.69.97:443 | clients2.googleusercontent.com | tcp |
| CA | 142.250.69.68:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| CA | 142.250.69.42:443 | content-autofill.googleapis.com | tcp |
| CA | 142.250.69.68:443 | www.google.com | udp |
| CA | 142.250.69.42:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| CA | 142.250.69.46:443 | play.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| CA | 142.250.69.46:443 | play.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 52.149.246.39:80 | improving.duckduckgo.com | tcp |
| US | 52.149.246.39:80 | improving.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | tcp |
| US | 20.237.39.62:443 | links.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | udp |
| US | 52.149.246.247:443 | external-content.duckduckgo.com | tcp |
| US | 52.149.246.247:443 | external-content.duckduckgo.com | tcp |
| US | 52.149.246.247:443 | external-content.duckduckgo.com | tcp |
| US | 52.149.246.247:443 | external-content.duckduckgo.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.112.5:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| CA | 142.250.69.68:443 | www.google.com | udp |
| CA | 142.250.69.42:443 | content-autofill.googleapis.com | udp |
| CA | 142.250.69.46:443 | play.google.com | udp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 20.237.39.62:443 | links.duckduckgo.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | udp |
| CA | 142.250.69.35:80 | c.pki.goog | tcp |
| US | 207.241.224.2:443 | apollo.archive.org | tcp |
| US | 207.241.224.2:443 | apollo.archive.org | tcp |
| US | 172.253.62.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| CA | 34.130.135.16:443 | e2c21.gcp.gvt2.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | tcp |
| US | 192.178.153.94:443 | beacons.gvt2.com | tcp |
| US | 184.105.214.247:443 | dn720003.ca.archive.org | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 172.253.62.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 20.237.39.62:443 | links.duckduckgo.com | tcp |
| US | 52.149.246.39:443 | improving.duckduckgo.com | tcp |
| US | 140.82.113.4:443 | github.com | tcp |
| CA | 142.250.69.106:443 | content-autofill.googleapis.com | udp |
| US | 140.82.114.6:443 | api.github.com | tcp |
| US | 172.253.62.94:443 | beacons.gcp.gvt2.com | udp |
| CA | 142.250.69.68:443 | www.google.com | udp |
| CA | 142.250.69.42:443 | content-autofill.googleapis.com | udp |
| CA | 142.250.69.46:443 | play.google.com | udp |
| US | 140.82.112.5:443 | api.github.com | tcp |
| US | 172.253.62.94:443 | beacons.gcp.gvt2.com | udp |
| CA | 142.250.69.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | bonzibuddy.tk | udp |
| US | 8.8.8.8:53 | bonzibuddy.tk | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 8.8.8.8:53 | bonzibuddy.tk | udp |
| US | 8.8.8.8:53 | bonzibuddy.tk | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 13.107.246.40:443 | api.edgeoffer.microsoft.com | tcp |
| US | 23.219.82.10:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.40:443 | api.edgeoffer.microsoft.com | tcp |
| US | 23.219.82.10:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 172.67.138.185:443 | bonzibuddy.tk | udp |
| US | 172.67.138.185:443 | bonzibuddy.tk | tcp |
| US | 13.107.246.40:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| CA | 142.250.69.99:443 | update.googleapis.com | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| CA | 142.250.69.99:443 | update.googleapis.com | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| CA | 142.250.69.97:443 | clients2.googleusercontent.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| CA | 142.250.69.46:80 | play.google.com | tcp |
| CA | 142.250.69.46:80 | play.google.com | tcp |
| US | 104.16.118.55:443 | blockchain.info | tcp |
Files
memory/5628-0-0x0000000003310000-0x0000000003320000-memory.dmp
memory/5628-1-0x0000000003310000-0x0000000003320000-memory.dmp
memory/5628-2-0x0000000003310000-0x0000000003320000-memory.dmp
C:\g0Bwcr1Ri.README.txt
| MD5 | ebc2fb13cc4a561b2b744f3dc9770175 |
| SHA1 | 18935656e63c44fbb5cf0b816fe6c8e6db6f3e02 |
| SHA256 | 41ce9a4d83d1de9da916727a959970204fe2d5a986583c0d9d951996f3a2a38c |
| SHA512 | 0d50f1de6cc9353c67af9e06574d5ac9fe6a0b50d9ae61bb1b5615c757aa7234af32b8f65242b40b2d47f38fd20a8cb244c88447c9455fac62358b2664d2b73c |
C:\$Recycle.Bin\S-1-5-21-330179853-1108322181-418488014-1000\XXXXXXXXXXX
| MD5 | cf51b24ed0d10f9866ae2bb0bc93699e |
| SHA1 | dc72cb5e3c33772c3c3e23c2084e890c256a10f9 |
| SHA256 | 23fc783227770234cc41bb26f164a8c6d9e383d48b337dde10ee467b6698a784 |
| SHA512 | ef606d893e13a859f3d8c442d357f23310497a0ef2e240f10c512088f6986291651728a9631f2c0eb9feb8467515a7bc38ae9c7c077a2406e18c291effcafc17 |
F:\$RECYCLE.BIN\S-1-5-21-330179853-1108322181-418488014-1000\DDDDDDDDDDD
| MD5 | 625af344ed23f546cbac207b10b88f80 |
| SHA1 | f3196662ddbea401539d55cf7984589666414b2a |
| SHA256 | 9df8b1bf8a94d2dcdd318c4f1a49396b15acba25b182d962708cdeec9cbbc976 |
| SHA512 | bc7348a10e1beb40ccd370b91ecef20f019db46f06007ddbd0ed647a5659a2eb9e5f30c9bcb0ef629344aa338b9af64a9ad676eee95d3619d598b89d2014c1ff |
memory/5628-3985-0x0000000003310000-0x0000000003320000-memory.dmp
memory/5628-3984-0x0000000003310000-0x0000000003320000-memory.dmp
memory/5628-3983-0x0000000003310000-0x0000000003320000-memory.dmp
C:\ProgramData\B3A1.tmp
| MD5 | 294e9f64cb1642dd89229fff0592856b |
| SHA1 | 97b148c27f3da29ba7b18d6aee8a0db9102f47c9 |
| SHA256 | 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2 |
| SHA512 | b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf |
memory/4928-4001-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
memory/4928-4003-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
memory/4928-4002-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
memory/4928-4004-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
memory/4928-4005-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
| MD5 | 8ec792b56faeb3b39e584125ffee608d |
| SHA1 | cef568ad15c9238944cce5344ab0e2f8682edce6 |
| SHA256 | cd43cbf220e3039eb6d33f171b1f368904157c5422a455b69101433fbafa4f10 |
| SHA512 | fb94740db12f7e8ea695e63f5a9ef98eb3d4ffdc3967d12ea0c6b3562786ce95107ec18aa24e313044a8c14a2a6d4287532fa8fbe99e3e250765c59629af2ea0 |
memory/4928-4034-0x00007FFE5C050000-0x00007FFE5C060000-memory.dmp
memory/4928-4035-0x00007FFE5C050000-0x00007FFE5C060000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{8748451E-1F25-4DEB-9A01-7DD58F31ADD0}
| MD5 | aab3a3a0f15b46bd33212d8da851c003 |
| SHA1 | ca4fc295f716875f166be08257dbf0dd90fa380f |
| SHA256 | bbe5726cba889532541ecb172133a0501da8c3b9cf8788136742936ea2b09d03 |
| SHA512 | 276a0ed6dc87750b717291f80ea5a68c76089d08ddad197b3d8102a320bed940d0e50ef4f8134fe467cf0c00e3f6b20df55ad85905335e6cdd795e612ab41442 |
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
| MD5 | a83c1f087339b8072d8a357e3f107098 |
| SHA1 | 83099754111adfecfdf44c88e1d3b23260b4739b |
| SHA256 | 8b1021e0726768bd079e52f06585a5b8c18a34224eef638343e5837503d09f3e |
| SHA512 | 6d2ab55f2af5cc56b4ee6e0a72357d399eb4a9f8382658d98996ee3cc74051aae18400f020b91c08a908563b42aa2fdcf0c9a0e6bf5cfcd7899231f032b8568b |
\??\pipe\crashpad_5504_OKOWRENHAUUXSSTX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | 505a174e740b3c0e7065c45a78b5cf42 |
| SHA1 | 38911944f14a8b5717245c8e6bd1d48e58c7df12 |
| SHA256 | 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d |
| SHA512 | 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/4928-4122-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
memory/4928-4123-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
memory/4928-4121-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
memory/4928-4120-0x00007FFE5EB50000-0x00007FFE5EB60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoped_dir5504_754144405\7b9bee28-c2b8-484c-ac86-48fc375da1a0.tmp
| MD5 | cc05ed3e66468e692745ba6563c69740 |
| SHA1 | eae9dbd4d36aa91fd43f7d452ac3d252b103759d |
| SHA256 | fb1311fb7142825abacb3c7aedddf948f5c9b258e447c953ce0f7f4b19c6dfff |
| SHA512 | 4b527db02d6ea36b914558a3e44fd3d15772bf2be4ba0a640bf70427af07dcde5ed6967930cc3624a244cfc82290f125eea2754812586216b3d5a37757ce8db4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 007bc27b36c2db8f609247173a6df544 |
| SHA1 | 5e5e2e6c7937933b3ff484c93a839e15061d97b2 |
| SHA256 | b7014661c4385cd08583c2f3e1ae2a79a34f5f5197b4ff4daece5dcd11f6d8f9 |
| SHA512 | 92c9303132286c3efb584eebaee895d234f3e7178c780b06a143138b822e248c856ac53c278f5210408786b233a89244bc89c45e4eefba48dbf0c2dd093ca6f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cceba5eeec85cdcd272d245b2f89abbc |
| SHA1 | 636b4a3176553631ddc54a703eab620a25a46f29 |
| SHA256 | c2d11d7def38d05dae3b9856b3d33c3d5e063478ed97483909a954e0f8743054 |
| SHA512 | 6ccf07be1a900e4b51390db0d989ff52c9cf962001169e3e8297ae9d4a2406515fdd480120a5e5561c8a0425014ed14ee6abbf9fe8a93e484bc7df561ccde609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe57edda.TMP
| MD5 | 4a793b2822b35d63b98175967847be3f |
| SHA1 | 364b1bee350f30c7511aaa37fdfb142af4af46cc |
| SHA256 | cbf552d5611651a0ae0323f79e3f787e3fa89f8f9b205d754ce4ff15b3b8089d |
| SHA512 | 9d8aa1874de7c0a926fc26609ce5535500d06452758cbc78d93f6a0eca8cb5ecaab62a79645c5768b1c15db93d692a66cdf12cbfb4b32b5f6f83787a7a3f57f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8f4b944d-7d14-4b48-b292-6330421c9780.tmp
| MD5 | 995221da1ed3a7e1323e5a74b9a58cde |
| SHA1 | 9f80a8a8e8216e778484c67f7d29de475761fdb8 |
| SHA256 | 107e29c5499f90e869ef70257e01a3bbce9624d17f6b0804fe11f522f61011e1 |
| SHA512 | 17840d66caa8dcb1641cfe3dd72aecfc5d067d1ee4d4300d0d480ba83f57508025b2136f69226acd47c885c30f3584a6c5b03760145ebab79bb71499ccc1016d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a0296291854a1b7868dddad1bdd215c7 |
| SHA1 | d58293a0f6459bf124458443d910d10378449b3b |
| SHA256 | 09a3d1936b3174d1ae349b6bb969a604f6500b484d602d57a61f3567620bd2a1 |
| SHA512 | fc3142e53f23ad5531786f8605541138bff7db7d5ecdba3e27adb4d4187c0c5c7029868cff10e386177734548c658cb574dfade02b50253e8f7262adbc6d9670 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 4be8adaf33a1f57481cce8789a4b2f8e |
| SHA1 | d51ca58dbda01ef7987c24d23a8801bb5fe10937 |
| SHA256 | 2f429fb17647097b45b6776460f5bcb2afbb45e35b1c59fe1831c8da42a83e95 |
| SHA512 | f631b60560285c9084ceaf32935edb3e5aa7fa036c6585e477b282566b69e9a54836cad84e109e1a8f2f275df65c8b9431b0011c6ecc34a808c2243a3b453a71 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5818e2.TMP
| MD5 | be6df1ec22522aef13dbef7d468b38a8 |
| SHA1 | e1dfd80e12ddf287d6ee8ae6a2d6e8ac29b375ca |
| SHA256 | 5920939e9259ecc8afcea1498dbf24cafc4f65be8ac51df5df395c00ed25f60f |
| SHA512 | cb5d56ddbe63f238417a1ff1af0d99a48a9a69546700dfd70ffb3d134570da01cd8884450da4288774459ce5d525c82d9ca97447b752ecac537f101ce85260a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6fa77b0866b2d7f0e25f20e4c359a203 |
| SHA1 | 38b33c1531cad06bf87d11eaeb6b5ebc93eb0a1d |
| SHA256 | 5b94d52bb97efbd6001b17324360fd397d439c97e7a38feb03b59a50b745a67f |
| SHA512 | 88f0dd8399673dc262ec8fbda51074f399d618ae176c3d82a847edf615c1ff8548b26e4f90489d97657a0993cf078b465cc5d39f802d9f68d04910ce05ac9991 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7f4bf2e59f7d12fa3572d772b5d5438e |
| SHA1 | f7c2e58dcf8a8309609d8bb86726384dcecad206 |
| SHA256 | b2918d8bccc9bc27c30289f139df0f584e38cdbc49bd7c3cbdae0888a86561ad |
| SHA512 | f1903c51dad2e5d29ed8c04a1d00d67094325e78e09284ffad153b641defa9858b54a467a87fb49fad750cae7ba0a2992fee022e6de609c7cdcad2af36ea44f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37e5d33b098663109164d071133eb9a5 |
| SHA1 | ba7556abd578af2202cbd2f9a50a6a52c2681b2b |
| SHA256 | 48aa4a28d50953d4000ab21b883c9f3710c15f78b0e887e4efa0cc3b5e8a4c88 |
| SHA512 | 0a23d73552277aab90e32e4499d1d5cd1538f8a2055447ac0c985872025ac4f99bcd657d5404ffe2873188ccc12cc0f6a7e0d925e8551f4a104435804a420d2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index
| MD5 | ae8f35017f298f22cd22697f46ea1ec4 |
| SHA1 | fe6926e1e866e75ce5952ed7b03e4118db89dabd |
| SHA256 | b523b4cdb1a56deb9514b7638744ae503948b13d02ffff0f0a633d4f696a64b4 |
| SHA512 | 2a802d0e66c8f7882fb18a4aa4f391af9d5fd28ed2735323bda0aeaacdd046b91805984545b76b5d92a6c4d238682d2d451f0604890a450d26261f7c0bff474e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f4bc43ef3a3af081a03141c7ff60bd4 |
| SHA1 | 7a74aac6d66d504b7efe4582ec095277d5bde6cd |
| SHA256 | 8faad97504143796d18025e40f65887a75d1e5facceb00034aa62b9317b3f55c |
| SHA512 | 5af5963728a8e3554a40f5ed5dafc3d233ccdcfcfebe7b4553b84360e388924d827f3d137f3262eddab4edf8fb4c0d1ca11c046adf02bfa1eb87197b05638ef2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.92.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\Downloads\Unconfirmed 434669.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | f9c4810ad4f26ad98e1e20d5e8fafc33 |
| SHA1 | 05ee609c38d3252ebdc62481378faf898911ec09 |
| SHA256 | a994902d3e24b45f7aaa13810f4f2a923b8fc66ef7160edb66f97589e72cee03 |
| SHA512 | ba0b1ab795f5e223f4952234011a96266990cc14722f464afbab5d08c8fcef277f67b92aa8fd633c6103a3e67049fd1561e60325125f4fea251a9e39f8fab002 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94f2197a972d4b50675592470090786e |
| SHA1 | 8683e2f2ef6403d736af7bb444a538de59787a46 |
| SHA256 | 83d440bb1e2f75d32e6a0fd65abb4240d3c6a14a78c7bc9dab9760b09402ac29 |
| SHA512 | 1825eb3aecf6e548fb5bce06a0628bcedf5cd12fe476714d051ecee43f8910d363169e948d9fd03053862a4a2aade532a94c04bc6754778fdbc42a024009d447 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | 1be5e3582b250ca00eaf42b5fdc48622 |
| SHA1 | 4c1507ed92d6aee34d023afb39ad6ad323be2eee |
| SHA256 | 101d85f599aae6c77a87b71cbff6aeaa05266912e3e9e5e2d33cd1eb4b840e85 |
| SHA512 | bb1ec530bf58c26d78dc422f1363d54c613ec49a031f4f86d2764ed0a311d41894439ded90cfbe867f21a230b8ee1c3f6069c6e0c43c22be718859f8bbdb0b3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ab20b4cd05e829eed840b194cdb122d |
| SHA1 | 629b3576044784f9929f4dc22509a3c76f203f34 |
| SHA256 | bb1c096c3459fc21826e82b739205bd42e07f0e4dabf8bb40a4e9a4d581178d1 |
| SHA512 | 7392b09c38bbc43bc50255db0f55f38f3109085b6e26f0e219145a8629f4c375800c1abf71b3216e6d0b30f2fac8295215597dd28dafc14158baed5e46c791c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 997bd85bfdfbf746134f7100f3e0b411 |
| SHA1 | 47f5f483c72e93fd616da566aae875bd0e454c4d |
| SHA256 | b6f4ea8dafd480923670ea03607cac7b1e314d6527a19be4a4ae4872e9dc9ef5 |
| SHA512 | 7f7c6c2ae79f1647d9320b5c40d16c495051432d477d448aa13a234482bb82923d5cbd1e7b6f86eb285ab01f020d07a4e307acc293f0a9a9c74dfd879dfa69a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0977d213464b824d821b1334b213763 |
| SHA1 | e5205569d80cb3921d0ceb0eeaaa522f95868844 |
| SHA256 | 92cb239d68273f875597c63091a2bd75ba915c99dd48769767d2de3cd6155aaa |
| SHA512 | 583857b8795364fc967d8ad1623c3bd83fb12a4b2118d1c8513acfda2919152d92fe35cbab5d1482ec925857474f62799489f246f3c47d7c851a052b1300b91a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 315183365f0095f22592af646f993826 |
| SHA1 | b131f03960fad6cc9975f69d98ca8b7a14b4efa6 |
| SHA256 | 271f757735f7370ea8a1548113354515887693e14bb007ef81dc2b5a2f4b5fd3 |
| SHA512 | e5b4f1c443cc56719f54eb3a1f87e1808b80c6d1de003031388c583b7780e1a4db08e8f6c54a989032fbc661e36eac3c491ab91a83806527130e210b7413834d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 6ec91c77cee59721ee6ec2d6488a5142 |
| SHA1 | 2ffba1b6ba92f7ce35d18c3ec1cf8da66f8b95c6 |
| SHA256 | 43e7696eed6fa069bbc0c07e38c5a84b26a563eb2e907af375fff01ce180c024 |
| SHA512 | a80d323e6da89b05c29c1c7746868649e0b8c61454ab1a520a31ff0ada9219440d909877fe92ac66f819cc1cdcee459ddaa8d335b86f65d3734e8e096758ccf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | 7606cc210b76d3ac5ff53318ce66c43c |
| SHA1 | 25fcc6293161f997b11ad80795c717cdfea2aaf4 |
| SHA256 | d4379bd1fd42d7785fbfc09e6fe217690109b0e0ddb719a456175742b229c6de |
| SHA512 | 2f72772f7dd7ededc895594cb6a75eeba988a5323e41eef56d73d8931998409828c43ab96fba4d32767090f73c37bab018bfc962958efa546a127cb620d726ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a
| MD5 | 2dfda5e914fd68531522fb7f4a9332a6 |
| SHA1 | 48a850d0e9a3822a980155595e5aa548246d0776 |
| SHA256 | 6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c |
| SHA512 | d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047
| MD5 | 532236261ce7c33d37452d2394091a08 |
| SHA1 | 61853bf74596c56e61ea31e0beb383a6f4073306 |
| SHA256 | 80b352d86e68f5db1a0cdfafc747ed6d1e7b27fa9e4ae141394de317ccd4eb04 |
| SHA512 | 4c8b073ed693267626b9a6e4f94d441201b820365737854a0475768601bdd10e91f7cc61247934ea5b603f27aadaee40e671f2a4bc1189a2b84a33094acf623e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048
| MD5 | c5b5852b05058e6ff526c8bfe1fffb67 |
| SHA1 | 075d50f6c778ac3d9840cb1c791fa71ea84abd68 |
| SHA256 | 7138bd7ff257f41abe3f2c8b775ff5651c4a3a6f781bc925b435dec85ff56eaa |
| SHA512 | 674d57161c88d098d1242d749b9d64880c1d2b1d12e912d0654e2a661888659b7aea3efe31769d3e108b834052e6854fd93a849558a59e0c62675cb2293e2d07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046
| MD5 | 4b005788c33964034a60568055ca318a |
| SHA1 | 803142948eb4289e616b6adb9da04ffc0ca6f854 |
| SHA256 | 2cb3af2e62ad0ebd9c3cce42a3061046347113410394ce29dc4cbb5fc28d359d |
| SHA512 | d151db6fb473069c8d385a9861bca014a03937c17e3de87f0e54fb97716e821141d745ac7938a83b5fdf5bd83edae8952c1ad59cb197c2c6b657548bfdded50d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045
| MD5 | eaf0ead8e70fbfc115f14ff20993904b |
| SHA1 | 7dd3a2a6dfd908a71348c4b76631ad8b10c88469 |
| SHA256 | 4d0447c1998cbb5d84d522fa2a5be39e64a956d90f50474aa2ab70559ee84595 |
| SHA512 | bbad96bf497d48465a2640406f6ba78fbea05a8ad4049e3e6183f272b6f2ba1d8d0578b65f9807b56e5f0d892c2d1b73c70616915bb079efe78562b17e7c4b5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043
| MD5 | 3841b0471c9028208632b690865b789f |
| SHA1 | cedccf4d6d922e8f93a115d55496e30f4d67e3aa |
| SHA256 | 8657f2a9dc383b81251cbfe2ef99b1ab7e0e18471b00a06100ad7efc8c46ac59 |
| SHA512 | 0755269fcad30e67b1eb6d3c8b899dc9809e330d87bc78cbabbca3f3ec35c8411f1320824798bec9ed8d3695addbbb1f796b0a8bf4e351d939c4e78f93eee913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
| MD5 | 89ee4d8818e8a732f16be7086b4bf894 |
| SHA1 | 2cc00669ddc0f4e33c95a926089cea5c1f7b9371 |
| SHA256 | f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82 |
| SHA512 | 89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | 0a0177afb495820a03538ffb3ae96d36 |
| SHA1 | 3d9eb63cfb600b0c4d3eda69078a4c6688be29df |
| SHA256 | 7c954bddd079a269239dc670a057383815a0678e5561246d6bae5c274a39d119 |
| SHA512 | 524a3e9301198a2499ae9527aebf30736148f328067cc8987bdd18c5cec04c16893fcea4c63c1342ef11b805ac9cafaa911a5ce3517dd6f8ac9e2a4a36d0fa28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | b87b3cc9a5a3d039558292fcef059ad2 |
| SHA1 | 1b8231108e6360343ed15cdb7e623372e1925ac0 |
| SHA256 | a399517ec6eecc44ebde29cffa0b74b000b78bf56de85aa0a2aa3bf4c3f1d3bf |
| SHA512 | 2ed37e9037e7257073d442d84ee8ef659909816f39cd072273354ea552fb133c529dbfc0a4c4a9f80c25a5e3a62d804834b532135b90675ca5cede56793596b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | 06683093428834519c100588d3bbbcef |
| SHA1 | d36355db08f9186fc9f502735a5dbb966d139e92 |
| SHA256 | a976b59f11b8e9bfa80d88e3b53e8d2073c3f039a0544066e73f4b58f4ba38a9 |
| SHA512 | 06cca8f8cd9bcf4ed5c972358aa9bd683213f1d58f6a76a5bd3201592ea30803fe56b5fbc7047607111301a67ed1a332be9549578cf73dc04a7f7698c40e4181 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | d17552c749892b290852e44b1abd64ea |
| SHA1 | d20cb2ca0f2f252f6cc522a889d18d55dad3dacf |
| SHA256 | 7105905e586c2021c7ec18793680fe6c7f2b61ce3419b01975d06f6268d33131 |
| SHA512 | f406ea8e6e6358afc1a9e6542c3e4efa5164f2c695abd7d29cdbfb29f35a55edf5ffc6a3c98f461870da5d2876b35c085ee44ad1592be73b5c53f254441fb8a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | 828e62677b54f9f931f817ea2499e02b |
| SHA1 | debf05cd097ead857542dc0f65faacb7ff65a5a0 |
| SHA256 | 8b7b971412dc138cede378ec6e3982305666170d2672a4bb2c3746de60868d63 |
| SHA512 | 9ebf5313de0afde96858d241c5fa0666abebab616ea8c23ab69f17312a39d805500d8f7823c300825b8cfedba8d05c62c51f64c0cc12ca458eebece293a2f8fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c
| MD5 | 3ea7e91f73aaefd4606fd9541109139c |
| SHA1 | 8c028f4c739372b59a43c949873f87e4047490e1 |
| SHA256 | 7cdbc2a28eec1e3583d64deb1bc70167a17ae46e3539c80f8b10d60fcff81cc6 |
| SHA512 | f0aeb276bfc6c1f722887b4b9b26df2f2a96d72dc093000d00c40df550d81760e668df3c49366045f26012f70d2cb25c745b6906859098caf886a31c4b675319 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a71ea9a3604053fb871550e46fb317c |
| SHA1 | 0f9234c486d833095ff95033f331ad84370d77a3 |
| SHA256 | ab02b502a1e4ec833199b45a44e03154df0331e5f8e3ce9f0a29a6374cb60ab8 |
| SHA512 | dc076539421782aa02fe3f8ae65192b685d208cedea7ec407e612530dc9be444f027c1cab434fda4cc16ba7b1b09e3939546ef0b1372a04abd9d490b379a1183 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9dcf3ea6a843803c428c76ca20f8d294 |
| SHA1 | 5237231806292e923beae2050d7b54f08802d06b |
| SHA256 | 1f21e4d42c6f1c474a440d9b45156ddba84ff09f0d1da8171fb56902400e1589 |
| SHA512 | 4c0869231ff6dfb7aca57fef78c000dcf7eadcc0e917217daa02648cb02c49f38eb8b9d0125fcb510e5097a0dd7fed45c6b4b70e9ef8d81e8d540caf150ddcb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2bd9f0f35a58d56237b773ddfef331c2 |
| SHA1 | 692f62a40cd79d30afce4cd2740ed56e79b653cd |
| SHA256 | dbcd8996cb846c3ac25192f49728330f6a4f94265b9522cb28cabeb106a90f6b |
| SHA512 | b688968655652b2cee96dfca89845070df566bced3e261c1cb4af2d2e1279b22e0faa326b65f3e7d245494bd5690429b8f0a073cb04807975bf71d1a0486f7d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 744ff780961f615084a885ab384c09ea |
| SHA1 | 1d018a84c77ef791112fdfe7ada1a2a4e363e8e1 |
| SHA256 | 71f4a445798c63d47e9f9b2bb7f286e7b9b3e35688b474f186f5c25256804a65 |
| SHA512 | 80b0c5e14b589121ebbee78f113ce4655cf4703ed75ea8ceb094224983ccc6cbee52d53efbda04a0f1d29fa0b63e7f84fd44ba7a404b5135c3f1242958882325 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32f0f402986589cf3fadb3fb80c8943d |
| SHA1 | 01790a065c03607c2dc41ab6312c72d85507d6c8 |
| SHA256 | 2d5a8f7c9052d99461a1083c888bc2555d3b3ebe736b4c95bdbbff26ba142300 |
| SHA512 | fbe9df9409ca6eb0feb1fb072ab1f14d65036b539f10f2ffb58f6735ddb9009f882c0dd7da8f81221a706febcb0fe528b0a5722b9b8c8850742052e2955b2737 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 40f26892ed29007f68e04f923ade1bfe |
| SHA1 | 6154c4b639b14c87677f758de517c1438f4b212d |
| SHA256 | 36c7b231cca24cd7fd67a1a3da306753e04f2fce3b7212649951f7943c10bfec |
| SHA512 | 335998bf8ff7e5d463972f2f43a334f40eab43eb19d891b82280f951e20d1b8c0a0430f594fc5accf213bba66bf190c1fed4a131c4fd9648b933d136a4520f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | 0ef2afac2bc5a955206301ac1939854a |
| SHA1 | 165ced1515ce1d6bbca5ae40f3f1ea03a2f52479 |
| SHA256 | bceb87500274d7bf64956ead380c4f1d8a75e87883878e347dfdb19551ab1fc9 |
| SHA512 | ffbe2ae137061627c1ec1ea72bd478caf60ae2bf82d0c1e3ab1dbda691c31e3345cc3bd54056c679e47b3c3ce128cee2173456df224075ea2de55601d3442a60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46e0ad0f963e9e37aad60b22b8efdd79 |
| SHA1 | 1139d5845269b155ed4a33e34bf047406989fee8 |
| SHA256 | 1cc6369514219f6eec5eaf06c5a675e061367072262b9e45d9ed447dfc45d3c5 |
| SHA512 | e5439572d61a11e03ffb5c70a5f44987f7fbc7fb9c322ceaf9a950172ebf8d7d5957392762fc777844238334299cb08dca024a459e9cdb4a24c7ead99d008ab3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4219309910dc3ec5308a8dda8100ae31 |
| SHA1 | a3e6825c74d916f6203eacbf21de3020c4a4e6de |
| SHA256 | 7e96c5718dd7db0b6ccc8691549aab51be4f24b0745ef41fe967ce6287177d79 |
| SHA512 | 253c0f69c6ed8ecb0b41d36ba0b7e22b8d913db659a6705ed97ba608fdcb8663056598453a1f2477c4ec67652a0aee18178bb82ff1472d9a10cb40a58d375162 |
C:\Users\Admin\Downloads\PowerPoint.exe
| MD5 | 70108103a53123201ceb2e921fcfe83c |
| SHA1 | c71799a6a6d09ee758b04cdf90a4ab76fbd2a7e3 |
| SHA256 | 9c3f8df80193c085912c9950c58051ae77c321975784cc069ceacd4f57d5861d |
| SHA512 | 996701c65eee7f781c2d22dce63f4a95900f36b97a99dcf833045bce239a08b3c2f6326b3a808431cdab92d59161dd80763e44126578e160d79b7095175d276b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2b6720cbb9eeca05dd35ca67bdd2b5a4 |
| SHA1 | 0e894c0b4b7fc5038db7258d1313d3999b31865e |
| SHA256 | 37aa4a7652bf4fb27ee0719a50c39e0a82e22e5c842d34a0882ece9df3cdc1ce |
| SHA512 | 4603cbd15fc763cd3ce3e4b3fa7164f742f9d32cd6e53910e0ebc74f442e04b896d02f6c624a18a0ae5ea17dc0328275295798c5291ebe13746c1e8485d1d4d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 782c0b8a23f5db36a05a4638af27af67 |
| SHA1 | 793677575b846ab4ac7fcbee062b67bc871db9c7 |
| SHA256 | 55347952a42a1ae94bbd053f25d866e94ed0a682a5a55012e8470440fc5af88c |
| SHA512 | 4f98077603d48f6858c9731288e6a8e4ba31760e1584921085fd1fefff8a1f8e58040168510f22bd7e4c430840bfa951f979bc3ff603942995c1c9f1567daf78 |
C:\Users\Admin\Downloads\PolyRansom.exe
| MD5 | 3ed3fb296a477156bc51aba43d825fc0 |
| SHA1 | 9caa5c658b1a88fee149893d3a00b34a8bb8a1a6 |
| SHA256 | 1898f2cae1e3824cb0f7fd5368171a33aba179e63501e480b4da9ea05ebf0423 |
| SHA512 | dc3d6e409cee4d54f48d1a25912243d07e2f800578c8e0e348ce515a047ecf5fa3089b46284e0956bbced345957a000eecdc082e6f3060971759d70a14c1c97e |
C:\Users\Admin\Downloads\CoronaVirus.exe
| MD5 | 055d1462f66a350d9886542d4d79bc2b |
| SHA1 | f1086d2f667d807dbb1aa362a7a809ea119f2565 |
| SHA256 | dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0 |
| SHA512 | 2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1 |
C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\Downloads\CryptoLocker.exe
| MD5 | 04fb36199787f2e3e2135611a38321eb |
| SHA1 | 65559245709fe98052eb284577f1fd61c01ad20d |
| SHA256 | d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9 |
| SHA512 | 533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c69684d5c2c22fb4103205db695f0811 |
| SHA1 | 032ecf4a9d2a2db7b0dd455409d40e509a15d5ef |
| SHA256 | 11f3e68952514d7078a60b6c97de1b3707082f551ff713b3dbcda558e8acfeec |
| SHA512 | 68daaf1b10f24c29d3829cda604b3c6f97985080ec6c517aa34f23164c826240692575f5f0ef22e1c34dd014fa0fb1d703d5844351f236226aace4c3fa844638 |
C:\Users\Admin\Downloads\CryptoWall.exe
| MD5 | 919034c8efb9678f96b47a20fa6199f2 |
| SHA1 | 747070c74d0400cffeb28fbea17b64297f14cfbd |
| SHA256 | e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734 |
| SHA512 | 745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4 |
C:\Users\Admin\Downloads\InfinityCrypt.exe
| MD5 | b805db8f6a84475ef76b795b0d1ed6ae |
| SHA1 | 7711cb4873e58b7adcf2a2b047b090e78d10c75b |
| SHA256 | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf |
| SHA512 | 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416 |
C:\Users\Admin\Downloads\7ev3n.exe
| MD5 | 9f8bc96c96d43ecb69f883388d228754 |
| SHA1 | 61ed25a706afa2f6684bb4d64f69c5fb29d20953 |
| SHA256 | 7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5 |
| SHA512 | 550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6 |
C:\Users\Admin\Downloads\BadRabbit.exe
| MD5 | fbbdc39af1139aebba4da004475e8839 |
| SHA1 | de5c8d858e6e41da715dca1c019df0bfb92d32c0 |
| SHA256 | 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da |
| SHA512 | 74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87 |
C:\Users\Admin\Downloads\$uckyLocker.exe
| MD5 | c850f942ccf6e45230169cc4bd9eb5c8 |
| SHA1 | 51c647e2b150e781bd1910cac4061a2cee1daf89 |
| SHA256 | 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f |
| SHA512 | 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 55e51d4d98b90e1abca8bfa2b2fd0edd |
| SHA1 | 4eb816841d71d461ee248630f2f57b9b635222b8 |
| SHA256 | aec27dd5760ee45c5924459c09acde19b54c77305f11e3b80cb9cccb311e553c |
| SHA512 | 082807d12415691afcd53b20202d7b4684a0c14d58c98253f6098bbbb4f5cf1af39b6b654a0d38153afa8e7b6eef7c829c1c87a0067819dbffc37d5de8b99ca9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 91a5aba97b712c28b8caee93761429d0 |
| SHA1 | c3a001efeb10d6ebf039fb77d0bcc80d2192d4fb |
| SHA256 | fffcfae8f85ca5b5b229a62856bff3d7025eeb8dbd638e550c126dd5ab5847f5 |
| SHA512 | 1a80c2f5e81220a3557f5cfde84ee948da028d2b8a98d1fc5c76822a039fb1cdafeebef1179f3efa6bcca286920fd99a9c4f06098a0935687a5d2ae915b03071 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 068ace391e3c5399b26cb9edfa9af12f |
| SHA1 | 568482d214acf16e2f5522662b7b813679dcd4c7 |
| SHA256 | 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485 |
| SHA512 | 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03 |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
memory/4780-6855-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | befc4b8769d08049860297d439e4bef5 |
| SHA1 | 050be8eb4d70c37527d5c8e8527b0f2fcaa4cd39 |
| SHA256 | 7bad8527e8e10f02a1197da168fc56251a060a3ec80da67e811819d9d63f50ad |
| SHA512 | 5a9b40f699d688750cb7963485edfba02a898e5427a305705d692cde549e0d5cdf2bfdb04f6b08154518afa2902dde82620ce40768273f8f9e01027fa7c06105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 096ee024636366a069bc774ead875762 |
| SHA1 | 14a0da7f229ab86a2a3bb35337c17d5f47ff4935 |
| SHA256 | 6769fe6522324089eb369c07651758084aba82574e384752df8be90bf92e756a |
| SHA512 | 1b2df696a823fd7868becbc0c02f233faf75938395a714c15f25f2fb3c5f5a2a9f32d9a698bfa590cbea291e9cb547f7b0b44be6cce88d5dfd9e29bac915dc6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f697ac47-9938-409d-9355-519223f652d8.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | abed9e3e2618edc08b0b4a9bf347482b |
| SHA1 | 4b8e21f266a1b3861e89185599ab6b265e0c308b |
| SHA256 | c1db9209bc374a2f86cd95b7346b358838349df213bbf2e5a06533baaa399d8b |
| SHA512 | 11ac46f03cb60b91cc665ca07d95cef83b62e58ef3e2c0e57aad330a2f44ddffcc94b6bc031f690502171ae756869ec4b1c8cfd689529ed13915f42ea2cc1bc5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2c13d72c6250c990dc717729441dfe2f |
| SHA1 | 00b1d7121524d5070ccef065a819e42e737bdad7 |
| SHA256 | 02730369b9bca9191a23376e9635fabc2c1f0da8082a143b41b313d9f22ba537 |
| SHA512 | 4eaa3de0614fe8f83cb3eecf53c60fa3b6ee8b0f793d0109cb75e2268c3131f5ac627442c379de6fbaa638d4724b206cd44dd9c61571c0de78ef58b894934817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69275aadeacba38d54db7b0f54141fcb |
| SHA1 | 793d6ed03ded2ee77d579515add70f10b66827cb |
| SHA256 | 4f53cf2a6d4f61fa846cf3ac17de14e8f67232b0da67b8d8120bae3c74f88c8d |
| SHA512 | b977de6b0a3ae81a4bd4746015d3e05b6dd223015c8495e38feb121a6bb22d60c5645d05004cc93d1d544748cd297b309cf83e2b1ee3da8b6e34404ec6a01e42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 74d2621769dcf768bd55415b63b7cb71 |
| SHA1 | 8d91f294c3cd4832e8874967db07824c31e89fb3 |
| SHA256 | f682755ee18848440ef827d6deb8a144a8e7771e8f7041e11a8aa650392631fa |
| SHA512 | cf37e2903a904fe96dca38a86656fd10bb36da64f0adf40035042918c0c167fb061605cf2438b9c679ca82755954d9dd59215dc0eaa94c6b03d1cc7630073df8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f960758d3acee755f91ec7332c77f6e7 |
| SHA1 | 260af4eaf0bd2a341955a9323df639f3da988144 |
| SHA256 | 6fcf4a691485f9690725b9b8162038ff92d2dca8963e84d8c3e27cb78a8aae6d |
| SHA512 | 3ac1b72a78ce666f7de9b7e7707d38175d127c70e7c1683cb6a2ec8d5f7b0c9a64893db55d9c536273606c7d5e732ec7d210a7f7cfcfc0807acd9ad6afa5ad60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 96ff0a6642eb84ca274a34dc452afeca |
| SHA1 | 0f1c3d9440c3d9f51a581e74872ea399df2102c5 |
| SHA256 | 683d1aec328143785aa19a8c71a8304eac9d89ecb1dc398451613708279137d9 |
| SHA512 | 4c87f335050e43550dc6b668dfd647e4e054e4fad5d85386d8344007050bda1790ba653bfcdd1c551e9b852a3dfd2924b67afb91f7faf670e4f2a74e8f970457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | c90a5f741c1a5cd8655e08d642bb6afb |
| SHA1 | ba68b409108bcff1a4e1ceb7f225e91afb405249 |
| SHA256 | 807208c6d9ff46504c119defae4a283641d79e91251547504ae566e926efc3f4 |
| SHA512 | 178b0f80433017ea47982f88f8f1568042481ffc710a7e68ef794c0c0e8d7485c537caae2af4dc12ed7c189e17dbccb07d3fbb9d3efd62c283a3bf8d0fae2106 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4360_36359287\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4360_731101533\CRX_INSTALL\manifest.json
| MD5 | c3ea1c220c71d0328c9d923fafb13917 |
| SHA1 | bab21e83792c2987d6a7a29270183277db908717 |
| SHA256 | cca296f57b046d7492f1ed86652141deecbd81323083878569ee7fbaec6d20d0 |
| SHA512 | ce83c6e6b352b8d2369ed5f120e672957886ab51df0c78a95c1458b6ae4c3834a394c2801e46d90594128ecf802628d7724572e8272ececaf7609ab543fd4559 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4360_731101533\CRX_INSTALL\_locales\en_US\messages.json
| MD5 | 64eaeb92cb15bf128429c2354ef22977 |
| SHA1 | 45ec549acaa1fda7c664d3906835ced6295ee752 |
| SHA256 | 4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c |
| SHA512 | f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4360_731101533\CRX_INSTALL\_locales\en\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.92.1_0\_locales\en_US\messages.json
| MD5 | 578215fbb8c12cb7e6cd73fbd16ec994 |
| SHA1 | 9471d71fa6d82ce1863b74e24237ad4fd9477187 |
| SHA256 | 102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1 |
| SHA512 | e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212 |
memory/3864-7771-0x000000002AA00000-0x000000002AA24000-memory.dmp
memory/4320-7811-0x0000000005840000-0x0000000005DE6000-memory.dmp
memory/4320-7813-0x0000000005330000-0x00000000053C2000-memory.dmp
memory/3376-7848-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2616-7841-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5844-7822-0x0000000010000000-0x0000000010010000-memory.dmp
memory/5528-7807-0x0000000005A50000-0x0000000005AEC000-memory.dmp
memory/5528-7806-0x0000000000EF0000-0x0000000000F2C000-memory.dmp
memory/4320-7805-0x0000000000790000-0x00000000007FE000-memory.dmp
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/5528-7837-0x0000000005C80000-0x0000000005CD6000-memory.dmp
memory/4320-7836-0x00000000052B0000-0x00000000052BA000-memory.dmp
memory/4916-7766-0x00000000012B0000-0x00000000012D5000-memory.dmp
memory/860-7772-0x0000000000400000-0x000000000056F000-memory.dmp
memory/2616-7773-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5616-7870-0x0000000000400000-0x0000000000432000-memory.dmp
memory/6120-9119-0x00000000025F0000-0x0000000002658000-memory.dmp
C:\Users\Admin\Downloads\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\Users\Admin\Downloads\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\c.wnry
| MD5 | 383a85eab6ecda319bfddd82416fc6c2 |
| SHA1 | 2a9324e1d02c3e41582bf5370043d8afeb02ba6f |
| SHA256 | 079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21 |
| SHA512 | c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252 |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.3CDEB3FD9AD143F98218B58FA01E021051E47FCE57C83CD2E9A3B269F712E80E
| MD5 | 41ce30ca78177f3bd3b70b0bee23cf37 |
| SHA1 | f3747bedbd072c4246a9c9eeddbbbd6629e5ca3a |
| SHA256 | 6afd4804eaca0f4c9bb853b2fb3f46f2edef689f3ec86316eb82d89be1a07488 |
| SHA512 | 685306879909b7e184e92fc92e72075654de51ed3071c6b6bc7f0801adcf3817268571b55ab024d891e34b278e2071a11e32b564352ac5a11a4eab0e13566a51 |
memory/5844-11658-0x0000000010000000-0x0000000010010000-memory.dmp
memory/5844-11660-0x0000000010000000-0x0000000010010000-memory.dmp
memory/5844-11657-0x0000000010000000-0x0000000010010000-memory.dmp
memory/5844-11654-0x0000000010000000-0x0000000010010000-memory.dmp
memory/5844-11653-0x0000000010000000-0x0000000010010000-memory.dmp
memory/5616-11691-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3376-11692-0x0000000000400000-0x000000000042F000-memory.dmp
memory/14180-11690-0x0000000000A00000-0x0000000000A25000-memory.dmp
memory/17120-11693-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.3CDEB3FD9AD143F98218B58FA01E021051E47FCE57C83CD2E9A3B269F712E80E
| MD5 | 0b547f6a3b58c68cfb6e6637d52cf115 |
| SHA1 | 726466e57a9864c08d25732a6f354b7b6ec5fc52 |
| SHA256 | f59d8f6ff31cce0519780848f1a4a413486a6c5979a02d739a778105e6695852 |
| SHA512 | 0efedd07478029c5f50acba0368a17de1997751854caeeb70d152eadbcec50cde6c46d9fa863af67a765bc3f8ad53d4529038c23649b2e8ea5af5a299b78e5f2 |
memory/6120-11689-0x00000000025F0000-0x0000000002658000-memory.dmp
memory/16984-11695-0x0000000000400000-0x0000000000432000-memory.dmp
memory/17136-11694-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5844-11659-0x0000000010000000-0x0000000010010000-memory.dmp
memory/4916-10765-0x00000000012B0000-0x00000000012D5000-memory.dmp
memory/14180-10764-0x0000000000A00000-0x0000000000A25000-memory.dmp