Analysis
-
max time kernel
1450s -
max time network
1469s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
22-05-2022 18:18
General
-
Target
иуеr.exe
-
Size
25KB
-
MD5
ae72c198c0825712f203e258571c0e87
-
SHA1
066ef64d5f5bb96e1714247c97aaf291907a7b3f
-
SHA256
7237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
-
SHA512
a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3582-490\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
gay
7.tcp.eu.ngrok.io:14345
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Detect Neshta Payload 2 IoCs
-
Modifies system executable filetype association 2 TTPs 2 IoCs
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
ASPack v2.12-2.42 2 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE 51 IoCs
-
Modifies extensions of user files 12 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops startup file 3 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 15 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 2 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\иуеr.exe"C:\Users\Admin\AppData\Local\Temp\иуеr.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\Dllhost.exe"C:\Windows\Dllhost.exe"2⤵
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeschtasks /create /sc minute /mo 1 /tn Server /tr C:\Users\Admin\AppData\Local\Temp/Server.exe3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Local\Temp\.exe"C:\Users\Admin\AppData\Local\Temp\.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\scream\sound.vbs"4⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\scream\gif.hta"5⤵
- Modifies Internet Explorer settings
-
C:\Users\Admin\AppData\Local\Temp\.exe"C:\Users\Admin\AppData\Local\Temp\.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.exe"C:\Users\Admin\AppData\Local\Temp\.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\bonzi\BonziBuddy_original.exe"C:\bonzi\BonziBuddy_original.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\.exe"C:\Users\Admin\AppData\Local\Temp\.exe"3⤵
- Modifies system executable filetype association
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\3582-490\.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\.exe"4⤵
- Executes dropped EXE
- Modifies extensions of user files
- Drops startup file
- Loads dropped DLL
- Sets desktop wallpaper using registry
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\attrib.exeattrib +h .5⤵
- Views/modifies file attributes
-
C:\Users\Admin\AppData\Local\Temp\3582-490\taskdl.exetaskdl.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.execmd /c 138691653251802.bat5⤵
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs6⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe@WanaDecryptor@.exe co5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\3582-490\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b @WanaDecryptor@.exe vs5⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe@WanaDecryptor@.exe vs6⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet7⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin delete shadows /all /quiet8⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete8⤵
-
C:\Users\Admin\AppData\Local\Temp\3582-490\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe@WanaDecryptor@.exe5⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "imwdfmkdy117" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\3582-490\tasksche.exe\"" /f5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "imwdfmkdy117" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\3582-490\tasksche.exe\"" /f6⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Temp\3582-490\taskdl.exetaskdl.exe5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3582-490\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe@WanaDecryptor@.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\3582-490\taskdl.exetaskdl.exe5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3582-490\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\3582-490\@WanaDecryptor@.exe@WanaDecryptor@.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\EXE~1"3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\EXE~1C:\Users\Admin\AppData\Local\Temp\EXE~14⤵
- Executes dropped EXE
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\EXE~1"3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\EXE~1C:\Users\Admin\AppData\Local\Temp\EXE~14⤵
- Modifies system executable filetype association
- Executes dropped EXE
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\system32\taskeng.exetaskeng.exe {DD319580-5E04-4A7F-ACFD-0EA5AEB4A4AF} S-1-5-21-2277218442-1199762539-2004043321-1000:AUVQQRRF\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Server.exeC:\Users\Admin\AppData\Local\Temp/Server.exe2⤵
- Executes dropped EXE
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5641⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Users\Public\Desktop\@WANAD~1.EXE"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Users\Public\Desktop\@WANAD~1.EXEC:\Users\Public\Desktop\@WANAD~1.EXE2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Windows\system32\taskmgr.exe" /41⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\SysWOW64\taskmgr.exeC:\Windows\system32\taskmgr.exe /42⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\svchost.com"C:\Windows\svchost.com" "C:\Windows\system32\taskmgr.exe" /41⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\taskmgr.exeC:\Windows\system32\taskmgr.exe /42⤵
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Change Default File Association
1Registry Run Keys / Startup Folder
1Scheduled Task
1Hidden Files and Directories
1Defense Evasion
Modify Registry
5File Deletion
2File Permissions Modification
1Hidden Files and Directories
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
54.9MB
MD5b1940cff31a3a1f51d6eb4492657be9b
SHA12562282b0538fb8647621b29435d19c757d7b309
SHA256556444ff1fee8aa32d1418c409535909c3c0cb0adaa87488ca0c03ee3b5e8006
SHA51281b6d263dfe65ccc702bcb85feee6c1f1c78c4a2cb62c3a52c6dd520511297d773fa4dca471132df1f1e3fd1a6fb00851ec4670c48df44572990553f54f4c77c
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
77.8MB
MD597893da3ea0e186290435246020bf018
SHA19a898f7e782cde4d1c98793a70faf363627a1596
SHA25627dcecbb8e47c6f20f54466d4f14afade78c9518f614c6555fe64b9f37efb6fd
SHA512ea54c3b9011e7ea3e024b88da20de7d282393455b504937e4a48e4a7f963d48391f9bd46cf31fb4ae3e63464f8d9467a48581217cf587fcee1d137e5edf6e9c8
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
77.8MB
MD597893da3ea0e186290435246020bf018
SHA19a898f7e782cde4d1c98793a70faf363627a1596
SHA25627dcecbb8e47c6f20f54466d4f14afade78c9518f614c6555fe64b9f37efb6fd
SHA512ea54c3b9011e7ea3e024b88da20de7d282393455b504937e4a48e4a7f963d48391f9bd46cf31fb4ae3e63464f8d9467a48581217cf587fcee1d137e5edf6e9c8
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
3.4MB
MD580d2cfccef17caa46226147c1b0648e6
SHA14540c60c99594ebd49e0ede7d2070b00f5fb021b
SHA25691afb972e14584bc1e23802e2b26813f57b802689fe61a540fdaf162cecd7493
SHA512d0c245182b1f984f244a49267ead57296002f31d4ce36102508b604f85aa32a879a80f628312e1332f04104af35da0947b3c0e0eec35385bbac7540345f8a99b
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
3.4MB
MD580d2cfccef17caa46226147c1b0648e6
SHA14540c60c99594ebd49e0ede7d2070b00f5fb021b
SHA25691afb972e14584bc1e23802e2b26813f57b802689fe61a540fdaf162cecd7493
SHA512d0c245182b1f984f244a49267ead57296002f31d4ce36102508b604f85aa32a879a80f628312e1332f04104af35da0947b3c0e0eec35385bbac7540345f8a99b
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
14.7MB
MD55719586f93a577d0116043fc1f5eec32
SHA1239c82f2c4c7fe86ca82b0fcb0f23e3a8cfed338
SHA256f0b481c95d762e5dd7575a22b520f32af3a1ed83f917abf2872c5ae3825dafb7
SHA5123d6c24c305cda9aeac879a165d917d2579735b2bf1948b7ec72ca22e4a2ce18ee6e7de9c55072f483711c74636400321ac4191c8b08b92188757ac463fc59695
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
14.7MB
MD55719586f93a577d0116043fc1f5eec32
SHA1239c82f2c4c7fe86ca82b0fcb0f23e3a8cfed338
SHA256f0b481c95d762e5dd7575a22b520f32af3a1ed83f917abf2872c5ae3825dafb7
SHA5123d6c24c305cda9aeac879a165d917d2579735b2bf1948b7ec72ca22e4a2ce18ee6e7de9c55072f483711c74636400321ac4191c8b08b92188757ac463fc59695
-
C:\Users\Admin\AppData\Local\Temp\.exeFilesize
54.9MB
MD5b1940cff31a3a1f51d6eb4492657be9b
SHA12562282b0538fb8647621b29435d19c757d7b309
SHA256556444ff1fee8aa32d1418c409535909c3c0cb0adaa87488ca0c03ee3b5e8006
SHA51281b6d263dfe65ccc702bcb85feee6c1f1c78c4a2cb62c3a52c6dd520511297d773fa4dca471132df1f1e3fd1a6fb00851ec4670c48df44572990553f54f4c77c
-
C:\Users\Admin\AppData\Local\Temp\3582-490\.exeFilesize
3.4MB
MD584c82835a5d21bbcf75a61706d8ab549
SHA15ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA51290723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
C:\Users\Admin\AppData\Local\Temp\3582-490\.exeFilesize
3.4MB
MD584c82835a5d21bbcf75a61706d8ab549
SHA15ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA51290723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
C:\Users\Admin\AppData\Local\Temp\3582-490\b.wnryFilesize
1.4MB
MD5c17170262312f3be7027bc2ca825bf0c
SHA1f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c
-
C:\Users\Admin\AppData\Local\Temp\3582-490\c.wnryFilesize
780B
MD58124a611153cd3aceb85a7ac58eaa25d
SHA1c1d5cd8774261d810dca9b6a8e478d01cd4995d6
SHA2560ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e
SHA512b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17
-
C:\Users\Admin\AppData\Local\Temp\3582-490\msg\m_bulgarian.wnryFilesize
46KB
MD595673b0f968c0f55b32204361940d184
SHA181e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA25640b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA5127601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92
-
C:\Users\Admin\AppData\Local\Temp\3582-490\msg\m_chinese (simplified).wnryFilesize
53KB
MD50252d45ca21c8e43c9742285c48e91ad
SHA15c14551d2736eef3a1c1970cc492206e531703c1
SHA256845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA5121bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755
-
C:\Users\Admin\AppData\Local\Temp\3582-490\msg\m_chinese (traditional).wnryFilesize
77KB
MD52efc3690d67cd073a9406a25005f7cea
SHA152c07f98870eabace6ec370b7eb562751e8067e9
SHA2565c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA5120766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c
-
C:\Users\Admin\AppData\Local\Temp\3582-490\msg\m_croatian.wnryFilesize
38KB
MD517194003fa70ce477326ce2f6deeb270
SHA1e325988f68d327743926ea317abb9882f347fa73
SHA2563f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c
-
C:\Users\Admin\AppData\Local\Temp\3582-490\msg\m_czech.wnryFilesize
39KB
MD5537efeecdfa94cc421e58fd82a58ba9e
SHA13609456e16bc16ba447979f3aa69221290ec17d0
SHA2565afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b
-
C:\Users\Admin\AppData\Local\Temp\3582-490\msg\m_danish.wnryFilesize
36KB
MD52c5a3b81d5c4715b7bea01033367fcb5
SHA1b548b45da8463e17199daafd34c23591f94e82cd
SHA256a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Users\Admin\AppData\Local\Temp\Server.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Windows\Dllhost.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\Windows\Dllhost.exeFilesize
25KB
MD5ae72c198c0825712f203e258571c0e87
SHA1066ef64d5f5bb96e1714247c97aaf291907a7b3f
SHA2567237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
SHA512a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
-
C:\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
C:\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
C:\bonzi\blue.exeFilesize
120KB
MD5c3c1f4ff433df26b896deddacb5817f0
SHA145152ae046f3e2d5e274feb6a04fa6af59a68740
SHA256bc8f7334495c673dd646d092afdabbfb84edb5282a25d9d8b1d3ceadc019478b
SHA512faecab59d8ab00cead2037ee30435fffb25494b5889ac5dd003fec5f3a0244a2e450425838456ff5ef11b8c674eb85b21ca68c636cdec593bbef5ecf2aba0561
-
C:\bonzi\clippy.exeFilesize
228KB
MD5038bf1f54a35164fedb79e2319e1bc49
SHA1e92cdbb5bab92ea3f2d6b0f8f40a5b5df199c6a9
SHA256655a8c2bed8e2d85b24525aa426e5d647f15ddfa156967d64f144c497e8c9665
SHA5125928082b8fef2a491eb84ed4ba01c8428cd96425c8c2d433dc6ef80d9c0d4866bb9c20871c6d1268824e435f42526e4e1eb468fe451f0ef02710edb35c08f1c6
-
C:\bonzi\netscape\NAVIGA~1.EXEFilesize
7.9MB
MD5ac9cdd36906387f84557acddb219f405
SHA12539465a3c843d70615810afc7bccb7a5929e096
SHA256b529c4308f6c2ffefa022bb8b4c1456778f3a15bc0634cb109436a72fa5b3aff
SHA5120204726358b6a319c1c3cae7f6c67e415139fe2c99169de6bcec6029bae3299601b8d01fe804410448863361680fc74e0939bc2d91ab14adb889623c592e4250
-
C:\bonzi\netscape\XPICLE~1.EXEFilesize
76KB
MD5b643add42d6f45f601eaeea2fa93f3a5
SHA1502ebcbf5f228a8819c12416e1468985871966ec
SHA2563f9c5a116ecea24e2e8f83132edc74d44ce3746facb854fee6f2a81011f828c8
SHA512ddbfb4f1057a21fea4805615ea65ad12681fb59879401a462493eea3e76dafd07c927d0d6820d72fba629693e60fe3f804e1998c9bd63704da0e3c33426a7ab6
-
C:\bonzi\netscape\updater.exeFilesize
132KB
MD5b3f10bc05c5dd33be9ebe2c9b097b809
SHA1d4ff4292903610271830709db9605d8a6ecf2c90
SHA256153b85c26c8a6158d669184629357e69418e3774115490166b18c5ecbaeca3e2
SHA51211840ac48d8453fdaaa4b9114e65e076ee2222b9ace9c0a8fe896613b44f3775ab0a71776339efa116d590dabb648b51c1f7d2d370b7ea37431631872a8bc2e9
-
C:\bonzi\optimize.exeFilesize
618KB
MD55ffeadad118403d9496653dce94300cc
SHA1c96574ebffd8fc82bc6b4bf40bf306b5602b38e7
SHA2569bee3eb4c6544d6e69543440bec4f1f246fad1e17067bb6e8bfd6daac7ce475f
SHA51276726b8a982c53cac62068a9b9531918b0230537e526f517634d14cf9459fde69303c83067cbee50b4005b9fe55108ace1a2eda980922c46925cfc8aabe59e3c
-
C:\scream\gif.htaFilesize
1KB
MD574e44289c376074367616125c02c3dde
SHA12564f2335abd6e8beff609734f222e8d1071524f
SHA256306e5356eddaf0f9c3a81435bb3649adfad37f0dc78bc6d7d495c19977ee874f
SHA512ff1aa8c4c7b8f3aff603bfbe99382bf7f8b1e2536fa47b480ca1bb4a68752d319d6fac4b8d70e75e61fbb13aa2340b1ba90f1dbe38e6895278bf8c0fcea64598
-
C:\scream\sound.mp3Filesize
371KB
MD5d2f68278782d53444009c6b840c3fab2
SHA1df5772a086c57c644708fb09daa5ed0b49d8b277
SHA25677fbbaa29ef9163a352a57a48d2cbbb35f499a51545e257846d809639262d09c
SHA512aab55a72136bfb37d8174b499dc76e2c7321c67bc5187c117def1b50caab72bf969e7d117887569bb8a5ec9ac8dc3cb50a4bbac10fc223645cc3677d1c70f568
-
C:\scream\sound.vbsFilesize
310B
MD5f96daee32c46bdc2cf56072569fd556b
SHA19d45104e279c7866b65d6cb1775f6612d23c0863
SHA2566cbf377b3b2369be137810746491e2f1044f7a53d6a3090646592b6cb77eacca
SHA5124aae0071250ec569ba1274fd012c407707d39b4b8e3fd0a23406eccdb0a866aa833634f7529101f81b250a0961142b54733e0b8370f5741fe48068f384f79dae
-
C:\scream\tenor.gifFilesize
14.1MB
MD5f6d57210f7d5c4c0bf5d857c375e618b
SHA1404e56949c04eb815d8c1403ab5ba166e2b2f095
SHA256f9663446ed05d86f44344f48e228e0623baaa223097b23ff064ee0287fdea92f
SHA512672bea0743d91027b2a5a3238ea5fe4f76746681b422de14c02fbca6778534a7cb0ab244c4cd3043de895442f072d043021797c43c5d8413032494bafc94bfd9
-
\Users\Admin\AppData\Local\Temp\3582-490\.exeFilesize
3.4MB
MD584c82835a5d21bbcf75a61706d8ab549
SHA15ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA51290723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
\bonzi\BonziBuddy_original.exeFilesize
126KB
MD5ff8e3bef2b1c444e59d21d5291c81d96
SHA1a838dc974a49dc0fad824cedcf794c8c9651d410
SHA25650a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e
SHA512b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927
-
\bonzi\blue.exeFilesize
120KB
MD5c3c1f4ff433df26b896deddacb5817f0
SHA145152ae046f3e2d5e274feb6a04fa6af59a68740
SHA256bc8f7334495c673dd646d092afdabbfb84edb5282a25d9d8b1d3ceadc019478b
SHA512faecab59d8ab00cead2037ee30435fffb25494b5889ac5dd003fec5f3a0244a2e450425838456ff5ef11b8c674eb85b21ca68c636cdec593bbef5ecf2aba0561
-
\bonzi\clippy.exeFilesize
228KB
MD5038bf1f54a35164fedb79e2319e1bc49
SHA1e92cdbb5bab92ea3f2d6b0f8f40a5b5df199c6a9
SHA256655a8c2bed8e2d85b24525aa426e5d647f15ddfa156967d64f144c497e8c9665
SHA5125928082b8fef2a491eb84ed4ba01c8428cd96425c8c2d433dc6ef80d9c0d4866bb9c20871c6d1268824e435f42526e4e1eb468fe451f0ef02710edb35c08f1c6
-
\bonzi\netscape\NAVIGA~1.EXEFilesize
7.9MB
MD5ac9cdd36906387f84557acddb219f405
SHA12539465a3c843d70615810afc7bccb7a5929e096
SHA256b529c4308f6c2ffefa022bb8b4c1456778f3a15bc0634cb109436a72fa5b3aff
SHA5120204726358b6a319c1c3cae7f6c67e415139fe2c99169de6bcec6029bae3299601b8d01fe804410448863361680fc74e0939bc2d91ab14adb889623c592e4250
-
\bonzi\netscape\XPICLE~1.EXEFilesize
76KB
MD5b643add42d6f45f601eaeea2fa93f3a5
SHA1502ebcbf5f228a8819c12416e1468985871966ec
SHA2563f9c5a116ecea24e2e8f83132edc74d44ce3746facb854fee6f2a81011f828c8
SHA512ddbfb4f1057a21fea4805615ea65ad12681fb59879401a462493eea3e76dafd07c927d0d6820d72fba629693e60fe3f804e1998c9bd63704da0e3c33426a7ab6
-
\bonzi\netscape\updater.exeFilesize
132KB
MD5b3f10bc05c5dd33be9ebe2c9b097b809
SHA1d4ff4292903610271830709db9605d8a6ecf2c90
SHA256153b85c26c8a6158d669184629357e69418e3774115490166b18c5ecbaeca3e2
SHA51211840ac48d8453fdaaa4b9114e65e076ee2222b9ace9c0a8fe896613b44f3775ab0a71776339efa116d590dabb648b51c1f7d2d370b7ea37431631872a8bc2e9
-
\bonzi\optimize.exeFilesize
618KB
MD55ffeadad118403d9496653dce94300cc
SHA1c96574ebffd8fc82bc6b4bf40bf306b5602b38e7
SHA2569bee3eb4c6544d6e69543440bec4f1f246fad1e17067bb6e8bfd6daac7ce475f
SHA51276726b8a982c53cac62068a9b9531918b0230537e526f517634d14cf9459fde69303c83067cbee50b4005b9fe55108ace1a2eda980922c46925cfc8aabe59e3c
-
memory/324-62-0x0000000000000000-mapping.dmp
-
memory/324-65-0x0000000000EF0000-0x0000000000EF8000-memory.dmpFilesize
32KB
-
memory/324-66-0x00000000003D0000-0x00000000003E2000-memory.dmpFilesize
72KB
-
memory/384-202-0x0000000000000000-mapping.dmp
-
memory/556-130-0x0000000000000000-mapping.dmp
-
memory/572-209-0x0000000071F80000-0x000000007219C000-memory.dmpFilesize
2.1MB
-
memory/572-208-0x0000000072240000-0x00000000722C2000-memory.dmpFilesize
520KB
-
memory/572-197-0x0000000071F80000-0x000000007219C000-memory.dmpFilesize
2.1MB
-
memory/572-194-0x0000000000000000-mapping.dmp
-
memory/572-199-0x0000000071EC0000-0x0000000071EE2000-memory.dmpFilesize
136KB
-
memory/572-198-0x0000000071EF0000-0x0000000071F72000-memory.dmpFilesize
520KB
-
memory/572-200-0x0000000000150000-0x000000000044E000-memory.dmpFilesize
3.0MB
-
memory/572-196-0x0000000072240000-0x00000000722C2000-memory.dmpFilesize
520KB
-
memory/572-212-0x0000000000150000-0x000000000044E000-memory.dmpFilesize
3.0MB
-
memory/572-211-0x0000000071EC0000-0x0000000071EE2000-memory.dmpFilesize
136KB
-
memory/572-210-0x0000000071EF0000-0x0000000071F72000-memory.dmpFilesize
520KB
-
memory/604-70-0x0000000000000000-mapping.dmp
-
memory/668-87-0x0000000000000000-mapping.dmp
-
memory/684-121-0x0000000000940000-0x0000000000948000-memory.dmpFilesize
32KB
-
memory/684-187-0x0000000000000000-mapping.dmp
-
memory/684-119-0x0000000000000000-mapping.dmp
-
memory/956-108-0x0000000000000000-mapping.dmp
-
memory/960-206-0x0000000000000000-mapping.dmp
-
memory/1036-242-0x0000000000000000-mapping.dmp
-
memory/1052-54-0x0000000000360000-0x0000000000368000-memory.dmpFilesize
32KB
-
memory/1052-56-0x000007FEFBE51000-0x000007FEFBE53000-memory.dmpFilesize
8KB
-
memory/1052-55-0x0000000000480000-0x0000000000492000-memory.dmpFilesize
72KB
-
memory/1060-185-0x0000000000000000-mapping.dmp
-
memory/1076-220-0x0000000000000000-mapping.dmp
-
memory/1076-214-0x0000000000000000-mapping.dmp
-
memory/1080-237-0x0000000000000000-mapping.dmp
-
memory/1080-238-0x00000000013C0000-0x00000000013C8000-memory.dmpFilesize
32KB
-
memory/1088-226-0x0000000000000000-mapping.dmp
-
memory/1096-190-0x0000000000000000-mapping.dmp
-
memory/1096-229-0x0000000000000000-mapping.dmp
-
memory/1108-85-0x0000000000000000-mapping.dmp
-
memory/1124-204-0x0000000000000000-mapping.dmp
-
memory/1124-217-0x0000000000000000-mapping.dmp
-
memory/1196-213-0x0000000000000000-mapping.dmp
-
memory/1196-192-0x0000000000000000-mapping.dmp
-
memory/1252-232-0x0000000000000000-mapping.dmp
-
memory/1252-233-0x0000000001190000-0x0000000001198000-memory.dmpFilesize
32KB
-
memory/1280-154-0x0000000000000000-mapping.dmp
-
memory/1280-172-0x0000000010000000-0x0000000010010000-memory.dmpFilesize
64KB
-
memory/1328-68-0x0000000000000000-mapping.dmp
-
memory/1340-98-0x0000000000000000-mapping.dmp
-
memory/1448-169-0x0000000000000000-mapping.dmp
-
memory/1464-218-0x0000000000000000-mapping.dmp
-
memory/1492-118-0x0000000000030000-0x0000000000038000-memory.dmpFilesize
32KB
-
memory/1492-116-0x0000000000000000-mapping.dmp
-
memory/1496-234-0x0000000000000000-mapping.dmp
-
memory/1564-82-0x00000000749A0000-0x0000000074CB2000-memory.dmpFilesize
3.1MB
-
memory/1564-76-0x0000000000000000-mapping.dmp
-
memory/1568-201-0x0000000000000000-mapping.dmp
-
memory/1608-228-0x0000000000000000-mapping.dmp
-
memory/1632-122-0x0000000000000000-mapping.dmp
-
memory/1640-74-0x00000000763E1000-0x00000000763E3000-memory.dmpFilesize
8KB
-
memory/1640-72-0x0000000000000000-mapping.dmp
-
memory/1644-222-0x0000000000000000-mapping.dmp
-
memory/1660-240-0x0000000000000000-mapping.dmp
-
memory/1660-224-0x0000000000250000-0x0000000000262000-memory.dmpFilesize
72KB
-
memory/1660-102-0x0000000000000000-mapping.dmp
-
memory/1660-223-0x0000000000000000-mapping.dmp
-
memory/1660-104-0x0000000000C20000-0x0000000000C28000-memory.dmpFilesize
32KB
-
memory/1684-186-0x0000000000000000-mapping.dmp
-
memory/1704-81-0x0000000000000000-mapping.dmp
-
memory/1732-111-0x0000000000000000-mapping.dmp
-
memory/1740-203-0x0000000000000000-mapping.dmp
-
memory/1756-189-0x0000000000000000-mapping.dmp
-
memory/1784-239-0x0000000000000000-mapping.dmp
-
memory/1808-146-0x0000000000400000-0x000000000046F000-memory.dmpFilesize
444KB
-
memory/1808-139-0x0000000000000000-mapping.dmp
-
memory/1808-142-0x0000000000400000-0x000000000046F000-memory.dmpFilesize
444KB
-
memory/1812-127-0x0000000000000000-mapping.dmp
-
memory/1812-129-0x0000000000CF0000-0x0000000000CF8000-memory.dmpFilesize
32KB
-
memory/1816-147-0x0000000000000000-mapping.dmp
-
memory/1864-170-0x0000000000000000-mapping.dmp
-
memory/1872-219-0x0000000000000000-mapping.dmp
-
memory/1876-60-0x0000000001110000-0x0000000001118000-memory.dmpFilesize
32KB
-
memory/1876-67-0x000000001AB80000-0x000000001AB8A000-memory.dmpFilesize
40KB
-
memory/1876-101-0x0000000000C50000-0x0000000000C5E000-memory.dmpFilesize
56KB
-
memory/1876-57-0x0000000000000000-mapping.dmp
-
memory/1904-96-0x00000000001A0000-0x00000000001A8000-memory.dmpFilesize
32KB
-
memory/1904-94-0x0000000000000000-mapping.dmp
-
memory/1904-97-0x0000000000250000-0x0000000000262000-memory.dmpFilesize
72KB
-
memory/1912-115-0x0000000000240000-0x0000000000252000-memory.dmpFilesize
72KB
-
memory/1912-113-0x0000000000000000-mapping.dmp
-
memory/1960-215-0x0000000000000000-mapping.dmp
-
memory/1960-90-0x0000000000480000-0x0000000000490000-memory.dmpFilesize
64KB
-
memory/2004-107-0x00000000012A0000-0x00000000012A8000-memory.dmpFilesize
32KB
-
memory/2004-105-0x0000000000000000-mapping.dmp
-
memory/2004-236-0x0000000000000000-mapping.dmp
-
memory/2004-245-0x0000000000000000-mapping.dmp
-
memory/2016-231-0x0000000000000000-mapping.dmp
-
memory/2020-93-0x00000000000C0000-0x00000000000C8000-memory.dmpFilesize
32KB
-
memory/2020-91-0x0000000000000000-mapping.dmp
-
memory/2024-149-0x0000000000000000-mapping.dmp
-
memory/2032-124-0x0000000000000000-mapping.dmp
-
memory/2032-126-0x0000000000340000-0x0000000000348000-memory.dmpFilesize
32KB
-
memory/2040-61-0x0000000000000000-mapping.dmp
