Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

tglegeyisx.msi

windows7-x64

10

tglegeyisx.msi

windows10-1703-x64

10

tglegeyisx.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2023, 13:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tglegeyisx.msi

  • Size

    68.5MB

  • MD5

    7fcdf7fefd44f5ff6b2fb8f7321126ee

  • SHA1

    7006e152de007233ffec79d36ca5d28f97bd782f

  • SHA256

    fa25b21a26a3948029b35d40220086eae0ad051868ec3eaed126cf83dd94c295

  • SHA512

    551feb0ff933d1281ce084a39d8eb99fda3b354f9bfe2a349a314fba4699d11f187d49743c9d75ea6d3191312d54cd00684fd16948b6120b12f511baff337a7b

  • SSDEEP

    1572864:6fOXkTzXMNT5ifOwnIZvUtLm7sJYQFjZUF:W5zcifO7WtLmYY2jZUF

Score
10/10
blackmoongh0stratbankerevasionrattrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Gh0st RAT payload 4 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 32 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 14 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\tglegeyisx.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2248
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 99D08103CE56AD29A700F83227519F96 C
      2⤵
      • Loads dropped DLL
      PID:2812
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A7AD81D974DCF133DEA4F0F418F3DBB2
      2⤵
      • UAC bypass
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Users\Default\Desktop\TSONENEW\BBC.exe
        C:\Users\Default\Desktop\TSONENEW\BBC.exe x C:\Users\Default\Desktop\TSONENEW\BOTorNE.DEF -oC:\Users\Admin\AppData\Roaming\ -peb30xcwbbk0d96fA8Y -aos
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2192
      • C:\Users\Default\Desktop\TSONENEW\BBC.exe
        C:\Users\Default\Desktop\TSONENEW\BBC.exe x C:\Users\Default\Desktop\TSONENEW\Microsoft.bob -oC:\Users\Default\Desktop\TSONENEW\ -pHLVrCbrxMCkQhy -aos
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1688
      • C:\Users\Default\Desktop\TSONENEW\BBC.exe
        C:\Users\Default\Desktop\TSONENEW\BBC.exe x C:\Users\Default\Desktop\TSONENEW\Gortable.org -oC:\Users\Admin\AppData\Roaming\ -ppxUj6FXrxGgmZ3i4 -aos
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1076
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
      PID:2820
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005B4" "00000000000005C4"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:2636
    • C:\Users\Default\Desktop\TSONENEW\yybob\Bor32-update-flase.exe
      "C:\Users\Default\Desktop\TSONENEW\yybob\Bor32-update-flase.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\Haloonoroff.exe
        C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\Haloonoroff.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2940
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /im ipaip2.exe
          3⤵
          • Kills process with taskkill
          PID:2188

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\f76fa77.rbs
      Filesize

      27KB

      MD5

      a3bcaa39e886c53e1ac79055cfd3db92

      SHA1

      f8955f993de124676abcf7747f399101d40bdb18

      SHA256

      1f35ce5109e60e4831bd09e87028ee91cf472617c3a20197132889dcfcaa79c1

      SHA512

      6649f8b6ae16afbd4bbb73cddb0ccee393b6e9ec29ea6ec2c5fa441fe5572236609e499a33878de106e5185def2041a9693879fc9c0fc9d0232c94dfad39b7f1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI210D.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI217B.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI4FC5.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI51B9.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI51E9.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI51E9.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI5219.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI52A6.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Users\Admin\AppData\Roaming\TGortable\Telegram Desktop\tdata\C4F817BC29093C61s
      Filesize

      441KB

      MD5

      f77744dd6729bde902e3c7b553bbb0f2

      SHA1

      9b0b4d1551ed6437f9b12d908dc193a513ca38f5

      SHA256

      7a39b056e0b989f8b97a2091f6ef2a16511d03ce8fbea69110575bf5a974d0d4

      SHA512

      8116dbe37b6e9e9fd0ee2c2b41704d405791890ceec4bc6551b10fc9680603512c64068fc6fc2b86a8e662212a19ed4ad379dcda4bf8cbe6f299c3824df9aad1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\TGortable\Telegram Desktop\tdata\settingss
      Filesize

      1KB

      MD5

      6f39fec70902da4f2729bd8b1b78fef0

      SHA1

      71a7c42e3b9f0dcb26a9af22cdeae9d01f75b4b5

      SHA256

      0e3bb22acc02f3973cbd85235903adcb3bb9f4884b5067d0e17b7661751166a7

      SHA512

      bac065a67392696f71e1decf624fd162853e4e480438754ab87b83f6ba50f9f6fc67ca996a5c43840389127eda0ed04d81e5bf0dedee1625b8d86962f2a5f298

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\C4F817BC29093C61s
      Filesize

      441KB

      MD5

      f77744dd6729bde902e3c7b553bbb0f2

      SHA1

      9b0b4d1551ed6437f9b12d908dc193a513ca38f5

      SHA256

      7a39b056e0b989f8b97a2091f6ef2a16511d03ce8fbea69110575bf5a974d0d4

      SHA512

      8116dbe37b6e9e9fd0ee2c2b41704d405791890ceec4bc6551b10fc9680603512c64068fc6fc2b86a8e662212a19ed4ad379dcda4bf8cbe6f299c3824df9aad1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\Haloonoroff.exe
      Filesize

      665KB

      MD5

      ff1799df96e1250fa7c27e4e533a0885

      SHA1

      ac3f2e816535b463f35efae79018f65991d8834c

      SHA256

      7cfd01d80cac85f2853afff5af5319b8eef677dd754917a2961861e48b88f366

      SHA512

      1202e1d521a7e977f54df84aaffb44ec5d253161421fb329c6c6f4051a667fb4618b611bd9e025e3052fe765c4d803d30c474491c8a2d393cd233f7b8655f346

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\Haloonoroff.exe
      Filesize

      665KB

      MD5

      ff1799df96e1250fa7c27e4e533a0885

      SHA1

      ac3f2e816535b463f35efae79018f65991d8834c

      SHA256

      7cfd01d80cac85f2853afff5af5319b8eef677dd754917a2961861e48b88f366

      SHA512

      1202e1d521a7e977f54df84aaffb44ec5d253161421fb329c6c6f4051a667fb4618b611bd9e025e3052fe765c4d803d30c474491c8a2d393cd233f7b8655f346

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\TDPCONTROL.DLL
      Filesize

      80KB

      MD5

      44f2af2de04ef3d6c87fc1729885040b

      SHA1

      e7caf5d8c3720cb7bec48879e5efba10ab1deb06

      SHA256

      413b3e6e3594be89ec548f87e1f45b5dff3b6d08d44488c87cf997462c28f20d

      SHA512

      95ebcaba6ceeee5230180daa1e6956fdaef039337d71de6a6d1f422ff2917e8b501db071f609a3731bd869e15dc225a2506db61cccc8b7ef0ac40c1a82ca9d54

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\TDPINFO.DLL
      Filesize

      372KB

      MD5

      37ef7a107e922bb681febe04761350b7

      SHA1

      583da754cadc721ddc78cdb5bc917b834e0d4b43

      SHA256

      19a3e88e9daa3e661f6fb347ea94a46989d5c2fa66b8f80d1b6ff981b4fc07f4

      SHA512

      082ce9f396947b8f4b11000d4bcccf0252736ce2334c29c72aa6095b05fc05978e1beabb925786946788de181f45aa3282d8f3eac5e524f1976c3178b3990ce7

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\TDPSTAT.DLL
      Filesize

      379KB

      MD5

      b8253f0dd523bc1e2480f11a9702411d

      SHA1

      61a4c65eb5d4176b00a1ff73621521c1e60d28ea

      SHA256

      01cee5c4a2e80cb3fdad50e2009f51ca18c787bf486ce31321899cccedc72e0c

      SHA512

      4c578003e31f08e403f4290970bc900d9f42caa57c5b4c0aca035d92edc9921bf4034fc216c9860da69054b05f98dade5f6e218ac4bee991bc37a3ef572fe9a0

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\UPSDK.DLL
      Filesize

      1.1MB

      MD5

      4b57f53faaacc8052d76628c061e9d58

      SHA1

      893fa64f39983d0ad5fa925c19e423ab1c68e555

      SHA256

      f9f13914c19413f6f02aaf01caff71fe8305ca2a1c2635f0215f8faca6452e5d

      SHA512

      a04a3cedd990c70757e5ab5aa272989c6d38d0c241588e32c45fa9429bd2d7038f20b85829d1739a75163217290524bac448d5aeb7b704f53b17a96d9590bb0a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\cefvidf.dll
      Filesize

      739KB

      MD5

      f722bb0a434c81cca36b92964c120398

      SHA1

      d70386d9c0ab1429c4cd053a688e628478c8d2b2

      SHA256

      445c80ddec361aa1020fecf863de5585f5ee1f640fac74d8a3613e683955388f

      SHA512

      8504db6e4f74f1039995f2b67a5ea5d919f14729d1d4dc25df2b19e46e22cd8558c89cd28f816b64d2ac05887da13a280ab80b763e000f26afa1f37d75fc4632

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\libcurl.dll
      Filesize

      326KB

      MD5

      ec9483f4b8c3910b09caab0f6cb7cd1b

      SHA1

      9931aaa8e626df273ee42f98e2fc91c2078fdc07

      SHA256

      4d9cae6e2e52270150542084af949d7b68300e378868165ff601378a38f7048f

      SHA512

      84b60fe3cd0ede19933b37ae0eaeba1f87174a21bc8086857e57c8729cec88f9fef4b50a2b870f55c858dd43b070fd22ffec5cb6f4fd5b950d6451b05eb65565

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\plugins\Microsoft.VC80.ATL.manifest
      Filesize

      376B

      MD5

      0bc6649277383985213ae31dbf1f031c

      SHA1

      7095f33dd568291d75284f1f8e48c45c14974588

      SHA256

      c06fa0f404df8b4bb365d864e613a151d0f86deef03e86019a068ed89fd05158

      SHA512

      6cb2008b46efef5af8dd2b2efcf203917a6738354a9a925b9593406192e635c84c6d0bea5d68bde324c421d2eba79b891538f6f2f2514846b9db70c312421d06

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\plugins\Microsoft.VC80.CRT.manifest
      Filesize

      314B

      MD5

      710c54c37d7ec902a5d3cdd5a4cf6ab5

      SHA1

      9e291d80a8707c81e644354a1e378aeca295d4c7

      SHA256

      ef893cb48c0ebe25465fbc05c055a42554452139b4ec78e25ec43237d0b53f80

      SHA512

      4d2ec03ff54a3bf129fb762fc64a910d0e104cd826acd4ab84ed191e6cc6a0fec3627e494c44d91b09feba5539ad7725f18158755d6b0016a50de9d29891c7e5

      Download Submit

    • C:\Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\plugins\version
      Filesize

      4B

      MD5

      f1d3ff8443297732862df21dc4e57262

      SHA1

      9069ca78e7450a285173431b3e52c5c25299e473

      SHA256

      df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

      SHA512

      ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\7z.dll
      Filesize

      1.3MB

      MD5

      292575b19c7e7db6f1dbc8e4d6fdfedb

      SHA1

      7dbcd6d0483adb804ade8b2d23748a3e69197a5b

      SHA256

      9036b502b65379d0fe2c3204d6954e2bb322427edeefab85ecf8e98019cbc590

      SHA512

      d4af90688d412bd497b8885e154ee428af66119d62faf73d90adffc3eef086cf3a25b0380ec6fdc8a3d2f7c7048050ef57fcea33229a615c5dcda8b7022fa237

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\BBC.exe
      Filesize

      694KB

      MD5

      fae7d0a530279838c8a5731b086a081b

      SHA1

      6ee61ea6e44bc43a9ed78b0d92f0dbe2c91fc48b

      SHA256

      eea393bc31ae7a7da3dba99a60d8c3ffccbc5b9063cc2a70111de5a6c7113439

      SHA512

      e75c8592137edd3b74b6d8388a446d5d2739559b707c9f3db0c78e5c30312f9fccd9bbb727b7334114e8edcbb2418bdc3b4c00a3a634af339c9d4156c47314b4

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\BBC.exe
      Filesize

      694KB

      MD5

      fae7d0a530279838c8a5731b086a081b

      SHA1

      6ee61ea6e44bc43a9ed78b0d92f0dbe2c91fc48b

      SHA256

      eea393bc31ae7a7da3dba99a60d8c3ffccbc5b9063cc2a70111de5a6c7113439

      SHA512

      e75c8592137edd3b74b6d8388a446d5d2739559b707c9f3db0c78e5c30312f9fccd9bbb727b7334114e8edcbb2418bdc3b4c00a3a634af339c9d4156c47314b4

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\BBC.exe
      Filesize

      694KB

      MD5

      fae7d0a530279838c8a5731b086a081b

      SHA1

      6ee61ea6e44bc43a9ed78b0d92f0dbe2c91fc48b

      SHA256

      eea393bc31ae7a7da3dba99a60d8c3ffccbc5b9063cc2a70111de5a6c7113439

      SHA512

      e75c8592137edd3b74b6d8388a446d5d2739559b707c9f3db0c78e5c30312f9fccd9bbb727b7334114e8edcbb2418bdc3b4c00a3a634af339c9d4156c47314b4

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\BBC.exe
      Filesize

      694KB

      MD5

      fae7d0a530279838c8a5731b086a081b

      SHA1

      6ee61ea6e44bc43a9ed78b0d92f0dbe2c91fc48b

      SHA256

      eea393bc31ae7a7da3dba99a60d8c3ffccbc5b9063cc2a70111de5a6c7113439

      SHA512

      e75c8592137edd3b74b6d8388a446d5d2739559b707c9f3db0c78e5c30312f9fccd9bbb727b7334114e8edcbb2418bdc3b4c00a3a634af339c9d4156c47314b4

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\BOTorNE.DEF
      Filesize

      11.5MB

      MD5

      ce4e2d74282332301aa67ee8eb334853

      SHA1

      b1efc86024dd0fafb13703884a0acb6a877016bd

      SHA256

      c34895fc3294cafc082bd87c66976bbca6136416cf4f245b109f0f2e5c013470

      SHA512

      b8e513d7d507091bf06696cc355d84dc9b06e623b0b89761b99c4d41ebe69243dd5358dbd46c0e83b7a67c40da33878519aad9a6afdad8f391fa4d13659e35d6

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\Gortable.org
      Filesize

      54.3MB

      MD5

      0881fd61d22f312728e124a3ed216517

      SHA1

      c86d5ee9c23c4f7c6ecf46194ace966d7ff8409a

      SHA256

      4038916c43575a5896de8b2b337deb8356b8af349229ab5edc0d1b9f548a085d

      SHA512

      ea4eb9cab462fb203c5116e9cffba0b29203c7058a860a56431c9ff79fdf2c653c7c2451234ec5b4badef5bd465ca9ba4c7d0de6a7867a430ebdf4cc5147cc0d

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\Microsoft.bob
      Filesize

      645KB

      MD5

      d8aa69f7522dede0773e6a597c0f4a42

      SHA1

      a90dbd389a0a2a2cbbeb57a74b5a69dd5777da0c

      SHA256

      075fb4bc200f11c0649981427f10a79b989f267b46d6f7d870b1b80f39eceaae

      SHA512

      93ceb0bcf137ecdee146584b79c3a1cf88f60518c387feec627a5a6a54364058ddcd9df5ec909054e351479c430ea2a9da4c2d523ad9cff212935f50b8cbead8

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\TS1.dll
      Filesize

      60KB

      MD5

      e57d15a776c3fc21e77080ee6ca6cf29

      SHA1

      86c2395030dc162199fc41ef0309a2a3fba7f90d

      SHA256

      f9c8fce28cc391d7bbb74e44d7cb56e1773957c629aa200236cc79c6a4d9979f

      SHA512

      231189cecabda321a24346d960ca0a0d86c1d806f1402c95717bee6111f513a908c61891fe4d19a2ca01cb94a9b9e6f6465cfca90e201cd310081ce20a37a588

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\yybob\Bor32-update-flase.exe
      Filesize

      314KB

      MD5

      dfee4c679663ffb566a7150bbc1768c7

      SHA1

      8f8144d26b141d097df742e4ef4d5c85bba685a3

      SHA256

      f0a82dba182ef5d8fe32bd358473cc7e9ec0d07e0f4a33f50c49d7cccbb5bc7a

      SHA512

      23ff4b55e4d01d7712a3313f9aecd69331cb4fb5fce8b2d8610332a1e7b3ced19bdab64ef37ab2d335179844e176e6bd5a2f5c6562c61451c02b37cb2e58da52

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\yybob\Bor32-update-flase.exe
      Filesize

      314KB

      MD5

      dfee4c679663ffb566a7150bbc1768c7

      SHA1

      8f8144d26b141d097df742e4ef4d5c85bba685a3

      SHA256

      f0a82dba182ef5d8fe32bd358473cc7e9ec0d07e0f4a33f50c49d7cccbb5bc7a

      SHA512

      23ff4b55e4d01d7712a3313f9aecd69331cb4fb5fce8b2d8610332a1e7b3ced19bdab64ef37ab2d335179844e176e6bd5a2f5c6562c61451c02b37cb2e58da52

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\yybob\Plugins\qvlnk.dll
      Filesize

      100KB

      MD5

      7610e165204975eaa5936c3cd4cd8b74

      SHA1

      993d0908f949a107cef9ae26b304e9b4630a832a

      SHA256

      540927469495c41abcb9af2ff5428e3c70f494ac4ee89e52495eca48f4fa983e

      SHA512

      7b33f6c3322b7d08b308911b8f48ea60a695248686e2e0cc4e7502292ad6bc154e9b327ebd919bc6f1db385900e353268b71140d03daa369acc84adcf4074fec

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\yybob\VNLInit_64.dll
      Filesize

      719KB

      MD5

      14625d5e3d85cecfb00957c217cec278

      SHA1

      4a20d08128c72757570331f25ff2d7f8fc37cbae

      SHA256

      99788859c123dbd52d34505cbcb7fea0f768548dc9eceeb7348f7c50817eaf80

      SHA512

      99422110d4466a836ead89f574ecd4c78b2a7d0ab40a6686db4fcb18769040aa0a6ab9c0d7fb9b90e1a2706be4d0105559f7441fe333f3cae2a4d006c64d2f55

      Download Submit

    • C:\Users\Default\Desktop\TSONENEW\yybob\hrtfsdherheey
      Filesize

      164KB

      MD5

      133a8f337a6c71ba03cbba551f98a509

      SHA1

      4bf12a755f68c03489d4b930b546c71f5d42b6a6

      SHA256

      70d6181f80e15c638fa2ad641834e705880e86f310296d864d5a05c02cb03f6f

      SHA512

      2cf61c208c97b47306ef0b7cf6a8a6efef981637866098c9c120458b6a279eed5a74fce919d23bea64f17b846656b8fdfc0cd79993078d75523670dbecff0325

      Download Submit

    • C:\Windows\Installer\MSI4C5.tmp
      Filesize

      16KB

      MD5

      57554e63856f91cc3b19c1781a62bd49

      SHA1

      4bf74f032d68eded08537f241f4ef6dec5fdbf69

      SHA256

      96eb9e482ae504f18ec06c2dadccb12b17237f47ccd7d43ca3b8903973cf0bdb

      SHA512

      7fc5b37e5c0da16494251b1e6c633d79b0f1d7c64b402d2dfa59d5325bb2eeaa11d8a35ad6d1fd60a5462268f4a53616223d1a539dff6073a4e01e96dfc3df68

      Download Submit

    • C:\Windows\Installer\MSIFB9E.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • C:\Windows\Installer\f76fa75.msi
      Filesize

      68.5MB

      MD5

      7fcdf7fefd44f5ff6b2fb8f7321126ee

      SHA1

      7006e152de007233ffec79d36ca5d28f97bd782f

      SHA256

      fa25b21a26a3948029b35d40220086eae0ad051868ec3eaed126cf83dd94c295

      SHA512

      551feb0ff933d1281ce084a39d8eb99fda3b354f9bfe2a349a314fba4699d11f187d49743c9d75ea6d3191312d54cd00684fd16948b6120b12f511baff337a7b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI210D.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI217B.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI4FC5.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI51B9.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI51E9.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI5219.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI52A6.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • \Users\Admin\AppData\Roaming\TGortable\Telegram.exe
      Filesize

      126.7MB

      MD5

      b207b753976baf91f4a1cfb6a195fd9d

      SHA1

      4c7a1cf450d6a96f6f9321a6407cd2d6dd50abb9

      SHA256

      96fbe1f018b68dc7be9b901eace3e9de00f8b6939af49153b8ebd88d868404d8

      SHA512

      5e8d9b3a4b78dbf495f14f0136cd891ee4f2fa6bcb4a051b73ba0f1acced17ac1abfceb94748cd10ba759c467be09b107ce1493679791715d05b65e13c5241f1

      Download Submit

    • \Users\Admin\AppData\Roaming\TGortable\Telegram.exe
      Filesize

      126.7MB

      MD5

      b207b753976baf91f4a1cfb6a195fd9d

      SHA1

      4c7a1cf450d6a96f6f9321a6407cd2d6dd50abb9

      SHA256

      96fbe1f018b68dc7be9b901eace3e9de00f8b6939af49153b8ebd88d868404d8

      SHA512

      5e8d9b3a4b78dbf495f14f0136cd891ee4f2fa6bcb4a051b73ba0f1acced17ac1abfceb94748cd10ba759c467be09b107ce1493679791715d05b65e13c5241f1

      Download Submit

    • \Users\Admin\AppData\Roaming\TGortable\Telegram.exe
      Filesize

      126.7MB

      MD5

      b207b753976baf91f4a1cfb6a195fd9d

      SHA1

      4c7a1cf450d6a96f6f9321a6407cd2d6dd50abb9

      SHA256

      96fbe1f018b68dc7be9b901eace3e9de00f8b6939af49153b8ebd88d868404d8

      SHA512

      5e8d9b3a4b78dbf495f14f0136cd891ee4f2fa6bcb4a051b73ba0f1acced17ac1abfceb94748cd10ba759c467be09b107ce1493679791715d05b65e13c5241f1

      Download Submit

    • \Users\Admin\AppData\Roaming\TGortable\Telegram.exe
      Filesize

      126.7MB

      MD5

      b207b753976baf91f4a1cfb6a195fd9d

      SHA1

      4c7a1cf450d6a96f6f9321a6407cd2d6dd50abb9

      SHA256

      96fbe1f018b68dc7be9b901eace3e9de00f8b6939af49153b8ebd88d868404d8

      SHA512

      5e8d9b3a4b78dbf495f14f0136cd891ee4f2fa6bcb4a051b73ba0f1acced17ac1abfceb94748cd10ba759c467be09b107ce1493679791715d05b65e13c5241f1

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\Haloonoroff.exe
      Filesize

      665KB

      MD5

      ff1799df96e1250fa7c27e4e533a0885

      SHA1

      ac3f2e816535b463f35efae79018f65991d8834c

      SHA256

      7cfd01d80cac85f2853afff5af5319b8eef677dd754917a2961861e48b88f366

      SHA512

      1202e1d521a7e977f54df84aaffb44ec5d253161421fb329c6c6f4051a667fb4618b611bd9e025e3052fe765c4d803d30c474491c8a2d393cd233f7b8655f346

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\Haloonoroff.exe
      Filesize

      665KB

      MD5

      ff1799df96e1250fa7c27e4e533a0885

      SHA1

      ac3f2e816535b463f35efae79018f65991d8834c

      SHA256

      7cfd01d80cac85f2853afff5af5319b8eef677dd754917a2961861e48b88f366

      SHA512

      1202e1d521a7e977f54df84aaffb44ec5d253161421fb329c6c6f4051a667fb4618b611bd9e025e3052fe765c4d803d30c474491c8a2d393cd233f7b8655f346

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\Haloonoroff.exe
      Filesize

      665KB

      MD5

      ff1799df96e1250fa7c27e4e533a0885

      SHA1

      ac3f2e816535b463f35efae79018f65991d8834c

      SHA256

      7cfd01d80cac85f2853afff5af5319b8eef677dd754917a2961861e48b88f366

      SHA512

      1202e1d521a7e977f54df84aaffb44ec5d253161421fb329c6c6f4051a667fb4618b611bd9e025e3052fe765c4d803d30c474491c8a2d393cd233f7b8655f346

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\TDPCONTROL.dll
      Filesize

      80KB

      MD5

      44f2af2de04ef3d6c87fc1729885040b

      SHA1

      e7caf5d8c3720cb7bec48879e5efba10ab1deb06

      SHA256

      413b3e6e3594be89ec548f87e1f45b5dff3b6d08d44488c87cf997462c28f20d

      SHA512

      95ebcaba6ceeee5230180daa1e6956fdaef039337d71de6a6d1f422ff2917e8b501db071f609a3731bd869e15dc225a2506db61cccc8b7ef0ac40c1a82ca9d54

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\TDPINFO.dll
      Filesize

      372KB

      MD5

      37ef7a107e922bb681febe04761350b7

      SHA1

      583da754cadc721ddc78cdb5bc917b834e0d4b43

      SHA256

      19a3e88e9daa3e661f6fb347ea94a46989d5c2fa66b8f80d1b6ff981b4fc07f4

      SHA512

      082ce9f396947b8f4b11000d4bcccf0252736ce2334c29c72aa6095b05fc05978e1beabb925786946788de181f45aa3282d8f3eac5e524f1976c3178b3990ce7

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\TDPSTAT.dll
      Filesize

      379KB

      MD5

      b8253f0dd523bc1e2480f11a9702411d

      SHA1

      61a4c65eb5d4176b00a1ff73621521c1e60d28ea

      SHA256

      01cee5c4a2e80cb3fdad50e2009f51ca18c787bf486ce31321899cccedc72e0c

      SHA512

      4c578003e31f08e403f4290970bc900d9f42caa57c5b4c0aca035d92edc9921bf4034fc216c9860da69054b05f98dade5f6e218ac4bee991bc37a3ef572fe9a0

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\UPSDK.dll
      Filesize

      1.1MB

      MD5

      4b57f53faaacc8052d76628c061e9d58

      SHA1

      893fa64f39983d0ad5fa925c19e423ab1c68e555

      SHA256

      f9f13914c19413f6f02aaf01caff71fe8305ca2a1c2635f0215f8faca6452e5d

      SHA512

      a04a3cedd990c70757e5ab5aa272989c6d38d0c241588e32c45fa9429bd2d7038f20b85829d1739a75163217290524bac448d5aeb7b704f53b17a96d9590bb0a

      Download Submit

    • \Users\Admin\AppData\Roaming\WPerceptionsimulation\AMPPL\ALGinfo\ARMonitorControl\libcurl.dll
      Filesize

      326KB

      MD5

      ec9483f4b8c3910b09caab0f6cb7cd1b

      SHA1

      9931aaa8e626df273ee42f98e2fc91c2078fdc07

      SHA256

      4d9cae6e2e52270150542084af949d7b68300e378868165ff601378a38f7048f

      SHA512

      84b60fe3cd0ede19933b37ae0eaeba1f87174a21bc8086857e57c8729cec88f9fef4b50a2b870f55c858dd43b070fd22ffec5cb6f4fd5b950d6451b05eb65565

      Download Submit

    • \Users\Default\Desktop\TSONENEW\7z.dll
      Filesize

      1.3MB

      MD5

      292575b19c7e7db6f1dbc8e4d6fdfedb

      SHA1

      7dbcd6d0483adb804ade8b2d23748a3e69197a5b

      SHA256

      9036b502b65379d0fe2c3204d6954e2bb322427edeefab85ecf8e98019cbc590

      SHA512

      d4af90688d412bd497b8885e154ee428af66119d62faf73d90adffc3eef086cf3a25b0380ec6fdc8a3d2f7c7048050ef57fcea33229a615c5dcda8b7022fa237

      Download Submit

    • \Users\Default\Desktop\TSONENEW\7z.dll
      Filesize

      1.3MB

      MD5

      292575b19c7e7db6f1dbc8e4d6fdfedb

      SHA1

      7dbcd6d0483adb804ade8b2d23748a3e69197a5b

      SHA256

      9036b502b65379d0fe2c3204d6954e2bb322427edeefab85ecf8e98019cbc590

      SHA512

      d4af90688d412bd497b8885e154ee428af66119d62faf73d90adffc3eef086cf3a25b0380ec6fdc8a3d2f7c7048050ef57fcea33229a615c5dcda8b7022fa237

      Download Submit

    • \Users\Default\Desktop\TSONENEW\7z.dll
      Filesize

      1.3MB

      MD5

      292575b19c7e7db6f1dbc8e4d6fdfedb

      SHA1

      7dbcd6d0483adb804ade8b2d23748a3e69197a5b

      SHA256

      9036b502b65379d0fe2c3204d6954e2bb322427edeefab85ecf8e98019cbc590

      SHA512

      d4af90688d412bd497b8885e154ee428af66119d62faf73d90adffc3eef086cf3a25b0380ec6fdc8a3d2f7c7048050ef57fcea33229a615c5dcda8b7022fa237

      Download Submit

    • \Users\Default\Desktop\TSONENEW\BBC.exe
      Filesize

      694KB

      MD5

      fae7d0a530279838c8a5731b086a081b

      SHA1

      6ee61ea6e44bc43a9ed78b0d92f0dbe2c91fc48b

      SHA256

      eea393bc31ae7a7da3dba99a60d8c3ffccbc5b9063cc2a70111de5a6c7113439

      SHA512

      e75c8592137edd3b74b6d8388a446d5d2739559b707c9f3db0c78e5c30312f9fccd9bbb727b7334114e8edcbb2418bdc3b4c00a3a634af339c9d4156c47314b4

      Download Submit

    • \Users\Default\Desktop\TSONENEW\TS1.dll
      Filesize

      60KB

      MD5

      e57d15a776c3fc21e77080ee6ca6cf29

      SHA1

      86c2395030dc162199fc41ef0309a2a3fba7f90d

      SHA256

      f9c8fce28cc391d7bbb74e44d7cb56e1773957c629aa200236cc79c6a4d9979f

      SHA512

      231189cecabda321a24346d960ca0a0d86c1d806f1402c95717bee6111f513a908c61891fe4d19a2ca01cb94a9b9e6f6465cfca90e201cd310081ce20a37a588

      Download Submit

    • \Users\Default\Desktop\TSONENEW\yybob\Bor32-update-flase.exe
      Filesize

      314KB

      MD5

      dfee4c679663ffb566a7150bbc1768c7

      SHA1

      8f8144d26b141d097df742e4ef4d5c85bba685a3

      SHA256

      f0a82dba182ef5d8fe32bd358473cc7e9ec0d07e0f4a33f50c49d7cccbb5bc7a

      SHA512

      23ff4b55e4d01d7712a3313f9aecd69331cb4fb5fce8b2d8610332a1e7b3ced19bdab64ef37ab2d335179844e176e6bd5a2f5c6562c61451c02b37cb2e58da52

      Download Submit

    • \Users\Default\Desktop\TSONENEW\yybob\Bor32-update-flase.exe
      Filesize

      314KB

      MD5

      dfee4c679663ffb566a7150bbc1768c7

      SHA1

      8f8144d26b141d097df742e4ef4d5c85bba685a3

      SHA256

      f0a82dba182ef5d8fe32bd358473cc7e9ec0d07e0f4a33f50c49d7cccbb5bc7a

      SHA512

      23ff4b55e4d01d7712a3313f9aecd69331cb4fb5fce8b2d8610332a1e7b3ced19bdab64ef37ab2d335179844e176e6bd5a2f5c6562c61451c02b37cb2e58da52

      Download Submit

    • \Users\Default\Desktop\TSONENEW\yybob\Bor32-update-flase.exe
      Filesize

      314KB

      MD5

      dfee4c679663ffb566a7150bbc1768c7

      SHA1

      8f8144d26b141d097df742e4ef4d5c85bba685a3

      SHA256

      f0a82dba182ef5d8fe32bd358473cc7e9ec0d07e0f4a33f50c49d7cccbb5bc7a

      SHA512

      23ff4b55e4d01d7712a3313f9aecd69331cb4fb5fce8b2d8610332a1e7b3ced19bdab64ef37ab2d335179844e176e6bd5a2f5c6562c61451c02b37cb2e58da52

      Download Submit

    • \Users\Default\Desktop\TSONENEW\yybob\VNLInit_64.dll
      Filesize

      719KB

      MD5

      14625d5e3d85cecfb00957c217cec278

      SHA1

      4a20d08128c72757570331f25ff2d7f8fc37cbae

      SHA256

      99788859c123dbd52d34505cbcb7fea0f768548dc9eceeb7348f7c50817eaf80

      SHA512

      99422110d4466a836ead89f574ecd4c78b2a7d0ab40a6686db4fcb18769040aa0a6ab9c0d7fb9b90e1a2706be4d0105559f7441fe333f3cae2a4d006c64d2f55

      Download Submit

    • \Users\Default\Desktop\TSONENEW\yybob\plugins\qvlnk.dll
      Filesize

      100KB

      MD5

      7610e165204975eaa5936c3cd4cd8b74

      SHA1

      993d0908f949a107cef9ae26b304e9b4630a832a

      SHA256

      540927469495c41abcb9af2ff5428e3c70f494ac4ee89e52495eca48f4fa983e

      SHA512

      7b33f6c3322b7d08b308911b8f48ea60a695248686e2e0cc4e7502292ad6bc154e9b327ebd919bc6f1db385900e353268b71140d03daa369acc84adcf4074fec

      Download Submit

    • \Windows\Installer\MSI4C5.tmp
      Filesize

      16KB

      MD5

      57554e63856f91cc3b19c1781a62bd49

      SHA1

      4bf74f032d68eded08537f241f4ef6dec5fdbf69

      SHA256

      96eb9e482ae504f18ec06c2dadccb12b17237f47ccd7d43ca3b8903973cf0bdb

      SHA512

      7fc5b37e5c0da16494251b1e6c633d79b0f1d7c64b402d2dfa59d5325bb2eeaa11d8a35ad6d1fd60a5462268f4a53616223d1a539dff6073a4e01e96dfc3df68

      Download Submit

    • \Windows\Installer\MSIFB9E.tmp
      Filesize

      260KB

      MD5

      f0e3167159d38491b01a23bae32647ca

      SHA1

      6c385f0ceaaa591b40497ee522316a7987846ed1

      SHA256

      15fb0bda4e4644d5769b90108c87a469cc75f74113d03240236f272396aa49fb

      SHA512

      dce7ebec5f1a101805467536972f08505f7ebf0e01a276af1228ed6b2a0e424f17faf402fd3c0ae5e93cda95b8c78f1d5fe163dfe8d4ed2012da4491e1498b90

      Download Submit

    • memory/2812-490-0x0000000000210000-0x0000000000212000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-509-0x0000000000260000-0x000000000026B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2880-505-0x00000000004D0000-0x000000000050C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2880-528-0x0000000000260000-0x000000000026B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2940-545-0x00000000039A0000-0x00000000039E5000-memory.dmp

      Filesize

      276KB

      Download

    • memory/2940-553-0x0000000000510000-0x0000000000524000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2940-526-0x0000000000340000-0x00000000003A3000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2940-546-0x00000000037A0000-0x00000000038A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2940-523-0x0000000000240000-0x00000000002A5000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2940-550-0x00000000004E0000-0x00000000004EB000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2940-555-0x00000000004C0000-0x00000000004C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2940-516-0x00000000006A0000-0x00000000007C2000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2940-558-0x0000000000580000-0x0000000000595000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2940-557-0x00000000004C0000-0x00000000004C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2940-562-0x0000000000400000-0x00000000004AE000-memory.dmp

      Filesize

      696KB

      Download

    • memory/2940-563-0x000000006B240000-0x000000006B29A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/2940-564-0x0000000000240000-0x00000000002A5000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2940-565-0x0000000000340000-0x00000000003A3000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2940-566-0x00000000037A0000-0x00000000038A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2940-567-0x00000000004E0000-0x00000000004EB000-memory.dmp

      Filesize

      44KB

      Download