Analysis Overview
SHA256
3a9dfbf83d7e8aab1b8ba82ac1eb280a7d0b41a570ffe654a4b0b8f988de456b
Threat Level: Likely malicious
The file Kyle neutron.png was found to be: Likely malicious.
Malicious Activity Summary
Modifies Installed Components in the registry
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Modifies Internet Explorer Phishing Filter
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-19 05:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-19 05:02
Reported
2024-02-19 05:10
Platform
win10-20240214-en
Max time kernel
416s
Max time network
422s
Command Line
Signatures
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Uninstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SETA0C0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SETA0C0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j2.nbd | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t2.nbd | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\p001.nbd | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Apps.nbd | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Reg.nbd | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Uninstall.exe | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BBReader.EXE | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Intro2.wav | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Regicon.ocx | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\CHORD.WAV | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\s1.nbd | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\registry.reg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Reg.nbd | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Snd1.wav | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\msagent\SETAC2A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETAC2B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SETAC8D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SETA06C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SETA06E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SETAC08.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETAC8E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\help\SETAC6D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\lhsp\tv\SETA06D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETABF7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETAC6C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SETAC6D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETABF6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETABF6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETABF8.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETAC0A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\SETAC8D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File created | C:\Windows\lhsp\tv\SETA06C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\lhsp\help\SETA06E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\INF\SETA090.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SETAC6C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SETA06D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SETAC3C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETAC0A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETAC2A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETAC8E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SETA090.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETAC09.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SETAC3C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| File created | C:\Windows\fonts\SETA08F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\fonts\SETA08F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SETABF7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETAC2B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETAC09.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SETABF8.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SETAC08.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Enumerates physical storage devices
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 93cad342b05fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.download-games.online\ = "118" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.download-games.online\ = "201" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "128" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "415161275" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\Total = "118" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d800000000020000000000106600000001000020000000159ca9b08df3fa377692b354bd8447263f8d395a977d152510b0e2822c0cb8ca000000000e8000000002000020000000883ad38caab151363e5acda0a273ad91e0304a1806acd820cedc4ff8263dc8b4f001000028c850d854b9a9041abed28e19afa2a65d029ddbc42d5526b92cc23fa1bba3e798a9cd47f77eb21acfc886ee3420e33710a6bb27e6ad57d3eff60bf0c0a42f22b3d7b905e59b1b700aae5e1e4fdc287396d9d6fc7ea96b3e88e8ba088167360911719a6d85ea5d5b389ab9590600d70d39fe90c9c4cb5945040444d207c6e7c9ceee9eedfe1d9802844e63c19d67d8202e7d47a56b169c3b35b004b81f3d06c592b11eee060db92db463c1e6213c859b00ccc50d57ac9efe78cf4b54dd891351f2b32db4487206bd07fe7df6360d0223c4da0f1afca1790246d88b566cbc07ecdb44f6b5fa6e23d9b6558d6581ef018fc30c62837abcf427d0b322b1aaf269d00f34bdf5e03ca4083b5648e08798dafefeea30969fc4455f513bf348a8bf6108ba76f14e5ba0466eaac029ad06c6f5738a37165ff2e75eb622e8bf50e941104f2d9fba333e8d1d7df3fb29405f43c733ec9c9995aef06f0debfb98f0e6928a60b647950177af15f86f891d760edbf27ab6e470c0fc25940acae8de33497b1f0163510be56d41a8ea057cafc9ef24154cf6743005abc88aaa322fddf6798440743c34503bce95fa05dc2886a2962342a7da1aa3929e127afda262d951f29a56f7c3c60fac793b2a64afc99313805c69b68176b8529491404adcbbfa75273f1e2b06a22bcbb03ed88e9794eb9793f814c740000000d6bc03e90c4a06fdd628f5d278d990a394ffa5c6ec8a65fe3b13e5de7ab9d391c1c69ff34b3361d099069eb76090e2dcfb6580d477841bad1a6665fddc74ff3e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "48" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d80000000002000000000010660000000100002000000072438f28c3d2614f4fe7a2c49d4dd7c1b40c6087802e4600bfa2129130c07e9a000000000e8000000002000020000000b1a0790756bc2440bb114723f5144f007bdf8f63414d85a42900d04c1a28578c20000000a56964db6c1f98680acb488ba03b8279916a49f37a719bd3c68ad2e52460d8de40000000c26c41c2f2b209f7540adf1bbc32553348dd54efe5954dcb5926483909c036686a04435a0fbba7f8ded000b67969cac773b054082778cacd691d194f8338eced | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "80" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.download-games.online | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "48" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31089393" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "38" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "207" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d8000000000200000000001066000000010000200000001c860024688bc1bf84a7beacc242923d19cf10f86feecf223bb7db101971e3e4000000000e800000000200002000000077d6003fcf30a3a5e1c07ce19fc03bebe478e1c7692cfb67680a99be3cac56a2e002000002022722a8d22e9e060cb7521a7dc50b4a24a97a859c7948b7964fcf264280bc9686252cffc44d066f896e244a416ee0ba8f5dda7baa2c1035466d631e6b983b0008caf369c30689440142a75d24c9ac0f946cd7ab73e7964bb05418dbc3268f1c84138d30612cf32ddda47ab9e9a03c9d935850774a858a3ce3c1d636cf9a6e53066d49aebff737e155881f4990bcf6f5c352e49d8f1c1e8b758cfb66aff213e308c9f51e7a7ccaa79bd041e7a7d2c9003adb87c42b1f37118e43f2cd207d7b6fcd5450ee737a811ce84fade3d905d4a9733c435d972b880af5f3bc2827871211a58ca878828ae96ba71690e2c60f192c4419ff0489ff1e6b4966c80263100996b2f2920b2b0e80c15e80f0a98e53854c5407b745683f1cbdba7db516510f3c9787a7bdf639ce8070f67778ddbc7c460fef7bdf982fab06b84511ac91df740789eaebc7d66fe3b01935be84fbe6ee7f7386cdb282c8e24a4ae505f25f202b0949196c75a5c5bf5e71ccb739351be501994612bfd43923ac23a9cbb68d96757905c889a83005d58c0d45052d589c90e65080e53d047ccfb3767dc13effa36546ca4b8cadb75346c7097cba8dc1832d54e59d7e1b1cefc129e8b0c6b69271dba62521b5ceec4e62b376b4212909c821cf11ba41c46c2ee853f586ea5ae488cb37b8e89d87da2defdb694befed1bcfb28b7ddf10c52b73bf5c004e0fe01d22aa36d0673e330d7198445ff8f3a19291281def35f3783d2fd29efcbbe2d73a2b88ab9e09ed1eb81a53ddfefdec56eb59bdaf2aefbf7b0945f64296c2d779821d552a95e4fe35471ac0033eb064e6a3af08f120065227f4037bed3f62ad1d56c9ad9b47865174a9ec3a0007bb2efa6384b0302430ad9ecafd2d9f685768ef7b01707794393b276b557699a12afa8cdb42a7f764465674539141b06a84dc53f803bcdfd4a45e8ba8eac5a650c0b20625eb295f57978006091e67050202158125c753951f88aff814c7d1585a3428438dd0eb80c969fc605e9c597c4adc28917246ce3e40000000729f7d3719b83f9d024590ba2eb471c33a44e491f3c3c44cf8e047a8574b203229ddaa13abd6d67b40c1bf8204024f41260cd366abb3dcfeb48a3ad994fbf1c2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\Total = "245" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\RepId | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30D324C4-CEE4-11EE-8A96-F2DD3275D6A1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "38" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80cac0fbf062da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d80000000002000000000010660000000100002000000079964dac109c43e638376f887ff8b49200fdba697de100756c02b929f99a22c7000000000e8000000002000020000000004f881a73203838db2335243be52e81eda87bcc6b9196027adb8bf5fcc31aa1c00000002c4a3154c1f4dcb73c77fb5cfaa57b4886be39a5bb855d085663add49b6b87250d7561bcd272d221d420482a841f223c59388745bf593e1d42839c882fc2620eaa4164a4e61e6eeaa0eaeb47cc560b60fb4dee6d004b03e9fc95ef173d3ed6cbaa51f594de4df6d6d02ae9a1adc3cc0f6e83bad1876e42a4a2cd518c7a25095054df8474a42ef2a2c34d2d16e9c34b5d6ce97195741e65a38f1d57eb3fa90d7119ca8972f8744422700906ce784e5df4a44034220a579dba5b10873d7ec7524540000000d773246b97b5405c2a646379fec048f6f977a5687b2247f60e3bf6d0b34aab153338a7ce6f2d6bbe5e1e320efcc8f0b6de7c4792185574a71aae3f7afd2c8284 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "128" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "80" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "128" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "246" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "373" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "88131199" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415114128" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31089393" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "415154957" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "286" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\Total = "201" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d8000000000200000000001066000000010000200000009a2b36261ba8bc926f0f218ca4c90f5d427f5d9705bc3abeb654566cbadabaf0000000000e8000000002000020000000842ca83ef5b8f462a12bfa3fdc326b6d3a2e512dff3f4dfc058667c984159974c000000083727985e567f717fdecebbd3f875291acc6e5f1aadd255bf4d386b0fb33a50c4c6c2175d58f7a01b6fa086685d7873abee6cc99327d56cf8a064c37fabaa49f6798cb934149a8bb2c1f19401a0dcc0362b4204b29d16d7fd7f243d58b0367b76a5b5cafce73ba28a8193b91143dd048d768dd263954a8884a3ef3dbfdfffee8857fe1ef0c341781e409010c7b70cd3ba3d04571f63978a4c13b62864425a723ed41a8523329d1de671eb9138a1e32052c98bccf49fe30323942b724f9a2598140000000398fd41b1ed4541a2d4593adcb829c4a9473634b36238ac8bdbb1f5bb655b42077b1cc0f3951be5141599a9b47960f83441c1136249b1b0034b801c81db8aff5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "329" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar\CurVer | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\TypeLib | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\Control | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}\ProgID | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.2\ = "Microsoft Agent Control 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628} | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPanel\ = "ActiveSkin.SkinPanel Class" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166} | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F581B2D6-E4C3-40BF-8A1E-F68CDFD8FEEC}\TypeLib\Version = "1.4" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\Programmable | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip\CLSID\ = "{1EFB6596-857C-11D1-B16A-00C0F0283628}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28E4193C-F276-4568-BCDC-DD15D88FADCC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ProxyStubClsid | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ = "IPanels" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx, 103" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton.1\ = "ActiveSkin.SkinButton Class" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE4-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A} | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24830770-5D94-11CE-9412-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A981630-37C3-11CE-9E52-0000C0554C0A} | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComMorph\CLSID | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ = "CCalendarVBPeriods" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E91E27A2-C5AE-11D2-8D1B-00104B9E072A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628} | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.COMScript\ = "ActiveSkin.COMScript Class" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4B-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommands" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.acs | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}\Programmable | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F68-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\ = "_clsBBPlayer" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F} | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Kyle neutron.png"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3524 CREDAT:82945 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe
"C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x20c
C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe
"C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
"C:\Program Files (x86)\BonziBuddy432\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe" end
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| GB | 92.123.128.181:80 | www.bing.com | tcp |
| GB | 92.123.128.181:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.165.48.23.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:80 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:80 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:80 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:80 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | ad5b1b8d6723b63fc73af7a18a05a978.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | bonzibuddy.org | udp |
| US | 8.8.8.8:53 | 361a96741047f23577dda01033688811.clo.footprintdns.com | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 89ad70076e895750410352861c0a7fae.clo.footprintdns.com | udp |
| US | 204.79.197.222:80 | fp.msedge.net | tcp |
| US | 204.79.197.222:80 | fp.msedge.net | tcp |
| US | 8.8.8.8:53 | 161.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.29.187.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 20.231.121.79:80 | tcp | |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.9.66.186:80 | www.bonzi.com | tcp |
| US | 52.9.66.186:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | 186.66.9.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzibuddy.tk | udp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 185.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| GB | 92.123.128.181:80 | www.bing.com | tcp |
| GB | 92.123.128.181:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | fd56b6e61dcb5da4dfd05410e1be294c.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | 4eae6c34d346121aa436a106911610b9.clo.footprintdns.com | udp |
| US | 13.107.6.163:80 | 4eae6c34d346121aa436a106911610b9.clo.footprintdns.com | tcp |
| US | 13.107.6.163:80 | 4eae6c34d346121aa436a106911610b9.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com | udp |
| US | 204.79.197.222:80 | c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com | tcp |
| US | 204.79.197.222:80 | c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com | tcp |
| US | 204.79.197.222:80 | c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com | tcp |
| US | 204.79.197.222:80 | c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | 163.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.thegamer.com | udp |
| US | 52.203.114.80:443 | www.thegamer.com | tcp |
| US | 52.203.114.80:443 | www.thegamer.com | tcp |
| US | 8.8.8.8:53 | 80.114.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | launchpad-wrapper.privacymanager.io | udp |
| US | 8.8.8.8:53 | static.kueezrtb.com | udp |
| US | 8.8.8.8:53 | cdn.optmn.cloud | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | static1.thegamerimages.com | udp |
| US | 104.16.122.175:443 | unpkg.com | tcp |
| US | 104.16.122.175:443 | unpkg.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| FR | 18.155.129.5:443 | launchpad-wrapper.privacymanager.io | tcp |
| FR | 18.155.129.5:443 | launchpad-wrapper.privacymanager.io | tcp |
| US | 104.22.35.123:443 | static.kueezrtb.com | tcp |
| US | 104.22.35.123:443 | static.kueezrtb.com | tcp |
| US | 104.26.11.77:443 | cdn.optmn.cloud | tcp |
| US | 104.26.11.77:443 | cdn.optmn.cloud | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 143.244.38.136:443 | static1.thegamerimages.com | tcp |
| GB | 143.244.38.136:443 | static1.thegamerimages.com | tcp |
| GB | 143.244.38.136:443 | static1.thegamerimages.com | tcp |
| GB | 143.244.38.136:443 | static1.thegamerimages.com | tcp |
| GB | 143.244.38.136:443 | static1.thegamerimages.com | tcp |
| GB | 143.244.38.136:443 | static1.thegamerimages.com | tcp |
| US | 8.8.8.8:53 | 38.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.122.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.128.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | enigmaticcanyon.com | udp |
| US | 34.160.169.226:443 | enigmaticcanyon.com | tcp |
| US | 34.160.169.226:443 | enigmaticcanyon.com | tcp |
| US | 8.8.8.8:53 | tru.am | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.adsninja.ca | udp |
| US | 8.8.8.8:53 | b-code.liadm.com | udp |
| US | 8.8.8.8:53 | d15kdpgjg3unno.cloudfront.net | udp |
| US | 172.67.74.245:443 | tru.am | tcp |
| US | 172.67.74.245:443 | tru.am | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| GB | 143.244.38.136:443 | cdn.adsninja.ca | tcp |
| GB | 143.244.38.136:443 | cdn.adsninja.ca | tcp |
| FR | 52.222.153.178:443 | d15kdpgjg3unno.cloudfront.net | tcp |
| FR | 52.222.153.178:443 | d15kdpgjg3unno.cloudfront.net | tcp |
| FR | 13.32.145.100:443 | b-code.liadm.com | tcp |
| FR | 13.32.145.100:443 | b-code.liadm.com | tcp |
| US | 8.8.8.8:53 | track.kueezrtb.com | udp |
| US | 172.67.21.232:443 | track.kueezrtb.com | tcp |
| US | 172.67.21.232:443 | track.kueezrtb.com | tcp |
| US | 8.8.8.8:53 | gtrack.kueezrtb.com | udp |
| US | 104.22.34.123:443 | gtrack.kueezrtb.com | tcp |
| US | 104.22.34.123:443 | gtrack.kueezrtb.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| FR | 52.222.201.81:443 | sb.scorecardresearch.com | tcp |
| FR | 52.222.201.81:443 | sb.scorecardresearch.com | tcp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 96.16.109.38:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.169.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.21.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.34.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.10.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | launchpad.privacymanager.io | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| FR | 18.155.129.89:443 | launchpad.privacymanager.io | tcp |
| FR | 18.155.129.89:443 | launchpad.privacymanager.io | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 216.58.213.14:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rp.liadm.com | udp |
| US | 52.203.114.80:443 | www.thegamer.com | tcp |
| US | 52.203.114.80:443 | www.thegamer.com | tcp |
| US | 54.82.192.172:443 | rp.liadm.com | tcp |
| US | 54.82.192.172:443 | rp.liadm.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 172.192.82.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.8.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 8.8.8.8:53 | sli.thegamer.com | udp |
| US | 52.1.238.157:443 | i.liadm.com | tcp |
| US | 52.1.238.157:443 | i.liadm.com | tcp |
| FR | 18.164.52.124:443 | sli.thegamer.com | tcp |
| FR | 18.164.52.124:443 | sli.thegamer.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| FR | 13.249.8.192:80 | ocsp.r2m02.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | live.rezync.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | x.dlx.addthis.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| FR | 52.84.174.30:443 | live.rezync.com | tcp |
| FR | 52.84.174.30:443 | live.rezync.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | tcp | |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| GB | 96.16.108.203:443 | x.dlx.addthis.com | tcp |
| IE | 52.210.70.19:443 | dpm.demdex.net | tcp |
| IE | 52.210.70.19:443 | dpm.demdex.net | tcp |
| GB | 96.16.108.203:443 | x.dlx.addthis.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 50.31.142.63:443 | tcp | |
| US | 50.31.142.63:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.238.1.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.108.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.70.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 63.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd56b6e61dcb5da4dfd05410e1be294c.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | ed144e10bf3699c85012966ee7f3caa9.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | 01af2bc4267ca7c567eb2d7fb16b9e40.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | 5043fc1b5923b49d6ada60f0cb7a668c.clo.footprintdns.com | udp |
| US | 13.107.4.254:80 | 5043fc1b5923b49d6ada60f0cb7a668c.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | 254.4.107.13.in-addr.arpa | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| GB | 92.123.128.181:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 059104a31e0ee310f515c2a02ada53c1.clo.footprintdns.com | udp |
| US | 13.107.18.254:80 | 059104a31e0ee310f515c2a02ada53c1.clo.footprintdns.com | tcp |
| US | 13.107.18.254:80 | 059104a31e0ee310f515c2a02ada53c1.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | 086387ea6f2ad454626ae7990cfd5831.clo.footprintdns.com | udp |
| US | 13.107.18.254:80 | 086387ea6f2ad454626ae7990cfd5831.clo.footprintdns.com | tcp |
| US | 13.107.18.254:80 | 086387ea6f2ad454626ae7990cfd5831.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | f81fd6f174ab9ec0ebdea023f325942b.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | 254.18.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.download-games.online | udp |
| AT | 81.19.159.21:443 | www.download-games.online | tcp |
| AT | 81.19.159.21:443 | www.download-games.online | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 172.64.206.38:443 | use.fontawesome.com | tcp |
| US | 172.64.206.38:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 21.159.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.206.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| IN | 27.123.42.205:443 | s.yimg.com | tcp |
| IN | 27.123.42.205:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| AT | 81.19.159.21:443 | www.download-games.online | tcp |
| AT | 81.19.159.21:443 | www.download-games.online | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 205.42.123.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| IE | 212.82.100.181:443 | sp.analytics.yahoo.com | tcp |
| IE | 212.82.100.181:443 | sp.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | 181.100.82.212.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[1].xml
| MD5 | 4a50190666e35e04df6ddd2f9e98a01c |
| SHA1 | d332c9689afbe942210631ccd653e7b78b652c30 |
| SHA256 | 6d1ae77d09ff042351c4ab98e296d1ee4153100e2abaed09531f8ac817821f3b |
| SHA512 | 337a48905f774fa1d06ec5610c0cb46eec358557e0e091ee93c133701158d230e5ea8313769bf26c266365b93ab2fb0b0ed284ab1267146f683aa1b249b01f61 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[2].xml
| MD5 | fc6571aa21f4066d0b932fb66345a9ee |
| SHA1 | 674365a947b7539a705975d8fb0bb85dd25fb13f |
| SHA256 | 59c315ed6af31f2e29ff366a165ab96cb897bdde02d3404d178602104eca8cae |
| SHA512 | 2a64eadc3289fe5f746852ab604fb8b2bafd6daa2171094c2bfe9e29543a69e7ab8b6df9c8be5b714ce7bc6f4544c53c5c973f1e00c80af9e2e4dfa8c9beae93 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[3].xml
| MD5 | 08b8c7a057034e41ae65495624db1c38 |
| SHA1 | f3871f6c355d057ea27b1b2058abde053b6f7731 |
| SHA256 | 9d2d94f017789c19b0b5d3265654de62834499d1943b877cb09f7c2a699b3892 |
| SHA512 | b0031e336f3d1efead973f648330e9453758eca6eed98fc4f50014a64fac71130ac7f8dc98ef8967a77023351badfdb5882259cc870d3c241802f2c9651a42d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[4].xml
| MD5 | d8e9113464ba1045b13fe5c15c4e9219 |
| SHA1 | eb3c294d9844d42fa52b53ff0c11ae636b41aa8e |
| SHA256 | dcf896fc951fbfa931a8276047fb54198b35e1af600ac84b9156f200bc73d329 |
| SHA512 | 774f7450a8433f8d25801ffa6ea45548075cff364be5823a7cb2f6cd3bf75cfd62fac91559a42a7de9fb447a14fb095047d3b187f50c15ffb52b39a1963c1c0d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[6].xml
| MD5 | 69d81a451b93c7342314eead4ad36762 |
| SHA1 | 6e6d88d62d09accdb451d3aa0ee6a737b48fab91 |
| SHA256 | c7d0a30b6af155b37182cd7b7440819a98ddb0aa70e2246b38cf52431fb5c1d1 |
| SHA512 | 4c99ab8133a3a361a6acdaac3f95e2be8ab0f1204c537fbe3d409f9509f956c7365a620f5507222cd5afa666084b9fb53ed9bcfed1e43de5f3d6dd303648bfd7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[7].xml
| MD5 | b22f04c0b002741d19f8c501df164c1e |
| SHA1 | 7d80ec67ef2484c96a02c6029ad52a32de8b055c |
| SHA256 | 56f358966d5de32db3c1779cb219ac6a7f42bc5b1a99e8fb51f56d7a8391881b |
| SHA512 | ca0db78820bd414ce3a99dad9ae02bed60c09837bb427d78c1258f5b7a0b792adecbd441e8c2dd99a4247034cc1ad39f4439ffdacb00db936a28bf32d4042a30 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[8].xml
| MD5 | 0541f4e8ae2f726d90db40f694281e05 |
| SHA1 | a01b4931cd338abd3a9d5008991219b71679a02c |
| SHA256 | bcc5ae404256dc4fdef9dffcf1dfd2d7f66c8cda2df7adc363a078f3a8ee3aaa |
| SHA512 | 4653c4c7d7c612d7e5976f5102b51a232b905ded4769719271cebc54b60daf8a6ee77b499d3d72ccb28ce47e269189e1716148f9eb912dc382d8ca73e92cdcb9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GTYNR4Q5.cookie
| MD5 | 588c8f38e6b514fa11c17d9b46adf69d |
| SHA1 | 6814e0afac736272f7bc4312aa74bc689c5850cd |
| SHA256 | d70a02e8685a73f8b6d48c9482ed41be03f8dc9a1099b642b0915e1a7f905b9e |
| SHA512 | 2a4bd55b336991e967520ad0d7430171f17cb92126e52d5c6e775adb1e7b92b9d152567caffee144d0f945ea470208088e7c86f152d13f804c529cc6d7c1e54d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JBJRMC16.cookie
| MD5 | e7734a960a0c464a618bbde8513214f9 |
| SHA1 | 969d304b15576bbb5a3b448dbe4d7dffccb95942 |
| SHA256 | 5f69ab57b1a2ae1c10a2be59264fce7e4b1c366c463d37c5ed2b493ebc3db4d3 |
| SHA512 | 28a05e0b7db8dcf6f59b164a41e37c1212dc95e4c2e8067aa75eabf3c1a1ef3360fc309f7a90bb036a0c5525f3de5129d266a05ba7933cad9c5a0737a525c2fc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 0e3b07ac606155684a812064d0345265 |
| SHA1 | 58c47c147a0f4086be90d20d4fa2a2812e67edbd |
| SHA256 | 205e2fe1c0d48d6c48cc3fa241d1f59f80bb5d95b332583f6ee07ccfd8486f5e |
| SHA512 | a4ac18e1f9c785a4b74551f71e57e6416003d14e32371762a65fa75276468ca11224f7341d9769fdadb2b4cdda3773e8a7ace50ca2fe89e593f06b1dda219bd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\Ia5_CRNB4xoyu-KVOjnUHgipNm4[1].css
| MD5 | 8938885c71810d8fb15f670c69a07d38 |
| SHA1 | ab576481e3de2e7a73f7b27f948e8e20bbdd6ce6 |
| SHA256 | 7ea4b07664189023786927b493c0cb0bba5257ff761d69bed99760dd55f6b54b |
| SHA512 | 53e9308184f471826280791213d10869f8b4ad908cfdf4f1f66de4df6dcd3a02932224fbc7f27bebfe2c8280fb6fc1bd42082d0134bfca48dd4dcd9b3dda4d61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 2a94851e6ea13c2700db82f2a2d9ba0f |
| SHA1 | dd4c22e65ee6c415700f5bba67672e872fe29616 |
| SHA256 | bf03d7a810cc031bea5f1351d1640d22a2e6e21fa76ec4790c0ccfbfff1fac76 |
| SHA512 | e0f60623b366c0d5cd4f9c70ac8d43027251e36cc62865d51674d2c1dd1e9f610c0cdf9159cb45a8c2eb19d09824e6971a859480270ae7cd5e5e154c34a69f5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0802E4632F2005DDCC501E41C2958E5
| MD5 | eb252e5a0fd154c8449fcc9bdef5e04d |
| SHA1 | 57f60f5d7c3cb59ac7ded8297a8849c0ef901af2 |
| SHA256 | 3ffe05c3417d96aed6b251751ccb1add02ddd78c74dcfc6abe017a181346a0a0 |
| SHA512 | 2377f82ca9f4f48419e6e5cb0081fc0539c93f39cd33d917765625a601c2b33b53c8b454ace36a328bdcfbc6a94ce0f3126f0dcce58a7634b6a5e08bfe0fd0a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | da6de4d17f082dd537f69277675fd630 |
| SHA1 | da9a83bf11fbdad9db5ce662bdca9f0e3782aca1 |
| SHA256 | deeb5c3a33288682f450454520c657382f23e71bc6325347211a1580e2c6ae2c |
| SHA512 | 498e5f8d592eb6d42abb44ef31ee0737fde66acc707090756ebb60d42df4255489274869ef7868e1c79075fa260d62c7b9f3e033e4a6bb540ca0a6f7e0337b16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0802E4632F2005DDCC501E41C2958E5
| MD5 | 4fb6a159824c0d48ae2262296fca7d8b |
| SHA1 | c1f532269ba51223cd724b821aea8600895cfc16 |
| SHA256 | 5d913010dcb73b7fbe84582800295ca88b75b3a08eee38dd6081f3c82ae440cc |
| SHA512 | ae6e2541e9b6ad825e04071bf61eeb2b7b27f62a527535982b5ebcd713839e1f0172dbae18a61955912801565bda577a52447f526c786350a254ff7a7c478953 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | e73ea0cf852960ddb0648ff3afbbca6f |
| SHA1 | 9a758e05b25fc37598de0c5ad974240f8225dd6e |
| SHA256 | bdf6cebed8f90aa5cee1ec8aacdd8d1ec1a97efb9d838abfe373c585cecf91da |
| SHA512 | 942da4367b50fb20fa21f4da9fd8d2b889a53eeeece07d9dd2c65d3d9fda601b6a5841b32f96504d19cefb241331a611c9cfa7a4148df66224cf84b7df13b074 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 2cdea405e4dbe5d0b8c7c223ac2a1f22 |
| SHA1 | 472f0034c25080e74a3f62d34ba93f55e6222d3d |
| SHA256 | 457e0ebb2cdfbe5ce12b9c9679e522883ca7eba355deca0be73985c4bebb7f26 |
| SHA512 | 22bd06c93921b389c24cea239025063e77946d4a63bfa3e5b551a1386782dcd961a97db8393044cc95895bd84d3fb180a145ff8f2f3c77ee4f9978d35591e2ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 32796bfcebea59644b23ee274cea3dcf |
| SHA1 | dd9f1074c1deaacb4af2edb309f8d272830c1a1e |
| SHA256 | d8882c3665916977ebe526185bcd5350fee84d852a444225eb0f760724141910 |
| SHA512 | d3166ddd76c52c554b2f59c9bacecbd72a3718fcb6a5ee3038b22f6d11bf142560b1cb8d31e16ebc652486e8f1b3bac7886922c13f86126d6b0067ec81a33915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 5ed11bfd1b34a55433528e058704e090 |
| SHA1 | 3d287ecf7267b18825b4e814e40001d17fa8dafb |
| SHA256 | 653776133270bdd7dc444651fd4224296b5fa4afbafd833aee14a7589c44407d |
| SHA512 | 6a6b23352b84fc3ca11caaaea4e1f62ffb9cc802729aebd63c3a0362412370848339294ee6d35959b598fae565b696f47c3f0bb558eb4222b253fc1e88efb54f |
C:\Users\Admin\Downloads\Bonzi.zip.eeftgxp.partial
| MD5 | feeda384373fd6d2d8eaed602e4065b1 |
| SHA1 | 0a2a09a8dc0ccc1b2c3cee46ffd7a04f13ac47b5 |
| SHA256 | 273a834a0bc8d28f3808fa5d3f9c30aa23ef548429d95e18555a6d649eb6d751 |
| SHA512 | 068dec645c398a2ce969f644277d0c5c7fbb4c220be0e7e31e0e0dc0e2aca0b248b405d3dc2d968405bb6b7d6c10b7ce5565e44f34c3e137f04ab30aac673d21 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\J9JTK1NR.cookie
| MD5 | 340e10ea3d40b73c5adc225a63c05475 |
| SHA1 | 1ae6487686e2990b7abbfd9cb17199b99744c062 |
| SHA256 | b37881cb130bc953f8445fa27667ff7b3ea0ad020c1204db6fd9ec06449a0b28 |
| SHA512 | 614e0dbe314ac61737a24227583cc3d7307c9580a9cc08c0522e46d83e455c5569454d4ea2bdc3622b8ef37ef5852e3a277d436b44685dd889b6ad16aaf535b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 333a35682ca2f9f580e6dfee5b78e868 |
| SHA1 | 96a1b7dd4c2df466e0a0a50b3209fe50dc8b76c5 |
| SHA256 | 707057d132f0ce3d4292ef4cb1c37803e50e73ecd77997b7e836442d8aa4c73b |
| SHA512 | 2721d2ed3d517718bf1392c0f050e902268c8031c42bec9aaeebf85f4db8d902a4283f8510d19692803c3e22fc1e6daa47d2179f4f45924068f785b93f408c94 |
memory/968-660-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 206e1b51f589e86ddc65ab8d54ed91aa |
| SHA1 | b4a61ba8c671c189543c92f4703eada6c5d23c91 |
| SHA256 | 78b31172271e1ee6944825a58b79c340a0ce58a5c56bdd021a080278d3c9448a |
| SHA512 | e876f60a26c1f6b23cd6fe62ef1990ef4f953b85cb577c084d5dbed6d85103e1698f79a1cf0c6fe9d981b80df778e6babc10404f66dd0f35fa74ac25025ad9bb |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | d724813b726d498e43f194c26eeb3c71 |
| SHA1 | ca91314415fe34c6079a2daa3162520eedb5586b |
| SHA256 | ab350e86456ba41fb77030d668695ffc2b18a207cb2b71f462a064453c335b77 |
| SHA512 | 78c2413892c983d4480fcfb8c9771b65b60b68c98a254e42974cc389c4f944579b292ddc7d704504d06a831a43492289409b24a6e70085cc7fbef98e3c99697d |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 07a2804ba47b22e189648c7441f6ae28 |
| SHA1 | fbb94e3f2392ffdf8fe64e01dd90cabf196d3f0a |
| SHA256 | c4a572b5be9795b515e2001879e92cb9915db94bdad9fd0d256a71966691d415 |
| SHA512 | b206ffd20bc6a56f9726415ea8bef1bd90741653e42e131b5934e0f63c96a65fd61ab73c86671b8b00b66120a28e6d617492ab4ad15e2a342338539267452c65 |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 4f7817bacaa218b79d93044c483d154f |
| SHA1 | 346804e5194a0aa743ca40258b17898a9a3c15b0 |
| SHA256 | 92a5140f7aa4386739095f38f20df0ea8f7aabb3ed001a57d91d12a7e7c54f98 |
| SHA512 | eba77fe441dd43ad5af098ac91f4dc04c9136766214dccd8c1b19c602d039123eac0d6f7a5209f2ab62ded44196dcc3d5004553cde59af3fd6bd7d5de516d394 |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 578bebe744818e3a66c506610b99d6c3 |
| SHA1 | af2bc75a6037a4581979d89431bd3f7c0f0f1b1f |
| SHA256 | 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71 |
| SHA512 | d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36 |
\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
| MD5 | 3fe922500cc08fffdfca0b0b3d9d6dfd |
| SHA1 | 6effc98b83d71ec6db40e1ede2361e71ee8ee585 |
| SHA256 | 3391d7ac514eaf4ea3c7faf6c2304df122f5cf1aafbad1fdb746185ec98fb108 |
| SHA512 | 8f6e76c6425f5e9ae0f46064a894f8b53dcf57608f3e91b168043d42985dfc9a59a54ccce3339e0d27e7d31a78fa8b9644bc7e9683f35127f4c190e4e19d7cf1 |
\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
memory/968-1256-0x0000000000400000-0x0000000000424000-memory.dmp
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
memory/968-1620-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
\Program Files (x86)\BonziBuddy432\msvbvm60.dll
| MD5 | 5343a19c618bc515ceb1695586c6c137 |
| SHA1 | 4dedae8cbde066f31c8e6b52c0baa3f8b1117742 |
| SHA256 | 2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce |
| SHA512 | 708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606 |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
memory/2232-1656-0x0000000000400000-0x0000000000416000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Uninstall.ini
| MD5 | b96a2973514b5193b6dab3323084474d |
| SHA1 | 941b591aaf2400896f9a26a6c0f15b352ac0f0c6 |
| SHA256 | a5c3de3639c3074ef80f52adc34d8483bc076bd332485c066228a6391e43bc1e |
| SHA512 | 88ae136e9833e1f7f1fee93d4c5ef295c854b1218fad63a6ea43ec9b16426adf5341cae0d40230f8c0bcbab687332a7d9799f968cad34333b0082b493ad4778f |
memory/1068-2363-0x00000286E3820000-0x00000286E3830000-memory.dmp
memory/1068-2379-0x00000286E4040000-0x00000286E4050000-memory.dmp
memory/1068-2398-0x00000286E3D00000-0x00000286E3D02000-memory.dmp
memory/5084-2399-0x0000000000400000-0x0000000000416000-memory.dmp
memory/4792-2416-0x000001C8F6CF0000-0x000001C8F6CF2000-memory.dmp
memory/4792-2419-0x000001C8F7120000-0x000001C8F7122000-memory.dmp
memory/4792-2421-0x000001C8F71E0000-0x000001C8F71E2000-memory.dmp
memory/4792-2461-0x000001C8F7E30000-0x000001C8F7E32000-memory.dmp
memory/4792-2463-0x000001C8F7E50000-0x000001C8F7E52000-memory.dmp
memory/4792-2465-0x000001C8F7E70000-0x000001C8F7E72000-memory.dmp
memory/4792-2467-0x000001C8F7E80000-0x000001C8F7E82000-memory.dmp
memory/4792-2469-0x000001C8F7E90000-0x000001C8F7E92000-memory.dmp
memory/4792-2475-0x000001C8F7F30000-0x000001C8F7F32000-memory.dmp
memory/4792-2477-0x000001C8F7F50000-0x000001C8F7F52000-memory.dmp
memory/4792-2482-0x000001C8F8110000-0x000001C8F8112000-memory.dmp
memory/4792-2495-0x000001C8F7B80000-0x000001C8F7B82000-memory.dmp
memory/4792-2500-0x000001C8F7BB0000-0x000001C8F7BB2000-memory.dmp
memory/4792-2502-0x000001C8F7BD0000-0x000001C8F7BD2000-memory.dmp
memory/4792-2498-0x000001C8F7BA0000-0x000001C8F7BA2000-memory.dmp
memory/4792-2504-0x000001C8F7BE0000-0x000001C8F7BE2000-memory.dmp
memory/4792-2517-0x000001C8F7260000-0x000001C8F7262000-memory.dmp
memory/5084-2522-0x0000000000400000-0x0000000000416000-memory.dmp
memory/4792-2537-0x000001C8F7790000-0x000001C8F7890000-memory.dmp
memory/5084-2538-0x0000000000400000-0x0000000000416000-memory.dmp
memory/4792-2539-0x000001C8F72A0000-0x000001C8F72A2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF21E47AA3A99B8BA9.TMP
| MD5 | e8b76ad4f25a0a9975ba5df0dd3801d3 |
| SHA1 | 66c6dcf906456e89863bd90ca5b8cd3114f2bdc1 |
| SHA256 | cfe6b7695146c57c1339f7b13b30accd205fa455287869edfc15a2b016d51553 |
| SHA512 | 646161599ca60a98ea573f6cba0bb6b3370954352dbaa8a213a576979e536e89575637ed191cb4c390640df062a97ae02dfa287f0918206e2100dbed4c1e2cc8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[1].xml
| MD5 | 012d83b1a96fa67271d5deffc746210b |
| SHA1 | 91ff5aa68c3225208343ab32a9d224627cb30490 |
| SHA256 | 9a9bd1e366d0cd09962f0c9e06352588a42b541073d0b47dc9005859bd661aae |
| SHA512 | 4206fe15fe8af7a1c6f1c1a4af21971787ca2d42f0917f7d70fa5e82ce6034708de0366f49b537d5386e7fafd57a6bb0a9a03e32e7cca96092e41c22f5e4dbb6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[2].xml
| MD5 | e8a661a8f3fe592ec50cd985e6fba407 |
| SHA1 | 3948ac74f82d36762a4f272296c4a88d8b44937b |
| SHA256 | 3f73b609fb7120e6ab3b0ad98d229bf43bf76d0b366c2fb1658077fe1d17a8e2 |
| SHA512 | 2707a2508fa492db9bf8babac4090a5c8263e3f2df159c04f3a85bdb82c75d9384d6366422607b3cbdc567d23e8e5f22c7b61fd18d16a5b25a656a1c1efae898 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[3].xml
| MD5 | 6652ba95ced3af87a8d3c44bdaa07058 |
| SHA1 | 2393f95e72419a2fd3922f81268cfb4c11cfcfea |
| SHA256 | 1c703a5d06033b3491dfaed827720825d454bb238e14b198429af6ac834bb2bd |
| SHA512 | 1e11a800398b4a4812f1e07a4ddd0a1ba2340821243e5d56b443fcf9298139c1882e9556e45a49c5aac254c44b88ebb6768d28268faf004da63d05487b96ec87 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[4].xml
| MD5 | 7f01dcb43fe2b6f54f5094bea2b5de4b |
| SHA1 | e03dcc724164588c0db3b5dac811d2feb445ab50 |
| SHA256 | 45cdc0f878ea70650ba2cfadf27d369a25c9359c82ecdabe0114d0501eaee7ba |
| SHA512 | 0fa5f9aa24297da0fba8449053f629e1c3573b2ece2e66f5338c3025a55adb19375b6abda6a829ebed390cf4abd730cc7419b308aca8c23302a87e7e70efa4de |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[5].xml
| MD5 | 21d0ac69361bb06764b8846d09d30822 |
| SHA1 | e1720247defa97ccde202edb20b878b119246c22 |
| SHA256 | 5990dec94caa0921d0694aa698cbc68c7324e90462e0c0c2db334b03d25bcfc1 |
| SHA512 | 13305ed8ef6e751d8795b093f5b27b9fcfd3bc983d87066c57e3e83cbb992e1ccfebd8cba745fa282112df11a267aa174eb07589e5105763df5d8a7845cb43dc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[7].xml
| MD5 | 96d6d4e78aeac685263c8b2ba0da0343 |
| SHA1 | 26ed02c1dde37cf4e3d82d8ad16574c214482365 |
| SHA256 | 273d8fb7256268851f1ab613af7e5b6ec58a82d0fd61a269cb6d408147bd7691 |
| SHA512 | 1cae3116cbf06929ed7980833a423e7e81336cd77c6791730efb676f6b7fe2824b319e14d4641df288b895139a367f05acd2ddf343986d32234dcbba14c8a282 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[8].xml
| MD5 | 622f5d97964341e43a429f1333d0918e |
| SHA1 | f9a41d4a5293d9d484252eb1efbf645cb6a9323a |
| SHA256 | 0bab3ce582a40f2b3229d650bde4e9938f7ee956958c6896aae4e1bb7f560a11 |
| SHA512 | 826eaebca2791721cd4a15e58904fe4b2f81392079fc10e35dca95aabcb1ae855f318c0b70ed92290ebc325fef2abd7c586aaab843175723c282d080d66d898f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[9].xml
| MD5 | 983af652492e6fff22fbb136df7753d1 |
| SHA1 | 9c80685ba507021481a8cc01fcef609298dca9d6 |
| SHA256 | 8370e5cd5789d7ccf237dc3d4fc31e81585c8c8d3bba9935bf9672d03b49a365 |
| SHA512 | 8dbdc75821d64e105dd55999c9edbf2092983c6a356b82fd0c6806274d9e98e8641d8e399f3f690d6e7d6f1d11ade47ad7db91d413334294d16352ab6127c340 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[10].xml
| MD5 | 99f7c284427ccb9b26d6845b6349c33a |
| SHA1 | b5792a50fb2e0a14e79c38c9a5b6b48d980a7059 |
| SHA256 | bef500cb8fefd1cdadc454470fb492c20457a6d3c0faf2a589362cd17aee9601 |
| SHA512 | 843d7ec17989aeb9cbfacd0174c5381ac4b94d4871176486661ade295af83128c70e8b42dc6d06fb2ad54e9177bfe1361e3943f2be29b85872bfaaee1ae24b3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsmlONN2YPUZ.xml
| MD5 | 48bd20bde4d666c9854974dda23b383a |
| SHA1 | 3a7e59d33c51dcfd12876d3870b16848a711ae60 |
| SHA256 | bdaf0f0c3d84ce9113b793516ab7d38c71fb0416be7b4aa360ef1b55166a35c8 |
| SHA512 | 18478ec91deb2c67d4c44a35e6ddd5b65b7caa677a27ddc89bbf9d2750d4c346db971c8591283fd15ee11ed7b60e0e0f1a9c497901c9894890d9d23888ab7c8e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsmlQFNVXJW1.xml
| MD5 | 1f2a7b840929e7a6d1baca43e663241e |
| SHA1 | e0960a40f4f5b3e5c0f69db87fad9914ef7a0b7a |
| SHA256 | 29ac6ffd1dab17718dc3e449a9b651018af0cf8f022a45d1a62320e89db66610 |
| SHA512 | a8efec2aafd9a258204ef01a700e83db9857c35b75eb51473c018bcae1ec00b1d0a2f7a2dbe2e75a1d67cf5936876b0e7a6b7c6f1bc7c0f714fc13cace649254 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\WJ5Zr3KXGmLOfRuanmzz65HPIU8.gz[1].js
| MD5 | 09964116a876dacdb4e4a92a44a1a2c6 |
| SHA1 | f411874372672002dccca49013012e92fafddb7b |
| SHA256 | 521063381dda828e51930bec523a2d9f442aed51ddf3292446acac94daae65d0 |
| SHA512 | c89e7aa94c1d8ad33c7ae62e6f3ea0e0cdf8bacf228b33e03b731e74d7f8e04a960d7e44bd430c26bbf6740a3ac5cb1feb622ad2059cac76d492e22d21f78a8f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\b5XvfNix8_OHs4DhTF-ooplQTMs.gz[1].js
| MD5 | b3ca28114670633e5b171b5360bb1696 |
| SHA1 | 683f2fb3d4b386753c1f1a96ede3ca08547f0e02 |
| SHA256 | a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490 |
| SHA512 | bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js
| MD5 | a969230a51dba5ab5adf5877bcc28cfa |
| SHA1 | 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265 |
| SHA256 | 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f |
| SHA512 | f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\_wse7ZAlKQerpYeIowH6ixcZlys.gz[1].js
| MD5 | 31a2e167e8eda6790b18616bc0c703e0 |
| SHA1 | 8fb3c76c819f06c665925fd8140f7575edbfa66b |
| SHA256 | 855c209d488fad81c2d2c92815a87d84b2d2381309b94563c89ecc8d0e50ad9c |
| SHA512 | 3a2b949d6c121de16e932c8ac05af036a9822538e5e6c0c93288ff4d3a39cea02797c0d2175c6c5a361a6c996fc49c8734486607489919c15e7a3098b7ffb266 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\NRudXMsXYtnM1BQyD6xvAZoudZM.gz[1].js
| MD5 | 2ab12bf4a9e00a1f96849ebb31e03d48 |
| SHA1 | 7214619173c4ec069be1ff00dd61092fd2981af0 |
| SHA256 | f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac |
| SHA512 | 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\2MNFZoUV19wQglFaxwi8z4iyQlU.gz[1].js
| MD5 | 602cb27ca7ee88bd54c98b10e44cd175 |
| SHA1 | 485e4620f433c02678be98df706b9880dd26ab74 |
| SHA256 | f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8 |
| SHA512 | b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\we5MTeTkjiic9oaBxzZpmSWxZ5k.gz[1].js
| MD5 | 8c8b189422c448709ea6bd43ee898afb |
| SHA1 | a4d6a99231d951f37d951bd8356d9d17664bf447 |
| SHA256 | 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff |
| SHA512 | 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\dvzAZc08QoRQcmA7yoRfhaItvOo.gz[1].js
| MD5 | 2ac240e28f5c156e62cf65486fc9ca2a |
| SHA1 | 1f143a24d7bc4a1a3d9f91f49f2e1ba2b1c3d487 |
| SHA256 | 4325982915d0a661f3f0c30c05eb11a94cb56736d448fdc0313143818741faa3 |
| SHA512 | cb90cf76cd9dc16829a3ff12be5274bd26a94097ad036f199151f1c88534a15bbb8f8dafdd699e51df5c38e73c925c00728f807b20c0b097a5842963525baf4b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\5DO8gtCg3cuThAzYvD-3z0fqQeE.gz[1].js
| MD5 | d39510884ee1cc5d9ba822543a71be20 |
| SHA1 | 5a7a1d51e5f1b636285969a31e7334e5256eb07a |
| SHA256 | e67a34d821594f5e9c5a430dc32cdc6cf0c66b6f95e9bd27d4c4094514004ce6 |
| SHA512 | 5e1d437b705572702b3504eaabf291c7fd618daf23375695791b1f5f472810183c13b32ab4e998e20b13c8d7dd7965401830e337d990c0cad1bf530fdb1c47f5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\UqV-gyU0dytDPL33PAiwX9jYT_4.gz[1].js
| MD5 | 5523d6fb9beaeb6ffbdebf325618ec53 |
| SHA1 | 45dd9921ee5391e91f0bb60e86a4a51b8408955c |
| SHA256 | 41beded468e4758b55909ea550f5b9c7f735ba67c5735c453981e9b405f56142 |
| SHA512 | 1347d6a82307191cd0ebbf7042af48db6c3db2953efb007c9951740ea36283e4e80ef4826282a7aa49553bb3639b747a3e4dd06fde7702507b0b5c958e1baa05 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\tdTMdL8EdqhqSe4x2qx8qf6i8-g.gz[1].js
| MD5 | 472e4c0f78992e66f029d6cfa0061b36 |
| SHA1 | c04a9b6151f4113564346bd2d3ddf4b1bcc3c7f8 |
| SHA256 | 627cbd6266a53e45d4a8cd0dcbb580dc2e07e7f2327d936c103031c2003f187f |
| SHA512 | c02b98dce8cd787f5bce00c590d08dda6761b3eeff0de4cb92127ef42a277160145c6eed66e1b1372ca723c5fe5ae899a13c593b31290ba6b48e6e3def1c3016 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\8noA6v-veC88Jmes3Le5xrfe-po.gz[1].js
| MD5 | 6fc02be780b0fc89255072e8a595b605 |
| SHA1 | 8fbd8d519a0c90773437e23e7bf033b501a76dc6 |
| SHA256 | 892b90c7e1a5e8f33de13423674abbf40381890f2426d36d0d6a7a3c4e00a3b8 |
| SHA512 | cab1d3a9896e739d821f30845b9ad318546e01966c96af1825cbe1b2baffd0922e477cabcd1c3a2cdf4b01301e6c1a6bf892d8fd9ed27bee783051374a4d4d85 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\3tdN5-aUjXHlyFDCP-W57B-Gjkg.gz[1].js
| MD5 | 0c0ad3fd8c0f48386b239455d60f772e |
| SHA1 | f76ec2cf6388dd2f61adb5dab8301f20451846fa |
| SHA256 | db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7 |
| SHA512 | e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\U5G6p_Tev2pTiyx-qaKz78k-LeI.gz[1].js
| MD5 | 1c0981ac86e2ea5b7f08f34548af3280 |
| SHA1 | 57324208ddb3a9e80abd3346607d712c999c2e50 |
| SHA256 | 00ff3483d93259aedb929a9fee4454a623830b18a08f08781ac1961c1e98774a |
| SHA512 | 0f7185a8579d9bf1b89623bf126c58789010c76f7e279a3f44064c78b2e3e04bb0a89394e6be185618071153bc872e43a69211255f3470e1120e51ab0d5f2329 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\qu6fPbDnALKf1YOEETSSe8UzB-U.gz[1].js
| MD5 | b10af7333dcc67fc77973579d33a28e1 |
| SHA1 | 432aeaee5b10542fc3b850542002b7228440890a |
| SHA256 | d99b46c716faee91274a2d94869953fb78d312857cab5c1a61ea63d7ae90cc68 |
| SHA512 | c0afa2847a873b82c83f45a03c40fbb435668465a4dcefa21a31895a4d1106300f4041b385eefff2c85fc87fd9f1d0560d283116294468b710f6ca4f88fca1e9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\f5M90q9eKVXkGU-DAv9Aa4jef2k.gz[1].js
| MD5 | 8d078e26c28e9c85885f8a362cb80db9 |
| SHA1 | f486b2745e4637d881422d38c7780c041618168a |
| SHA256 | 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461 |
| SHA512 | b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\fHuyi8cU3N_FKljgNDAU8JiBqx0.gz[1].js
| MD5 | f1cf1909716ce3da53172898bb780024 |
| SHA1 | d8d34904e511b1c9aae1565ba10ccd045c940333 |
| SHA256 | 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01 |
| SHA512 | 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\c7QZ5k10E24NaQY9fPjMQUxFL7s.gz[1].js
| MD5 | 44e2fe4485dff2b58657da38e7682c2f |
| SHA1 | 49171495ba10632c88a34b8df2ef43943c57b112 |
| SHA256 | 9408809306892f1159ffa6e11428738aa327fb49dfc4d59c5b91821872c137e9 |
| SHA512 | f2a524155fc56c1d8ebb5a7059a71d82405aca24ece06d2c22aae102bcde969638f57286e0987b745cba9c24be90c5b3f701c31415f4c7411188db33454b3d75 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\rGWTfn1YVmDRfMb1Jkguvl91Ajw.gz[1].js
| MD5 | 08e6ab16353d021ac4dd0d038aa62ada |
| SHA1 | 4ec1428eab0a5571344b6c71233a9b6c2d29caea |
| SHA256 | eb9196ffd0add7f34b23df8cdfbb281fc7e3c23faa9363294b053853e68645ec |
| SHA512 | 86a6fb451ca8706f79f1814f7bee991c7be3e498abba627d6b2d946ef1ffd30fe95d252f1c1d0d8d0a06a92dd9aff63acae14a8a2fe0e49ab55bf3465410cd5a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\SO02eTikN8ZV7bCSXFKur4CKSoQ.gz[1].js
| MD5 | 6c2c6db3832d53062d303cdff5e2bd30 |
| SHA1 | b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d |
| SHA256 | 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70 |
| SHA512 | bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\cLbtDmV8Wuu85z4ohozDWHwPrkQ.gz[1].js
| MD5 | 3ecddb057770ebff27d7f0abb202f54f |
| SHA1 | ca37399b5fb004a544f49bdc9c8bab352e69a126 |
| SHA256 | d22f690af5cdfde25765aceeaa4b66b565435117a02cde1d8601c53c2e5db1ba |
| SHA512 | 70ee083bcd9b898456bdbf2b29d504ceae331573ad8541ebeede1aa136add8c8cbf63d719bfc4e8ddf37e4b7e1dfd5233bee807dcde4aafe8be14094b4570036 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\byLmVJQA1UzOFcrs9Jrvys4jXhM.gz[1].js
| MD5 | 2ef3074238b080b648e9a10429d67405 |
| SHA1 | 15d57873ff98195c57e34fc778accc41c21172e7 |
| SHA256 | e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da |
| SHA512 | c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\jQ1w07qyCcc9l2abcuV-aLzD-d8[1].js
| MD5 | 52112879d5349e8b00df2197105d30e7 |
| SHA1 | 8d0d70d3bab209c73d97669b72e57e68bcc3f9df |
| SHA256 | 6d9847b1da91ca359d58f830db46d984b5101f108594cc9c05bc881185c2a977 |
| SHA512 | 8684ce45dce557a551e5e577a090bb0ccfe92ad43125888c079d98b6835724c1263b30efbdcbd9299913c742367fef3cab1da89f20d38de5b5758c0b2b873469 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js
| MD5 | f4da106e481b3e221792289864c2d02a |
| SHA1 | d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994 |
| SHA256 | 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9 |
| SHA512 | 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js
| MD5 | 17cdab99027114dbcbd9d573c5b7a8a9 |
| SHA1 | 42d65caae34eba7a051342b24972665e61fa6ae2 |
| SHA256 | 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de |
| SHA512 | 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js
| MD5 | fabb77c7ae3fd2271f5909155fb490e5 |
| SHA1 | cde0b1304b558b6de7503d559c92014644736f88 |
| SHA256 | e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c |
| SHA512 | cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js
| MD5 | 47442e8d5838baaa640a856f98e40dc6 |
| SHA1 | 54c60cad77926723975b92d09fe79d7beff58d99 |
| SHA256 | 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e |
| SHA512 | 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\BmRJAuTc8UgOeXgJh_NIObAa5HE.gz[1].js
| MD5 | 55ec2297c0cf262c5fa9332f97c1b77a |
| SHA1 | 92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23 |
| SHA256 | 342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467 |
| SHA512 | d070b9c415298a0f25234d1d7eafb8bae0d709590d3c806fceaec6631fda37dffca40f785c86c4655aa075522e804b79a7843c647f1e98d97cce599336dd9d59 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js
| MD5 | f5712e664873fde8ee9044f693cd2db7 |
| SHA1 | 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4 |
| SHA256 | 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2 |
| SHA512 | ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js
| MD5 | a5363c37b617d36dfd6d25bfb89ca56b |
| SHA1 | 31682afce628850b8cb31faa8e9c4c5ec9ebb957 |
| SHA256 | 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f |
| SHA512 | e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js
| MD5 | cb027ba6eb6dd3f033c02183b9423995 |
| SHA1 | 368e7121931587d29d988e1b8cb0fda785e5d18b |
| SHA256 | 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f |
| SHA512 | 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js
| MD5 | 3ff8eecb7a6996c1056bbe9d4dde50b4 |
| SHA1 | fdc4d52301d187042d0a2f136ceef2c005dcbb8b |
| SHA256 | 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163 |
| SHA512 | 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\9hmJA6-cnVArHFzYmc0jTDznMxg.gz[1].js
| MD5 | dadded83a18ffea03ed011c369ec5168 |
| SHA1 | adfc22bc3051c17e7ad566ae83c87b9c02355333 |
| SHA256 | 526101adc839075396f6ddec830ebe53a065cddbb143135a9bca0c586249ff72 |
| SHA512 | bd1e5bad9f6fb9363add3f48fe2b3e6e88c2f070cfe9f8219dc3ae8e6712b7fe04a81c894e5ca10fb2fc9c6622754110b688bc00d82a9bb7dc60f42bd9f5f0b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js
| MD5 | 56afa9b2c4ead188d1dd95650816419b |
| SHA1 | c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6 |
| SHA256 | e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b |
| SHA512 | d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\DQQTu0f9ldw9QQHZ9i-TAYjSeD0.gz[1].js
| MD5 | 30280c218d3caaf6b04ec8c6f906e190 |
| SHA1 | 653d368efdd498caf65677e1d54f03dd18b026b5 |
| SHA256 | d313c6fff97701cc24db9d84c8b0643ca7a82a01c0868517e6e543779985c46e |
| SHA512 | 1f329898fa0e68f65095b813ca20351acfeaa5f74db886508fd4f1fa85811a8cc683c6fab9d9f094f596c8957219f8e29a6307ea0b2d470bdc809a4b9c9d34dc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\HsCou58SDvv-sLUSbqxcvzTnbfo.gz[1].js
| MD5 | 23466624683daff4c2894116c7b9ac6c |
| SHA1 | 99b9540b33b694d9eac6fe5d683e6726d72bbd4d |
| SHA256 | 0b0ff20d9134242926337f043aa9e12dad809e78273db9b69796f970eba52019 |
| SHA512 | 15b0064e3f07eb9a7c85a54511cb6095516a3142710d18c942f648f5947e819031a51f7d72067f9e04b1c560e50e9e3cbcc7e3735554eb38ada0a0be2a2367ab |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\2Ji9RDVmC_M43zDGwF-pccsCT24.gz[1].js
| MD5 | b19ac21dfdc03a156ae40e0d3359796f |
| SHA1 | 14b422a6a0b3023e64dd9f90109d8e0214b9a6b7 |
| SHA256 | 830e0be70c2f2dd3876bf80598a4d1753589ea24f4a09aad4277935ba83fd3df |
| SHA512 | 2c3519c0f8930c71fa032d77381a8d66a4ae07dd4ffbb762d59d98fc4e0d8664dc3d5910449a35a7d7d3089c262a5d89bdb2fe4ef5383a880848ebe466adbc72 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\umSLa-UWDzJyJqPtS0cHaIekH-s.gz[1].js
| MD5 | 4ff32905762c3a445028e11ed69f04a0 |
| SHA1 | 809535e72d3dbe00f945893f7581eb3897f4439a |
| SHA256 | 336342b76b1eec2f9698dacb5d7d7749148a2036172435cd0c1a80a80a9886e7 |
| SHA512 | 8b20273037fc33b549b6322d4b6a7623b0e24cf737c8d562e226f3bee2f5ba5a0692569fd0039e296146e9845e4f00ed5f08566980ede5fe449be08ff1f0b79f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\FavU1EjA2vP5Q62uDdPhKgsSFpU.gz[1].js
| MD5 | 56dac487c37ee7dee9faab262fe067f1 |
| SHA1 | 510463f30ee54ce692e70cfb154061cc1199e3a7 |
| SHA256 | 09662329029b94720fae60c7385ac781b2aecee7ea427308014c8399356e6c19 |
| SHA512 | d17eacfe42ae8edb14338dcd7984c45d638e6fa2cd045b3d144490e90bd8ddd6bd2721e1cb0c73f7a3fe582d6ed7d1f375c16fda015df5d4e9a1af6385d06f66 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\6v5u2U4fJjMh954CqHxOmGfCxRs.gz[1].js
| MD5 | 12ae5624bf6de63e7f1a62704a827d3f |
| SHA1 | c35379fc87d455ab5f8aeed403f422a24bbad194 |
| SHA256 | 1fb3b58965bebc71f24af200d4b7bc53e576d00acf519fb67fe3f3abdea0a543 |
| SHA512 | da5f5485e1e0feb2a9a9da0eaa342edaeeefaf12ce4dcd50d0143bf476356cb171bd62cb33c58e6d9d492d67f281982a99fef3bfd2ebb9e54cf9782f7b92c17b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\s1oZaswi-q-iLvkSJAdVWI4a4EQ.gz[1].js
| MD5 | 72a034ca33c75d118741fc3b3a584571 |
| SHA1 | 288cd516a9e5c1ec865690ab1a6246a1b41720a4 |
| SHA256 | 16f49634dab9d1c1732f465d25321229fb06bd7161fceec77dc62ca9d8fc1b11 |
| SHA512 | a166862571adb533286f4e7f5f9f3be56625dd8fbb8c7ecdd1c507fa9a5839b2b75f514b236b62881b983c6a39da799eed5ac56fd20253f3fa061216f7da34b3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\9YFq4imrseEwIuXcDlV0BNdcqbc.gz[1].js
| MD5 | 6932cd1a76e6959ad4d0f330d6536bb4 |
| SHA1 | e2e7160642fe28bd731a1287cfbda07a3b5171b7 |
| SHA256 | 041eb2e6f2582f4c19c0820acf9a0e9a2c7262edede0d397a5f6f0215e83f666 |
| SHA512 | 28bd0bb200704fbac0de2d7c3d1c64a38d5567f79bf24b9c9894c7c6a3b80bb69a5c9f0929cf82163c8e8d39cb6667a2ac81dcb4e6d2072cc7fedfb63219e584 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\K59yR1AD9pXD4Qp7EsPhFjZsOjo.gz[1].js
| MD5 | 718c9d9c2d2a498de3c6953b6347a22f |
| SHA1 | b2f1a5400618972690d509e970cc3abeb72513f4 |
| SHA256 | 66133f155e3a433e9eeca08dfc3b4e225d358e1a89ab0665379eff319f9f0081 |
| SHA512 | ac55ef9f45d29cfcf7d80c009df4c55335f7c3b55d66aadde275f580f321125a2c7669f7157d5bf9a34b3513c1231935a461f46eeebdd87b7801685fc95dc6c3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\Jhcu_55E4oZmA7XFf1oxcaAGFvM.gz[1].js
| MD5 | 5b3e2fd8e824e69b2e32469c046a35e5 |
| SHA1 | ac62b20d73e2fa61030d585deed53e58d03ef74a |
| SHA256 | 9077771f70727a1d7007a97feb2a07ce753e90e3d1da19a733e46f36e7910397 |
| SHA512 | 01fde7361cee5d3ce3093f55bfea0745670004d228934a46064537288f983d26b62869ef969875e091045e6a28eae3ef0d9e59e7de824ed6b76cce52a9fc7625 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\C--M7IPvNnU0UEDvmpri5TIEBWc.gz[1].js
| MD5 | c4e82ab9594cc0319421764abebbc9d7 |
| SHA1 | dfcf466acee5ee84265fa9763c32785a23d51f07 |
| SHA256 | 957e82cf66a7f154cb8789a1f0a45d243d3bf025786f9a91dc5c5628755c4784 |
| SHA512 | 8cd7435cc5430f506a793708ff73db4fd2f15bfccae0bd70b0a794a5c0e7f7eba4ba59ee08fded33ca37f871b27e85cf2d5a8bd7f602bd9a6df7d4fd61846ad4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\uIb67AAMNs7MKLB7-TYTuX5F-zA.gz[1].js
| MD5 | eb8aa421c5061f7eceb605c499779712 |
| SHA1 | fe6d09d2ae127eec408ce082fa5fe295f803e92d |
| SHA256 | bf0522679a5e3b62e1309c7412c183375c1029b4e19c69c07d7f736f587c2b35 |
| SHA512 | d6f63a298f18e22c22f477d4d01227e896bc84ff983d60231a1cc15981f59a4bce14c78a3d8a676204e5c68e07275ece5b6684f325095595ef9e1a30a6fe3131 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\tfIOV7sZFNtTU99jAjgnRcflz_A.gz[1].js
| MD5 | fc3708a7ac43ace3d3406c2e5f7f1116 |
| SHA1 | cbd3116ecd59fd4a44f8b3cd958cbff724989a29 |
| SHA256 | 37d9b83c929f1a8d94c4f29000cbfdfa72c4bc61c3950df02523252928591c29 |
| SHA512 | 12122417b29aed27eebf3bb36e740c86567daef7060b5e8d64d11c83a5045e6eca5f3b1bc5a6d6b1a8e3eb23f8c34d48b63fcb41e43143e6b146fb2d51cdbd58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\XRthJV-obvwnJOSPLGMMnjUjJQw.gz[1].js
| MD5 | 41e1135d5d4aefe240c4dbd7b71f40dd |
| SHA1 | cd1d7feee9a4202cf3a32172e8c5b081855f3061 |
| SHA256 | 2e51a8c4ab5b014aeff1eeac9da5a0937f5ca7dcde7f089f88db05460f2c47ca |
| SHA512 | 8b43c0246a2a3447dd0fc818a67faf5c76d4bdbae52989c80da3004f032033cd2fd45e484727facea150125766a8c6b9b1094b855b9e1d23495e85d8ae1ce041 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\ioKL4yhrJqtkOFe3zMXnISprCBA.gz[1].js
| MD5 | 4bdde2bda78febf33f1206a6bd0998c2 |
| SHA1 | 6629a72b1f08b6d1283c653efe14ca843e31959d |
| SHA256 | e756e88544a52eaf76ed6d67d1b5862cf901c3b1074e2125f1433050e8b28c3d |
| SHA512 | d97d14c44dde252b04d57c9fff49286b5c41ffa80a0301e1787d1d6c7c27bcf059b438e43d99d3a6f7141e1b861eb0ec2826558246ddb8041eb9b3a7dc5fcce2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\L4DRqeT__ThpoWCN679qYPN_ZoA.gz[1].js
| MD5 | 142a83c5800451a9731a262400de2419 |
| SHA1 | 1e5f6598f7f6b43a6f4e1b2a900ce1676e0c024d |
| SHA256 | 7d49a33d66c98ab838f9a15d2ff49bbac72c1588d979644fc174116d0afcb852 |
| SHA512 | b1d7fa83b4bc787409c088f7cba58acaa031fe3239a7bc139b6d4839ad6c66156e44cdf6f545d7b6b9309b3ebbfa0b17d9f307884f679cb6d2ae11c6935eea2f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\VXn7vnSx9zTUSf2RIl_Wja69HvQ.gz[1].js
| MD5 | 487d9ac02e3cf57172045869ac3f97a2 |
| SHA1 | 47c9870beb200a74d274fdf9e98aa2efcd54efbd |
| SHA256 | a97799ff4c48323ad3314a13e6a20a69145d0f8257fdae6882551d6fb6610ea6 |
| SHA512 | f13633d84fe8133da9d1823ce418cf42717cbe79176c9c11f4a7dd66905ba1aef571b968bd29d7c7ca91d802b4b36aefdb0c5d715e480215754c5d164eac27cd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\daQvltyGtR0_Bmd7gyyuS0oOMx8.gz[1].js
| MD5 | e561c275f8ed21dd5507e90cc459be10 |
| SHA1 | 7a020eba64271c7742816ada9d8b5a9af52be890 |
| SHA256 | 7b150b4c64d3e893cc3b567d5b91ef3378e7243e05862d34ee168e4a93efe9b4 |
| SHA512 | 9992b277184399c6e824dc246c833f9efadece12cd989b0122ac377ac451777eb5f145e143d3561ce0ed8a558bbb729f4d8de01f1839cb0796c3ba153e94ccf5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\KDN7DRKV1Zb2p93Gy2Unq-Vzsx4.gz[1].js
| MD5 | f5dfb6428494da3c1f195528588587cb |
| SHA1 | 7575a1f3dc367b2332d837a46d1dd2748b225c38 |
| SHA256 | f45968b3999174976d6fbea229f627f0bda56fd84f8b1924c01da624bfea01e3 |
| SHA512 | bb677ee6f22dfe28ca9ebc94a6ea7b5bdfb95288ba246c85c135f083c3af765964dbe5f3a028dca6e8a6396e967f24c2734442432abf00e690f34bc8106dfe9d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\THYoh4O5wX4jiJPVNWwc3jVHuwo.gz[1].js
| MD5 | 2fe892c04cd5ebc84869d9b76a995ad9 |
| SHA1 | 7068354f113dbe13e4a36d26b99278864b1cf373 |
| SHA256 | 66b8178c7d9750e9ef11b6bef9296bd98e8898779aa4863426aa78e3a592b7d0 |
| SHA512 | 2ed41cbd6ab2c5717cee790de22220af44c34d6e849b9b1dcf8451c7cb7e6058c6021af63d39fdaf5ca3e5e8199d33c33ae0143bb325c44e3fec55c7125a6f99 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\XaaYzVzlIKSK0sjPeW8zosuyjPk.gz[1].js
| MD5 | ffdc7892743e65d4e1747d695ab8fa3a |
| SHA1 | 02c6c4d62ba6806b28f1c69462e55e631ae13970 |
| SHA256 | e7f80dfe7b61e64faef1f7408f32ed0194ae648931d406fa987ec50c7326eb2d |
| SHA512 | d85141d067a79df5b680fcc0d2a49e913847fed449315c238f08b2b92847cc5549798428b4921483604898dd44a75a3595e08e14ae132c4ac72f72caf731422d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\kBL3JdtH1imF0oE3K3ZlDwS_8jk.gz[1].js
| MD5 | 794184fae3c0890ae4ea642fd8f7fbf8 |
| SHA1 | 91f8e72f3517d86a28edeb1b476f90fa5f972168 |
| SHA256 | 00ea5dc006fa84e08d604bf9708135b98138ae0a092bd2c101a912b5efe3fe17 |
| SHA512 | 3bcbc295c3e482ba7d8d99df3ac396fc1da973745a82dcae8d02270afed54b758d3f2c9811ed3c08e817f78a1a6a73eb5564d05e0c78d8009cf2608d14bb96fc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\2RFgnacsz6nPw9vvxd8AGFyaQr8[1].js
| MD5 | e849f94cd30ec77987643a0d405e33e4 |
| SHA1 | d911609da72ccfa9cfc3dbefc5df00185c9a42bf |
| SHA256 | b39968f3ab3c3867efc7115c77d0239b0a2c505ae87766231bf46e32f7797c43 |
| SHA512 | dbc5ef102c16d14a99f090821176b3706ba08d87d1efba817d763af969a10f9058c7aa0ce54d442dc816e84d294b52dc78623416044c1b6efa59a28055b48504 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\rAZxSKYdsSxpySha14kRmiDqdDk.gz[1].js
| MD5 | 480df9ada0ab4f05ef58e5cb2e2392e1 |
| SHA1 | 5510d9c30128875621b2f587563e7c1d0153f164 |
| SHA256 | 1c56cffb0e9950e4a61b6955e8708befa2ceca71017838f1fc233e2038b23c2c |
| SHA512 | dae1a6680c0f1dfcac1c2b7b23c459f162d3d00d83548dce37bb86a74d2c04f2ec6b68449631eb53dd176153bdec74086f287b02688ef8d4d977671060709d09 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\5gLXl8TebX676__yHZoPPn5TP3Y.gz[1].js
| MD5 | 8fb7c28d360242fd16e5ac70038fb86e |
| SHA1 | 7a34629530fb652307712b36e51ff7e089c95298 |
| SHA256 | 29d4a78e13396fe5f5c8b542309d9809eeff5901b1bc9cafa79b8b04c3511a3c |
| SHA512 | 95fa210722c42c451553301365effa9cb87f6c386eba374e593f73650039406de7e7829855a3dfe21524850d5683a3e4030622280e9f30bd7868bc0005e33fc5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\cTjovfJ8fuNtDtyC0VQH35vgAUI.gz[1].js
| MD5 | d807dbbb6ee3a78027dc7075e0b593ff |
| SHA1 | 27109cd41f6b1f2084c81b5d375ea811e51ac567 |
| SHA256 | 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7 |
| SHA512 | e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\KWqNO2aZe6YJFeYtVL2of-Fv82o.gz[1].js
| MD5 | fd88c51edb7fcfe4f8d0aa2763cebe4a |
| SHA1 | 18891af14c4c483baa6cb35c985c6debab2d9c8a |
| SHA256 | 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699 |
| SHA512 | ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\W8bLYGpay8IFp3H_SrUDKaBAn30.gz[1].js
| MD5 | fb797698ef041dd693aee90fb9c13c7e |
| SHA1 | 394194f8dd058927314d41e065961b476084f724 |
| SHA256 | 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da |
| SHA512 | e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\H8bXiOPUHgfeLtHqccpsJxfmPnA.gz[1].js
| MD5 | f0b47869072148871c9ef8fd599d1561 |
| SHA1 | 1e5697b450db16224d42caf50de711a405c4b5e6 |
| SHA256 | a214296c5311c24def18e675844a5b9363e5e262a3f21388d5fd9d14e49a6322 |
| SHA512 | f1b398cab77387a9704ca8be98069353fdeb409d20c283610de22199c2390de38eaea1d0413b4b183cde58680518ac9900b1f8811cb6e758759866c2c33a7d15 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\EbWMC3sa1kqKKLU2JpggRmK8hjs.gz[1].js
| MD5 | 072d0f8c7fdb7655402fb9c592d66e18 |
| SHA1 | 2e013e24ef2443215c6b184e9dfe180b7e562848 |
| SHA256 | 4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a |
| SHA512 | 44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\pMgv2IcGdINcYpOkU9rVe8Ez9FU.gz[1].js
| MD5 | e3c4a4463b9c8d7dd23e2bc4a7605f2b |
| SHA1 | d149907e36943abb1a4f1e1889a3e70e9348707b |
| SHA256 | cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6 |
| SHA512 | 3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\A6Lh3eitc0n-SCd9XRZUqChp8vM.gz[1].js
| MD5 | 2438834b8d43c04b99cca2ad9949f750 |
| SHA1 | 8c5fb408c84651cf8581c39be5dc93367bce782d |
| SHA256 | ac7ab806fc753ee2fdbd0b541bf39b2b2d389fa60fcb71e6f3e1da88b4af7971 |
| SHA512 | 8fb0deb31ac682e80c2c6c13f9ba15482e6021e96566e4f20d6b42ecffca1397dc9c478f2399443d875f87280611edc74d3bae5677bf79b5e5ad3a9be087314c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\a7RkbH2IHdmyeUN_MVJdikR1pV0.gz[1].js
| MD5 | 6aa31b2e1206b5fb4457b17f7d8ff677 |
| SHA1 | 3f76b2807b77f286f044592b87d7cd2d5342e3a3 |
| SHA256 | 220641c38e01902f0ed9fe147e7213236c6ffdb63794057602bff534c8f0e437 |
| SHA512 | 36e852ac26c0a7a834c9a55a9871f12127e2fb6b14a6d15d67d187a610d1e1d485ccd60bc819e78698082db6055edee56ded3f56e3799c6551538718517d85b0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\YZk8JWO0h-B4ClAA3BQlzKOiVLs.gz[1].js
| MD5 | 3c0e47e84a81f367dab175bd020ac9ee |
| SHA1 | 7e3f061ce0fbf6aa88bd4c49ae5f74e5e84fc2bf |
| SHA256 | 73c11b91b105e2ceac93645e1d90515326ab52ca600f881504e86fc845ea8587 |
| SHA512 | cc89bc0a79abb462149dc8cfe011f4ff7ea9e9adf4e9710fc246c171d509596f008deb7e668099160b02b3b2f010fe8a1997f7d51dfbf0cffbf2b5217deaaf2e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\n9d3FV10boJjjLJynNfBhPDCWHI.gz[1].js
| MD5 | f759bcc4e614d47ad0085331ffc2966a |
| SHA1 | 96379d238158604406ba2d94766c6d247f9b638b |
| SHA256 | df1408633a520a6ce6588c410be0a10453067443f402cde76dbf0375c2a2f9ad |
| SHA512 | 9f2393fc36a9c61b4b6f199a5f2c2583dfd7fd637ce50a05c37fcb5eef03e1ae279848bbb168a337163dec9860aac35ab1e435a4ac69de7c81008442e68c5763 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\pwG_b_SkKir_cXBht7AyvK_AkSk.gz[1].js
| MD5 | 8687af7aee2cf9ef84ab842df658cded |
| SHA1 | eac9637ff3d16ff5b73e2fba27f170b17de7c627 |
| SHA256 | b9ab96f237f2f30e62829faf8321dd3eb91073dfaa7ec39c1a24e0d492bfb482 |
| SHA512 | 4a76d12a0d2959fc569fec0f2bd037a2e29722312760aee10827a2423d460f3d9a297b382918f95d51ee6a8e3490f6cd723551a24c02f99759b0c77c7cfd61d7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\Tv_wcCUoY2fsGXPx2d4MRVc1Pis.gz[1].js
| MD5 | a973478285784a7c5b007f1d4e611b1b |
| SHA1 | 564b804b581d2535eaf8921195ff1a3d9ce94d94 |
| SHA256 | 4693ba481dd4620177956738d188d21fcd9ad43f717f554d5e6eb3ab0fdf8747 |
| SHA512 | 0cc310c446e69833bbb663b0aa8c7a57c6c526180df300a6181c988518f50614d2f8a224f72cf2cef8a3227ee5e4ef7d82f801e3355c0185fea7e52075d85ca5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\jcWxW7bAgonk1QxcVISnwbZpbis.gz[1].js
| MD5 | f14827d1112ece3a5a1a9363ada605c3 |
| SHA1 | a57af2bd4bc47cb1a9c05cbbcb69b2700fad4b21 |
| SHA256 | 4191d965ca71924b5adcdd0590809844d72aed7f97ac400a60c9fea50b83d295 |
| SHA512 | 65a95dfc1eb42fa336e508b1469c30787316c0565eeaf3586e946e284e6d897505556fc179a0044b567551058407e2a5814cb5a8368b2099878d1bd7b748a5be |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\bZr1yJKv0NMqYMU2V9cGN_aPwzk.gz[1].js
| MD5 | a3ed0a10d3402385766a2d530e3552ae |
| SHA1 | d0ae8524e7cb992c2878168096e6dc6e3b372d88 |
| SHA256 | 9225ded8980e0b2b2fb218039906f4bbd7fee0c68fb33aacfadfcef21b7dfe75 |
| SHA512 | 61f39ef6f947fa4ba99ee7c10e37f6f336da4dc5f366c5b94ac850a81f6ce35ca935332f41affab145d6ee1cc1c76b85647c93dd73aef354de6b5e43bb6f322f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\ysiptyHans8IYQDC1YCmzZR7hBs.gz[1].js
| MD5 | 00bee03327af12e5db14aa0967daea24 |
| SHA1 | c8afb873b9fa284b539010ca72220db8aee40fd6 |
| SHA256 | c8f912cc21b8a576a62b9f03976f49a6b6f96f10fbd1042ec56af4da02d985ec |
| SHA512 | 494860cdefb1d070b4f390ecf9803fbdaa88a94bf91c84dbd9b95d4e86205c1ab7b28e24aa074ca13a86fd74194cabd25fc4a64e4dd8730707879dc351f1826c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\pCjAnNfKRza-LKbFI9VevrRjIwc.gz[1].js
| MD5 | 22720d009b7a928af6b6f0a9a765a588 |
| SHA1 | 6b23f5332585ecb1e5986c70c2717cd540ced735 |
| SHA256 | 9f0fa7d003ecd211bebb45d69143294a522936c9446b3c0c359cfa2369374c4b |
| SHA512 | 3f80f974c9aef814f760d1ca43af03bfdbe2e5d7ce036c0c007a754bb957d48009d0e000e3879a9d9bab72bece9771871c776ead6bbbc1ae62147ab9b11807a6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js
| MD5 | b743465bb18a1be636f4cbbbbd2c8080 |
| SHA1 | 7327bb36105925bd51b62f0297afd0f579a0203d |
| SHA256 | fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235 |
| SHA512 | 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\2IeqNnpxuobNf8w1fP2Oy2HEFfk.gz[1].js
| MD5 | 22bbef96386de58676450eea893229ba |
| SHA1 | dd79dcd726dc1f674bfdd6cca1774b41894ee834 |
| SHA256 | a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214 |
| SHA512 | 587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\recaptcha__en[1].js
| MD5 | c37774be5504a3a7def09eff73263bc3 |
| SHA1 | c5160a2908b3fd4230ed5cf521728fabaf3b5c06 |
| SHA256 | 4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1 |
| SHA512 | 0b6bd8b8ba94b177597517b641fade09f843f22c3f02d9b1ba6440a19acacaa598aeca3c2315d106d560e78837e1e9fa74111856d52f40ca9a7865d4f4eec9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y92HB3FJ\www.thegamer[1].xml
| MD5 | 9b210127deb243c5bc3d1ee0aa8dd921 |
| SHA1 | 94a08c5f6c6c43f3f740660c6d4abb18555f71b7 |
| SHA256 | 2545c38e9e534d6c6dd64ce8d004259a0825aab8db63c3ac089ae82bdb26d8a3 |
| SHA512 | ab9616c960f0392c228eed3040fdcf0691ed86c5f2edd53085100b7f10045f48dd86b58bef5cb5555189be08d73abd3b3d0c4e78b9152e0f5dfcf051500c9ae2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\favicon-48x48.1631f6a1[1].png
| MD5 | 1631f6a1ee521f828a8bea66cb82b3b0 |
| SHA1 | 4cb741d790d96727509a6f2f72438d893e44279a |
| SHA256 | e6800d21abb536b652bf0735f41b5796c2b601ffc1e43548b57dc64f490e75b6 |
| SHA512 | 1a170482d77d6913186f3e52c597b748422b7ab07039471183c8f3f2678309832428a83f6132f4f9dea9d16e0dcc78bfde6ab26ec69ec7a80318137f3b99d252 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\-zcyvjXd9HLGSvaO4uGi-wMcJAU.gz[1].js
| MD5 | 7eb1d4a0f288e1a54caa4e1458ff8ac9 |
| SHA1 | 6f2c3382eed41ccd7a72c23269221c1682aec4bb |
| SHA256 | 7d3cc2da3b5f090ffba8ffb886c1a15839d15f337609cda5b2dc6a51ef69233e |
| SHA512 | 4482bc2885dfc456672a11f670088b479d550fe506d202712986dff53b3e9202fc7fd5556d9f622ceb74bdf232fbf1e62e7445750eabc1b80b48209eed0310f3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[1].xml
| MD5 | 8ef6dea5cbf02d15df5141b458164cac |
| SHA1 | 0d9df57fc97f898afa58b315171877ddcfefc057 |
| SHA256 | a0af6dea24ed92f27f92d47f92b3350c6645b7a1df18a67ed178c1b4995b4ee5 |
| SHA512 | 07e304bdc58139924209143faa224f2781ff995ae0a486065f735a0382d00276519b3055c118bd85811768c3be1a2d82e3003d23ed4be0dc7b7fe377ea3be7f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[2].xml
| MD5 | ee333649338b20405883e456494bf867 |
| SHA1 | b529c7d0a91723908a0071da12b7edd89baee2c4 |
| SHA256 | 2099f392e33a0fbaa0bfe049312b112d4892dd2748652806983eb1ffb1ac0a1b |
| SHA512 | 469c5b12cf7b53afb6912b66704c50318be50470e8e2387da8eb45405e3967f0773d0644c541174f74745000eeeb5ce5b63b6b15b6746a165f1646d0a2644cd7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[3].xml
| MD5 | 59ac99411c94a8c788c4b99d124db51e |
| SHA1 | 4eb76c045a07a2d5127284b011e08531ff35554f |
| SHA256 | 375f31847411ca0ebcf5ea753471433cf1b0146b37bfdbb32ea05b496921e388 |
| SHA512 | d2213ee689f1c53b5a0b90eb195a0f562ab4cd4d06a4c7003769a7ef360465336fa4f4deb1acd725827e4a639ee6e6b75531dd4f343b17abb960dfb98a52dfe9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[5].xml
| MD5 | f35c5b78cb6106b8c36b90cbc874f600 |
| SHA1 | cd8ea67c0fb573ea8bae4f8c988725a7458bc572 |
| SHA256 | 0774e56223ff7f0598fa9540b4d39a9a0ca8c77ea05847fe42e7a2c4bdc5d61d |
| SHA512 | 7db1dc46a7982e3a7fc520a2ec741e90fae48c669d8b7d60ac3b883f7f11fa8975f91f067f565bd9d96a266076bda1d0e46cf8fd772f06dd7e966bbcb1ec36cb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[6].xml
| MD5 | a3aaf3d71f96311b1a4d78f3157b1e93 |
| SHA1 | 24410f7073326bb7caa7673872ca972d07641b3a |
| SHA256 | f6332efba1ae2ad6ce063685c4f49696fece6496590d98fe465bec946323cbb4 |
| SHA512 | b2fd733c74d5d19d58f69e6930668937bac0c47f4a56540fab63bbc5e2be5e2a95ade6db479d31f6231e0531828428d0be3a1049f9beba5e77528e5b5b5e60ff |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[7].xml
| MD5 | 187648ef4c30462d1e8ca0a4f5dba12d |
| SHA1 | 91c8eff6eb03a2b1aef28b5fe32fef3fcc0831c6 |
| SHA256 | a2f42682a40c2e2162a9341fa2d8d9701c0b0077263fc539c0eabeb00b9ec70f |
| SHA512 | b7e8764584de1bb9256e37ee3ddd0507fe0bec7d76cd2a149cea5d10c0187a106fc2d810a5a05259a6a2fd429e1c0ce5da7055bb8dc6753fe9afead01678a0b7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[8].xml
| MD5 | db262c4f0bd90ad99965f9b8977c3a43 |
| SHA1 | 7e5156c50149f9ecfed3c0b8f30da4624df99223 |
| SHA256 | ca8dc3fd560f6cf73a1f5af8448149fe8b63297847a29ce58b06aa45f86b5813 |
| SHA512 | c5b835ab0fce63588e254d445ad8f7c0b7e8395aa0a834c16a4e86a4f87577394f6b8355a6c2ab6f4cee3f8b25288d8a7e7b9f7062ad6308c3bf7080efa0a41f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[9].xml
| MD5 | f973ad5901c651d32848b1287a071a46 |
| SHA1 | eed608079899b416f4d924c8d25b20b71dfabf34 |
| SHA256 | 1cb33fe6aa9724177c92695e393d7e44a33d587363c8db44d6de3e73dd27091d |
| SHA512 | 9497fd53c611ae05610b615ad6029bf94c4f1bff4b933f3afbef1792da8f8cdbb02159fb66a631c4eb3ed6e39c08edcac5481ddd54d0087b9dfb78b5dbdea769 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\muBDJ82OTyOYjrBgSAappaemqkQ.gz[1].js
| MD5 | 76dcde967a82fe9a7eb33afe6188e80f |
| SHA1 | 9bfee53ac09eab6c7dcbb50f9df05b975a152e54 |
| SHA256 | 6bf600e1e2d08b48d0c9f1f61c5d71ffcd2cfb8acf3795f47afd2d24a03ca3fc |
| SHA512 | 8873f1fd08ef95a7452bbd9513cec8fda28c27a0add824ca1c0eea403fb20980a6145486a1d23a95a61c482ad923b77212aef7892ba8538c899c700e54aa5156 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\VSHMB2CcEtm90ymMjOxsoRO9CbU[1].js
| MD5 | 16170699b2de02f1d9a4c32257b7940a |
| SHA1 | 55b71a4e05bb67f1a71a2f426dfca271e41cc6b4 |
| SHA256 | 81d57919a3e7f982e37281ffc46b564b38e5a763ed1c6c0773a174e3881caf12 |
| SHA512 | ecdde616d8914ba11c83d06cc2c3ea79a2497608794e620ee91dc89470aead49a6b6f5ce908b2cc17afd21d503d9ce17308adaeefe1f8e3102d44346f90bd866 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\-Sz2s5N7OH1ytS3UvkSX2O_IA9Y[1].js
| MD5 | 2b8415a9bbf8bfeab2adad3a6e963a9c |
| SHA1 | 9b1add91fc188e85acf813dc70a2234c78a34d1a |
| SHA256 | d6972c6a87ca861382f3d01bb64c97c06f4414fc85bd191e2cc058a274129e0f |
| SHA512 | 3a5c16d55d6f443e6f7a6a77ed6bc56d61210d05cd7def3d1a46ab3f899159cf045966dea85391093bb979e7c1a2612175a5a10253f06e16e9e292c3928949ce |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\vxzWERx0SA8SmaRd0q2rC016a-A.gz[1].js
| MD5 | 7fde246b74c5f67f0aa8c7d7cc79e80e |
| SHA1 | ffdf840ef4a4fc149b32c459fefb75e7e1989619 |
| SHA256 | 7b51d998064518a7dba2e327ebbb4bcad2536e8803f00c30711b8b8dbbd5d5a5 |
| SHA512 | 9b463b91e4c79f28984ab44430deaf4cd9586d79cc5cf30739c910a94823268fcd7bb3b82d6035ac655766381b4bf35457d4265b05574262d0980718ff58d7b4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\RUy6BubPCKO0vnHGAb-aeKgkQFQ.gz[1].js
| MD5 | 9bd59261c4f7060c0a56fbebe640d193 |
| SHA1 | ab581ebdf704164ba948f5bd50f24c5cec603fe7 |
| SHA256 | f2e33bd98a56131c29d724c93d9502d8db6a69a9ff6f3e05dc0632fa5815be22 |
| SHA512 | c5b74254f63d1f70e26346cb0e28e68ab0dcb6ca362d6e56f2adce443113c2d61544f2dbba975422e170fbeedc8e6bbd2ba114d31eba507315526285f4d60e4b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\uEkd_fZ_Wz5g1DLEKthjlm0vzvc.gz[1].js
| MD5 | dbbd25a4a4f730c8ff26d9c8a21a939d |
| SHA1 | 38299ff58a451efd72e02d95dc371316d49a863a |
| SHA256 | 42453a710eec2630e8857ee9ad65ae5b0b6dd6e3cdb88874b720ee2c2826fab6 |
| SHA512 | 63c703d573e4815ea8aa3793005cfd8abc9622d75ac164ccb1490f6c6c7a9da1f35ec27beb1f19d8ea0985361b466e46200083b1befdff765b74900ed7c20b0d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\bSqrnjdioEEqQ1DkOp7KppXr4Os.gz[1].js
| MD5 | a31d65e2f94b0c7671947a653e7f7ec6 |
| SHA1 | c21bf708012f948044771dec640b3c2213e75ba1 |
| SHA256 | 457cbadcfb29fb7fa3650b9580493f71b7e57142178045b6ca0985589d91f2cc |
| SHA512 | 701f099603962b86ff543969c1447330ca5a31545fa80339db8bc558a242d740f41cfe4f0fcdb65690f7b2c092bed5b15340c16cc47717de8fb64adc7a4594ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\zZNw0WGU1nLGF0Ru6IYizdXTJBk.gz[1].js
| MD5 | 1511e1305fbeae4e2826ea0e2fe94e96 |
| SHA1 | b1e8f4e08eb188c1ff157375efb8afe5077ec33f |
| SHA256 | e5c67347f550530145ab3d849e51e480fefdbe3bd7bb97b714b19f7012edcfc3 |
| SHA512 | ddb65679b2ba30e6e93b0e182f36fdd134926f584745f056a52b1e35467152b0d8d5ff7ef29a8530629efea00f31d54c6e15b518cb859d565062261b4b5b9b52 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\3WR1B_Zqw3cGsVUGLgqURnp9Hp0.gz[1].js
| MD5 | 643e14fe793987d9bb21bf798efb1dba |
| SHA1 | c65a371323fff2e360bed5a12d6278921008eb38 |
| SHA256 | f37567196fe3233ff3080b514f1fe727556c5033b026592abd76b0f870083d7a |
| SHA512 | 7574ee9b7b274d874246d31681b164f249e34bee76264e4fef355d942d893e17a82d6a8013c7b9047705010d0684e1ce26ba88dfbffae5aacef93a954ad6d03e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TT8IVAU3\www.download-games[1].xml
| MD5 | 93e4987fa4ce418da13390beabe7f580 |
| SHA1 | 29c3dd7581ab96a174bbdccc1655a22e750df628 |
| SHA256 | 5247d8ce52d0a419e165fb952cc0d0123d96d93a52aeb7be3fd9e51c7f25ad76 |
| SHA512 | 5522afbd0ebc01c9c74d2e52208f7bf25dc98bdb8eab4f453e0aca3788848d56feec875a9aea9ad63a74127edb6a786c6e73c0a361b36ab53c63f99072c6c736 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\icon[1].png
| MD5 | 5218ae24921515bff4b032eac45e5133 |
| SHA1 | d0ed8f50bb8cbbb86392ca442f6f9ed535649697 |
| SHA256 | dcc3d40702946151c53845f95bf1ee54a649dd889459072e178769d962978065 |
| SHA512 | 94f86d47c299f2275dbdbed148ce0bad54eb364562b39336f00c2e27cf6c1e92363643447e783cb4f3fe8dc11fecc078ec391c1a076e3a1ea80ab70a5c7d5acb |