Malware Analysis Report

2024-11-16 15:46

Sample ID 240219-fphsvsac46
Target Kyle neutron.png
SHA256 3a9dfbf83d7e8aab1b8ba82ac1eb280a7d0b41a570ffe654a4b0b8f988de456b
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3a9dfbf83d7e8aab1b8ba82ac1eb280a7d0b41a570ffe654a4b0b8f988de456b

Threat Level: Likely malicious

The file Kyle neutron.png was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Modifies Installed Components in the registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Uses Volume Shadow Copy WMI provider

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Modifies Internet Explorer Phishing Filter

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 05:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 05:02

Reported

2024-02-19 05:10

Platform

win10-20240214-en

Max time kernel

416s

Max time network

422s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Kyle neutron.png"

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SETA0C0.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SETA0C0.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j2.nbd C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\t2.nbd C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\p001.nbd C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Apps.nbd C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Uninstall.exe C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BBReader.EXE C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Intro2.wav C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Regicon.ocx C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\CHORD.WAV C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\s1.nbd C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\registry.reg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Snd1.wav C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\msagent\SETAC2A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETAC2B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SETAC8D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SETA06C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\help\SETA06E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SETAC08.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETAC8E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\help\SETAC6D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\lhsp\tv\SETA06D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETABF7.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SETAC6C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SETAC6D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETABF6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETABF6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETABF8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETAC0A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SETAC8D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File created C:\Windows\lhsp\tv\SETA06C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\help\SETA06E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SETA090.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SETAC6C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\lhsp\tv\SETA06D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\SETAC3C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETAC0A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETAC2A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETAC8E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SETA090.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETAC09.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SETAC3C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
File created C:\Windows\fonts\SETA08F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\SETA08F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SETABF7.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETAC2B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETAC09.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SETABF8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETAC08.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A

Enumerates physical storage devices

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 93cad342b05fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.download-games.online\ = "118" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.download-games.online\ = "201" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "128" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "415161275" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\Total = "118" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d800000000020000000000106600000001000020000000159ca9b08df3fa377692b354bd8447263f8d395a977d152510b0e2822c0cb8ca000000000e8000000002000020000000883ad38caab151363e5acda0a273ad91e0304a1806acd820cedc4ff8263dc8b4f001000028c850d854b9a9041abed28e19afa2a65d029ddbc42d5526b92cc23fa1bba3e798a9cd47f77eb21acfc886ee3420e33710a6bb27e6ad57d3eff60bf0c0a42f22b3d7b905e59b1b700aae5e1e4fdc287396d9d6fc7ea96b3e88e8ba088167360911719a6d85ea5d5b389ab9590600d70d39fe90c9c4cb5945040444d207c6e7c9ceee9eedfe1d9802844e63c19d67d8202e7d47a56b169c3b35b004b81f3d06c592b11eee060db92db463c1e6213c859b00ccc50d57ac9efe78cf4b54dd891351f2b32db4487206bd07fe7df6360d0223c4da0f1afca1790246d88b566cbc07ecdb44f6b5fa6e23d9b6558d6581ef018fc30c62837abcf427d0b322b1aaf269d00f34bdf5e03ca4083b5648e08798dafefeea30969fc4455f513bf348a8bf6108ba76f14e5ba0466eaac029ad06c6f5738a37165ff2e75eb622e8bf50e941104f2d9fba333e8d1d7df3fb29405f43c733ec9c9995aef06f0debfb98f0e6928a60b647950177af15f86f891d760edbf27ab6e470c0fc25940acae8de33497b1f0163510be56d41a8ea057cafc9ef24154cf6743005abc88aaa322fddf6798440743c34503bce95fa05dc2886a2962342a7da1aa3929e127afda262d951f29a56f7c3c60fac793b2a64afc99313805c69b68176b8529491404adcbbfa75273f1e2b06a22bcbb03ed88e9794eb9793f814c740000000d6bc03e90c4a06fdd628f5d278d990a394ffa5c6ec8a65fe3b13e5de7ab9d391c1c69ff34b3361d099069eb76090e2dcfb6580d477841bad1a6665fddc74ff3e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d80000000002000000000010660000000100002000000072438f28c3d2614f4fe7a2c49d4dd7c1b40c6087802e4600bfa2129130c07e9a000000000e8000000002000020000000b1a0790756bc2440bb114723f5144f007bdf8f63414d85a42900d04c1a28578c20000000a56964db6c1f98680acb488ba03b8279916a49f37a719bd3c68ad2e52460d8de40000000c26c41c2f2b209f7540adf1bbc32553348dd54efe5954dcb5926483909c036686a04435a0fbba7f8ded000b67969cac773b054082778cacd691d194f8338eced C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "80" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.download-games.online C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31089393" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "38" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "207" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d8000000000200000000001066000000010000200000001c860024688bc1bf84a7beacc242923d19cf10f86feecf223bb7db101971e3e4000000000e800000000200002000000077d6003fcf30a3a5e1c07ce19fc03bebe478e1c7692cfb67680a99be3cac56a2e002000002022722a8d22e9e060cb7521a7dc50b4a24a97a859c7948b7964fcf264280bc9686252cffc44d066f896e244a416ee0ba8f5dda7baa2c1035466d631e6b983b0008caf369c30689440142a75d24c9ac0f946cd7ab73e7964bb05418dbc3268f1c84138d30612cf32ddda47ab9e9a03c9d935850774a858a3ce3c1d636cf9a6e53066d49aebff737e155881f4990bcf6f5c352e49d8f1c1e8b758cfb66aff213e308c9f51e7a7ccaa79bd041e7a7d2c9003adb87c42b1f37118e43f2cd207d7b6fcd5450ee737a811ce84fade3d905d4a9733c435d972b880af5f3bc2827871211a58ca878828ae96ba71690e2c60f192c4419ff0489ff1e6b4966c80263100996b2f2920b2b0e80c15e80f0a98e53854c5407b745683f1cbdba7db516510f3c9787a7bdf639ce8070f67778ddbc7c460fef7bdf982fab06b84511ac91df740789eaebc7d66fe3b01935be84fbe6ee7f7386cdb282c8e24a4ae505f25f202b0949196c75a5c5bf5e71ccb739351be501994612bfd43923ac23a9cbb68d96757905c889a83005d58c0d45052d589c90e65080e53d047ccfb3767dc13effa36546ca4b8cadb75346c7097cba8dc1832d54e59d7e1b1cefc129e8b0c6b69271dba62521b5ceec4e62b376b4212909c821cf11ba41c46c2ee853f586ea5ae488cb37b8e89d87da2defdb694befed1bcfb28b7ddf10c52b73bf5c004e0fe01d22aa36d0673e330d7198445ff8f3a19291281def35f3783d2fd29efcbbe2d73a2b88ab9e09ed1eb81a53ddfefdec56eb59bdaf2aefbf7b0945f64296c2d779821d552a95e4fe35471ac0033eb064e6a3af08f120065227f4037bed3f62ad1d56c9ad9b47865174a9ec3a0007bb2efa6384b0302430ad9ecafd2d9f685768ef7b01707794393b276b557699a12afa8cdb42a7f764465674539141b06a84dc53f803bcdfd4a45e8ba8eac5a650c0b20625eb295f57978006091e67050202158125c753951f88aff814c7d1585a3428438dd0eb80c969fc605e9c597c4adc28917246ce3e40000000729f7d3719b83f9d024590ba2eb471c33a44e491f3c3c44cf8e047a8574b203229ddaa13abd6d67b40c1bf8204024f41260cd366abb3dcfeb48a3ad994fbf1c2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\Total = "245" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\RepId C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30D324C4-CEE4-11EE-8A96-F2DD3275D6A1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\thegamer.com\Total = "38" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80cac0fbf062da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d80000000002000000000010660000000100002000000079964dac109c43e638376f887ff8b49200fdba697de100756c02b929f99a22c7000000000e8000000002000020000000004f881a73203838db2335243be52e81eda87bcc6b9196027adb8bf5fcc31aa1c00000002c4a3154c1f4dcb73c77fb5cfaa57b4886be39a5bb855d085663add49b6b87250d7561bcd272d221d420482a841f223c59388745bf593e1d42839c882fc2620eaa4164a4e61e6eeaa0eaeb47cc560b60fb4dee6d004b03e9fc95ef173d3ed6cbaa51f594de4df6d6d02ae9a1adc3cc0f6e83bad1876e42a4a2cd518c7a25095054df8474a42ef2a2c34d2d16e9c34b5d6ce97195741e65a38f1d57eb3fa90d7119ca8972f8744422700906ce784e5df4a44034220a579dba5b10873d7ec7524540000000d773246b97b5405c2a646379fec048f6f977a5687b2247f60e3bf6d0b34aab153338a7ce6f2d6bbe5e1e320efcc8f0b6de7c4792185574a71aae3f7afd2c8284 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "128" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "80" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.thegamer.com\ = "128" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "246" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "373" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "88131199" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415114128" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31089393" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "415154957" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "286" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\download-games.online\Total = "201" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000127317454fed4d4bbdca7beb8611e6d8000000000200000000001066000000010000200000009a2b36261ba8bc926f0f218ca4c90f5d427f5d9705bc3abeb654566cbadabaf0000000000e8000000002000020000000842ca83ef5b8f462a12bfa3fdc326b6d3a2e512dff3f4dfc058667c984159974c000000083727985e567f717fdecebbd3f875291acc6e5f1aadd255bf4d386b0fb33a50c4c6c2175d58f7a01b6fa086685d7873abee6cc99327d56cf8a064c37fabaa49f6798cb934149a8bb2c1f19401a0dcc0362b4204b29d16d7fd7f243d58b0367b76a5b5cafce73ba28a8193b91143dd048d768dd263954a8884a3ef3dbfdfffee8857fe1ef0c341781e409010c7b70cd3ba3d04571f63978a4c13b62864425a723ed41a8523329d1de671eb9138a1e32052c98bccf49fe30323942b724f9a2598140000000398fd41b1ed4541a2d4593adcb829c4a9473634b36238ac8bdbb1f5bb655b42077b1cc0f3951be5141599a9b47960f83441c1136249b1b0034b801c81db8aff5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "329" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar\CurVer C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32 C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\TypeLib C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\TypeLib C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\Control C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}\ProgID C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.2\ = "Microsoft Agent Control 2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinPanel\ = "ActiveSkin.SkinPanel Class" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166} C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F581B2D6-E4C3-40BF-8A1E-F68CDFD8FEEC}\TypeLib\Version = "1.4" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}\Programmable C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip\CLSID\ = "{1EFB6596-857C-11D1-B16A-00C0F0283628}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28E4193C-F276-4568-BCDC-DD15D88FADCC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ProxyStubClsid C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ = "IPanels" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx, 103" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinButton.1\ = "ActiveSkin.SkinButton Class" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628} C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628} C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE4-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A} C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24830770-5D94-11CE-9412-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A981630-37C3-11CE-9E52-0000C0554C0A} C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComMorph\CLSID C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ = "CCalendarVBPeriods" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E91E27A2-C5AE-11D2-8D1B-00104B9E072A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628} C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.COMScript\ = "ActiveSkin.COMScript Class" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4B-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32 C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommands" C:\Windows\msagent\AgentSvr.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.acs C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}\Programmable C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F68-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\ = "_clsBBPlayer" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F} C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3524 wrote to memory of 2080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3524 wrote to memory of 2080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3524 wrote to memory of 2080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 968 wrote to memory of 1040 N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe C:\Windows\SysWOW64\cmd.exe
PID 968 wrote to memory of 1040 N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe C:\Windows\SysWOW64\cmd.exe
PID 968 wrote to memory of 1040 N/A C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe C:\Windows\SysWOW64\cmd.exe
PID 1040 wrote to memory of 3932 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 1040 wrote to memory of 3932 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 1040 wrote to memory of 3932 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 1040 wrote to memory of 3056 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 1040 wrote to memory of 3056 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 1040 wrote to memory of 3056 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 3056 wrote to memory of 4168 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3056 wrote to memory of 4168 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3056 wrote to memory of 4168 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3056 wrote to memory of 2956 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3056 wrote to memory of 2956 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3056 wrote to memory of 2956 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3056 wrote to memory of 2864 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 3056 wrote to memory of 2864 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 3056 wrote to memory of 2864 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 3932 wrote to memory of 1516 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1516 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1516 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 4304 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 4304 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 4304 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 208 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 208 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 208 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1048 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1048 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1048 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 2068 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 2068 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 2068 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1508 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1508 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 1508 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 4144 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 4144 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 4144 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 3932 wrote to memory of 4712 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\msagent\AgentSvr.exe
PID 3932 wrote to memory of 4712 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\msagent\AgentSvr.exe
PID 3932 wrote to memory of 4712 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\msagent\AgentSvr.exe
PID 3932 wrote to memory of 5012 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\grpconv.exe
PID 3932 wrote to memory of 5012 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\grpconv.exe
PID 3932 wrote to memory of 5012 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\grpconv.exe
PID 3208 wrote to memory of 3848 N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe
PID 3208 wrote to memory of 3848 N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe
PID 3208 wrote to memory of 3848 N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe
PID 4352 wrote to memory of 2232 N/A C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
PID 4352 wrote to memory of 2232 N/A C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
PID 4352 wrote to memory of 2232 N/A C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
PID 2232 wrote to memory of 5084 N/A C:\Program Files (x86)\BonziBuddy432\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
PID 2232 wrote to memory of 5084 N/A C:\Program Files (x86)\BonziBuddy432\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
PID 2232 wrote to memory of 5084 N/A C:\Program Files (x86)\BonziBuddy432\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
PID 1040 wrote to memory of 4792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1040 wrote to memory of 4792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1040 wrote to memory of 4792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1040 wrote to memory of 4792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1040 wrote to memory of 4792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1040 wrote to memory of 4792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1040 wrote to memory of 4792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Kyle neutron.png"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3524 CREDAT:82945 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe

"C:\Users\Admin\Downloads\Bonzi\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x20c

C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe

"C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

"C:\Program Files (x86)\BonziBuddy432\Uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe

"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe" end

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
GB 92.123.128.181:80 th.bing.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 a4.bing.com udp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 143.165.48.23.in-addr.arpa udp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:80 tse1.mm.bing.net tcp
US 204.79.197.200:80 tse1.mm.bing.net tcp
US 204.79.197.200:80 tse1.mm.bing.net tcp
US 204.79.197.200:80 tse1.mm.bing.net tcp
US 8.8.8.8:53 ad5b1b8d6723b63fc73af7a18a05a978.clo.footprintdns.com udp
US 8.8.8.8:53 bonzibuddy.org udp
US 8.8.8.8:53 361a96741047f23577dda01033688811.clo.footprintdns.com udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 8.8.8.8:53 89ad70076e895750410352861c0a7fae.clo.footprintdns.com udp
US 204.79.197.222:80 fp.msedge.net tcp
US 204.79.197.222:80 fp.msedge.net tcp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 31.29.187.198.in-addr.arpa udp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 20.231.121.79:80 tcp
US 198.187.29.31:80 bonzibuddy.org tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 www.bonzi.com udp
US 52.9.66.186:80 www.bonzi.com tcp
US 52.9.66.186:80 www.bonzi.com tcp
US 8.8.8.8:53 186.66.9.52.in-addr.arpa udp
US 8.8.8.8:53 bonzibuddy.tk udp
US 172.67.138.185:80 bonzibuddy.tk tcp
US 172.67.138.185:80 bonzibuddy.tk tcp
US 8.8.8.8:53 code.jquery.com udp
US 172.67.138.185:80 bonzibuddy.tk tcp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 8.8.8.8:53 185.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 172.67.138.185:80 bonzibuddy.tk tcp
US 172.67.138.185:80 bonzibuddy.tk tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
US 8.8.8.8:53 fd56b6e61dcb5da4dfd05410e1be294c.clo.footprintdns.com udp
US 8.8.8.8:53 4eae6c34d346121aa436a106911610b9.clo.footprintdns.com udp
US 13.107.6.163:80 4eae6c34d346121aa436a106911610b9.clo.footprintdns.com tcp
US 13.107.6.163:80 4eae6c34d346121aa436a106911610b9.clo.footprintdns.com tcp
US 8.8.8.8:53 c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com udp
US 204.79.197.222:80 c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com tcp
US 204.79.197.222:80 c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com tcp
US 204.79.197.222:80 c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com tcp
US 204.79.197.222:80 c06d2c55a3f4ca4cf9a37edb0d933715.clo.footprintdns.com tcp
US 8.8.8.8:53 163.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.thegamer.com udp
US 52.203.114.80:443 www.thegamer.com tcp
US 52.203.114.80:443 www.thegamer.com tcp
US 8.8.8.8:53 80.114.203.52.in-addr.arpa udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
US 8.8.8.8:53 static.kueezrtb.com udp
US 8.8.8.8:53 cdn.optmn.cloud udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static1.thegamerimages.com udp
US 104.16.122.175:443 unpkg.com tcp
US 104.16.122.175:443 unpkg.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
FR 18.155.129.5:443 launchpad-wrapper.privacymanager.io tcp
FR 18.155.129.5:443 launchpad-wrapper.privacymanager.io tcp
US 104.22.35.123:443 static.kueezrtb.com tcp
US 104.22.35.123:443 static.kueezrtb.com tcp
US 104.26.11.77:443 cdn.optmn.cloud tcp
US 104.26.11.77:443 cdn.optmn.cloud tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 143.244.38.136:443 static1.thegamerimages.com tcp
GB 143.244.38.136:443 static1.thegamerimages.com tcp
GB 143.244.38.136:443 static1.thegamerimages.com tcp
GB 143.244.38.136:443 static1.thegamerimages.com tcp
GB 143.244.38.136:443 static1.thegamerimages.com tcp
GB 143.244.38.136:443 static1.thegamerimages.com tcp
US 8.8.8.8:53 38.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 175.122.16.104.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 77.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 123.35.22.104.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 201.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 144.128.155.18.in-addr.arpa udp
US 8.8.8.8:53 enigmaticcanyon.com udp
US 34.160.169.226:443 enigmaticcanyon.com tcp
US 34.160.169.226:443 enigmaticcanyon.com tcp
US 8.8.8.8:53 tru.am udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 cdn.adsninja.ca udp
US 8.8.8.8:53 b-code.liadm.com udp
US 8.8.8.8:53 d15kdpgjg3unno.cloudfront.net udp
US 172.67.74.245:443 tru.am tcp
US 172.67.74.245:443 tru.am tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 143.244.38.136:443 cdn.adsninja.ca tcp
GB 143.244.38.136:443 cdn.adsninja.ca tcp
FR 52.222.153.178:443 d15kdpgjg3unno.cloudfront.net tcp
FR 52.222.153.178:443 d15kdpgjg3unno.cloudfront.net tcp
FR 13.32.145.100:443 b-code.liadm.com tcp
FR 13.32.145.100:443 b-code.liadm.com tcp
US 8.8.8.8:53 track.kueezrtb.com udp
US 172.67.21.232:443 track.kueezrtb.com tcp
US 172.67.21.232:443 track.kueezrtb.com tcp
US 8.8.8.8:53 gtrack.kueezrtb.com udp
US 104.22.34.123:443 gtrack.kueezrtb.com tcp
US 104.22.34.123:443 gtrack.kueezrtb.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 www.googletagservices.com udp
FR 52.222.201.81:443 sb.scorecardresearch.com tcp
FR 52.222.201.81:443 sb.scorecardresearch.com tcp
GB 216.58.204.66:443 www.googletagservices.com tcp
GB 216.58.204.66:443 www.googletagservices.com tcp
US 104.22.5.69:443 a.ad.gt tcp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 96.16.109.38:80 x2.c.lencr.org tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
US 8.8.8.8:53 226.169.160.34.in-addr.arpa udp
US 8.8.8.8:53 245.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 178.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 100.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 232.21.67.172.in-addr.arpa udp
US 8.8.8.8:53 123.34.22.104.in-addr.arpa udp
US 8.8.8.8:53 81.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 203.10.249.13.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 launchpad.privacymanager.io udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
FR 18.155.129.89:443 launchpad.privacymanager.io tcp
FR 18.155.129.89:443 launchpad.privacymanager.io tcp
US 8.8.8.8:53 ampcid.google.com udp
GB 216.58.213.14:443 ampcid.google.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 rp.liadm.com udp
US 52.203.114.80:443 www.thegamer.com tcp
US 52.203.114.80:443 www.thegamer.com tcp
US 54.82.192.172:443 rp.liadm.com tcp
US 54.82.192.172:443 rp.liadm.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
BE 64.233.184.156:443 stats.g.doubleclick.net tcp
BE 64.233.184.156:443 stats.g.doubleclick.net tcp
FR 13.249.8.192:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 172.192.82.54.in-addr.arpa udp
US 8.8.8.8:53 156.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 192.8.249.13.in-addr.arpa udp
US 8.8.8.8:53 i.liadm.com udp
US 8.8.8.8:53 sli.thegamer.com udp
US 52.1.238.157:443 i.liadm.com tcp
US 52.1.238.157:443 i.liadm.com tcp
FR 18.164.52.124:443 sli.thegamer.com tcp
FR 18.164.52.124:443 sli.thegamer.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 live.rezync.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 x.dlx.addthis.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 sync.mathtag.com udp
FR 52.84.174.30:443 live.rezync.com tcp
FR 52.84.174.30:443 live.rezync.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 tcp
US 216.200.232.249:443 sync.mathtag.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
GB 96.16.108.203:443 x.dlx.addthis.com tcp
IE 52.210.70.19:443 dpm.demdex.net tcp
IE 52.210.70.19:443 dpm.demdex.net tcp
GB 96.16.108.203:443 x.dlx.addthis.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 50.31.142.63:443 tcp
US 50.31.142.63:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.238.1.52.in-addr.arpa udp
US 8.8.8.8:53 30.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 124.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 203.108.16.96.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 19.70.210.52.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 d.turn.com udp
NL 46.228.164.13:443 d.turn.com tcp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 63.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 fd56b6e61dcb5da4dfd05410e1be294c.clo.footprintdns.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 ed144e10bf3699c85012966ee7f3caa9.clo.footprintdns.com udp
US 8.8.8.8:53 01af2bc4267ca7c567eb2d7fb16b9e40.clo.footprintdns.com udp
US 8.8.8.8:53 5043fc1b5923b49d6ada60f0cb7a668c.clo.footprintdns.com udp
US 13.107.4.254:80 5043fc1b5923b49d6ada60f0cb7a668c.clo.footprintdns.com tcp
US 8.8.8.8:53 254.4.107.13.in-addr.arpa udp
NL 46.228.164.13:443 d.turn.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
US 8.8.8.8:53 059104a31e0ee310f515c2a02ada53c1.clo.footprintdns.com udp
US 13.107.18.254:80 059104a31e0ee310f515c2a02ada53c1.clo.footprintdns.com tcp
US 13.107.18.254:80 059104a31e0ee310f515c2a02ada53c1.clo.footprintdns.com tcp
US 8.8.8.8:53 086387ea6f2ad454626ae7990cfd5831.clo.footprintdns.com udp
US 13.107.18.254:80 086387ea6f2ad454626ae7990cfd5831.clo.footprintdns.com tcp
US 13.107.18.254:80 086387ea6f2ad454626ae7990cfd5831.clo.footprintdns.com tcp
US 8.8.8.8:53 f81fd6f174ab9ec0ebdea023f325942b.clo.footprintdns.com udp
US 8.8.8.8:53 254.18.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.download-games.online udp
AT 81.19.159.21:443 www.download-games.online tcp
AT 81.19.159.21:443 www.download-games.online tcp
US 8.8.8.8:53 use.fontawesome.com udp
US 172.64.206.38:443 use.fontawesome.com tcp
US 172.64.206.38:443 use.fontawesome.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 21.159.19.81.in-addr.arpa udp
US 8.8.8.8:53 38.206.64.172.in-addr.arpa udp
US 8.8.8.8:53 s.yimg.com udp
IN 27.123.42.205:443 s.yimg.com tcp
IN 27.123.42.205:443 s.yimg.com tcp
US 8.8.8.8:53 c.clarity.ms udp
AT 81.19.159.21:443 www.download-games.online tcp
AT 81.19.159.21:443 www.download-games.online tcp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 205.42.123.27.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
IE 212.82.100.181:443 sp.analytics.yahoo.com tcp
IE 212.82.100.181:443 sp.analytics.yahoo.com tcp
US 8.8.8.8:53 181.100.82.212.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[1].xml

MD5 4a50190666e35e04df6ddd2f9e98a01c
SHA1 d332c9689afbe942210631ccd653e7b78b652c30
SHA256 6d1ae77d09ff042351c4ab98e296d1ee4153100e2abaed09531f8ac817821f3b
SHA512 337a48905f774fa1d06ec5610c0cb46eec358557e0e091ee93c133701158d230e5ea8313769bf26c266365b93ab2fb0b0ed284ab1267146f683aa1b249b01f61

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[2].xml

MD5 fc6571aa21f4066d0b932fb66345a9ee
SHA1 674365a947b7539a705975d8fb0bb85dd25fb13f
SHA256 59c315ed6af31f2e29ff366a165ab96cb897bdde02d3404d178602104eca8cae
SHA512 2a64eadc3289fe5f746852ab604fb8b2bafd6daa2171094c2bfe9e29543a69e7ab8b6df9c8be5b714ce7bc6f4544c53c5c973f1e00c80af9e2e4dfa8c9beae93

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[3].xml

MD5 08b8c7a057034e41ae65495624db1c38
SHA1 f3871f6c355d057ea27b1b2058abde053b6f7731
SHA256 9d2d94f017789c19b0b5d3265654de62834499d1943b877cb09f7c2a699b3892
SHA512 b0031e336f3d1efead973f648330e9453758eca6eed98fc4f50014a64fac71130ac7f8dc98ef8967a77023351badfdb5882259cc870d3c241802f2c9651a42d9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[4].xml

MD5 d8e9113464ba1045b13fe5c15c4e9219
SHA1 eb3c294d9844d42fa52b53ff0c11ae636b41aa8e
SHA256 dcf896fc951fbfa931a8276047fb54198b35e1af600ac84b9156f200bc73d329
SHA512 774f7450a8433f8d25801ffa6ea45548075cff364be5823a7cb2f6cd3bf75cfd62fac91559a42a7de9fb447a14fb095047d3b187f50c15ffb52b39a1963c1c0d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[6].xml

MD5 69d81a451b93c7342314eead4ad36762
SHA1 6e6d88d62d09accdb451d3aa0ee6a737b48fab91
SHA256 c7d0a30b6af155b37182cd7b7440819a98ddb0aa70e2246b38cf52431fb5c1d1
SHA512 4c99ab8133a3a361a6acdaac3f95e2be8ab0f1204c537fbe3d409f9509f956c7365a620f5507222cd5afa666084b9fb53ed9bcfed1e43de5f3d6dd303648bfd7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[7].xml

MD5 b22f04c0b002741d19f8c501df164c1e
SHA1 7d80ec67ef2484c96a02c6029ad52a32de8b055c
SHA256 56f358966d5de32db3c1779cb219ac6a7f42bc5b1a99e8fb51f56d7a8391881b
SHA512 ca0db78820bd414ce3a99dad9ae02bed60c09837bb427d78c1258f5b7a0b792adecbd441e8c2dd99a4247034cc1ad39f4439ffdacb00db936a28bf32d4042a30

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\qsml[8].xml

MD5 0541f4e8ae2f726d90db40f694281e05
SHA1 a01b4931cd338abd3a9d5008991219b71679a02c
SHA256 bcc5ae404256dc4fdef9dffcf1dfd2d7f66c8cda2df7adc363a078f3a8ee3aaa
SHA512 4653c4c7d7c612d7e5976f5102b51a232b905ded4769719271cebc54b60daf8a6ee77b499d3d72ccb28ce47e269189e1716148f9eb912dc382d8ca73e92cdcb9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GTYNR4Q5.cookie

MD5 588c8f38e6b514fa11c17d9b46adf69d
SHA1 6814e0afac736272f7bc4312aa74bc689c5850cd
SHA256 d70a02e8685a73f8b6d48c9482ed41be03f8dc9a1099b642b0915e1a7f905b9e
SHA512 2a4bd55b336991e967520ad0d7430171f17cb92126e52d5c6e775adb1e7b92b9d152567caffee144d0f945ea470208088e7c86f152d13f804c529cc6d7c1e54d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JBJRMC16.cookie

MD5 e7734a960a0c464a618bbde8513214f9
SHA1 969d304b15576bbb5a3b448dbe4d7dffccb95942
SHA256 5f69ab57b1a2ae1c10a2be59264fce7e4b1c366c463d37c5ed2b493ebc3db4d3
SHA512 28a05e0b7db8dcf6f59b164a41e37c1212dc95e4c2e8067aa75eabf3c1a1ef3360fc309f7a90bb036a0c5525f3de5129d266a05ba7933cad9c5a0737a525c2fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 0e3b07ac606155684a812064d0345265
SHA1 58c47c147a0f4086be90d20d4fa2a2812e67edbd
SHA256 205e2fe1c0d48d6c48cc3fa241d1f59f80bb5d95b332583f6ee07ccfd8486f5e
SHA512 a4ac18e1f9c785a4b74551f71e57e6416003d14e32371762a65fa75276468ca11224f7341d9769fdadb2b4cdda3773e8a7ace50ca2fe89e593f06b1dda219bd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\Ia5_CRNB4xoyu-KVOjnUHgipNm4[1].css

MD5 8938885c71810d8fb15f670c69a07d38
SHA1 ab576481e3de2e7a73f7b27f948e8e20bbdd6ce6
SHA256 7ea4b07664189023786927b493c0cb0bba5257ff761d69bed99760dd55f6b54b
SHA512 53e9308184f471826280791213d10869f8b4ad908cfdf4f1f66de4df6dcd3a02932224fbc7f27bebfe2c8280fb6fc1bd42082d0134bfca48dd4dcd9b3dda4d61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 2a94851e6ea13c2700db82f2a2d9ba0f
SHA1 dd4c22e65ee6c415700f5bba67672e872fe29616
SHA256 bf03d7a810cc031bea5f1351d1640d22a2e6e21fa76ec4790c0ccfbfff1fac76
SHA512 e0f60623b366c0d5cd4f9c70ac8d43027251e36cc62865d51674d2c1dd1e9f610c0cdf9159cb45a8c2eb19d09824e6971a859480270ae7cd5e5e154c34a69f5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0802E4632F2005DDCC501E41C2958E5

MD5 eb252e5a0fd154c8449fcc9bdef5e04d
SHA1 57f60f5d7c3cb59ac7ded8297a8849c0ef901af2
SHA256 3ffe05c3417d96aed6b251751ccb1add02ddd78c74dcfc6abe017a181346a0a0
SHA512 2377f82ca9f4f48419e6e5cb0081fc0539c93f39cd33d917765625a601c2b33b53c8b454ace36a328bdcfbc6a94ce0f3126f0dcce58a7634b6a5e08bfe0fd0a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 da6de4d17f082dd537f69277675fd630
SHA1 da9a83bf11fbdad9db5ce662bdca9f0e3782aca1
SHA256 deeb5c3a33288682f450454520c657382f23e71bc6325347211a1580e2c6ae2c
SHA512 498e5f8d592eb6d42abb44ef31ee0737fde66acc707090756ebb60d42df4255489274869ef7868e1c79075fa260d62c7b9f3e033e4a6bb540ca0a6f7e0337b16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0802E4632F2005DDCC501E41C2958E5

MD5 4fb6a159824c0d48ae2262296fca7d8b
SHA1 c1f532269ba51223cd724b821aea8600895cfc16
SHA256 5d913010dcb73b7fbe84582800295ca88b75b3a08eee38dd6081f3c82ae440cc
SHA512 ae6e2541e9b6ad825e04071bf61eeb2b7b27f62a527535982b5ebcd713839e1f0172dbae18a61955912801565bda577a52447f526c786350a254ff7a7c478953

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 e73ea0cf852960ddb0648ff3afbbca6f
SHA1 9a758e05b25fc37598de0c5ad974240f8225dd6e
SHA256 bdf6cebed8f90aa5cee1ec8aacdd8d1ec1a97efb9d838abfe373c585cecf91da
SHA512 942da4367b50fb20fa21f4da9fd8d2b889a53eeeece07d9dd2c65d3d9fda601b6a5841b32f96504d19cefb241331a611c9cfa7a4148df66224cf84b7df13b074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 2cdea405e4dbe5d0b8c7c223ac2a1f22
SHA1 472f0034c25080e74a3f62d34ba93f55e6222d3d
SHA256 457e0ebb2cdfbe5ce12b9c9679e522883ca7eba355deca0be73985c4bebb7f26
SHA512 22bd06c93921b389c24cea239025063e77946d4a63bfa3e5b551a1386782dcd961a97db8393044cc95895bd84d3fb180a145ff8f2f3c77ee4f9978d35591e2ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 32796bfcebea59644b23ee274cea3dcf
SHA1 dd9f1074c1deaacb4af2edb309f8d272830c1a1e
SHA256 d8882c3665916977ebe526185bcd5350fee84d852a444225eb0f760724141910
SHA512 d3166ddd76c52c554b2f59c9bacecbd72a3718fcb6a5ee3038b22f6d11bf142560b1cb8d31e16ebc652486e8f1b3bac7886922c13f86126d6b0067ec81a33915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 5ed11bfd1b34a55433528e058704e090
SHA1 3d287ecf7267b18825b4e814e40001d17fa8dafb
SHA256 653776133270bdd7dc444651fd4224296b5fa4afbafd833aee14a7589c44407d
SHA512 6a6b23352b84fc3ca11caaaea4e1f62ffb9cc802729aebd63c3a0362412370848339294ee6d35959b598fae565b696f47c3f0bb558eb4222b253fc1e88efb54f

C:\Users\Admin\Downloads\Bonzi.zip.eeftgxp.partial

MD5 feeda384373fd6d2d8eaed602e4065b1
SHA1 0a2a09a8dc0ccc1b2c3cee46ffd7a04f13ac47b5
SHA256 273a834a0bc8d28f3808fa5d3f9c30aa23ef548429d95e18555a6d649eb6d751
SHA512 068dec645c398a2ce969f644277d0c5c7fbb4c220be0e7e31e0e0dc0e2aca0b248b405d3dc2d968405bb6b7d6c10b7ce5565e44f34c3e137f04ab30aac673d21

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\J9JTK1NR.cookie

MD5 340e10ea3d40b73c5adc225a63c05475
SHA1 1ae6487686e2990b7abbfd9cb17199b99744c062
SHA256 b37881cb130bc953f8445fa27667ff7b3ea0ad020c1204db6fd9ec06449a0b28
SHA512 614e0dbe314ac61737a24227583cc3d7307c9580a9cc08c0522e46d83e455c5569454d4ea2bdc3622b8ef37ef5852e3a277d436b44685dd889b6ad16aaf535b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 333a35682ca2f9f580e6dfee5b78e868
SHA1 96a1b7dd4c2df466e0a0a50b3209fe50dc8b76c5
SHA256 707057d132f0ce3d4292ef4cb1c37803e50e73ecd77997b7e836442d8aa4c73b
SHA512 2721d2ed3d517718bf1392c0f050e902268c8031c42bec9aaeebf85f4db8d902a4283f8510d19692803c3e22fc1e6daa47d2179f4f45924068f785b93f408c94

memory/968-660-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 596cb5d019dec2c57cda897287895614
SHA1 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa
SHA256 e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff
SHA512 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 7c8328586cdff4481b7f3d14659150ae
SHA1 b55ffa83c7d4323a08ea5fabf5e1c93666fead5c
SHA256 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc
SHA512 aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 206e1b51f589e86ddc65ab8d54ed91aa
SHA1 b4a61ba8c671c189543c92f4703eada6c5d23c91
SHA256 78b31172271e1ee6944825a58b79c340a0ce58a5c56bdd021a080278d3c9448a
SHA512 e876f60a26c1f6b23cd6fe62ef1990ef4f953b85cb577c084d5dbed6d85103e1698f79a1cf0c6fe9d981b80df778e6babc10404f66dd0f35fa74ac25025ad9bb

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Windows\msagent\chars\Peedy.acs

MD5 49654a47fadfd39414ddc654da7e3879
SHA1 9248c10cef8b54a1d8665dfc6067253b507b73ad
SHA256 b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5
SHA512 fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 d724813b726d498e43f194c26eeb3c71
SHA1 ca91314415fe34c6079a2daa3162520eedb5586b
SHA256 ab350e86456ba41fb77030d668695ffc2b18a207cb2b71f462a064453c335b77
SHA512 78c2413892c983d4480fcfb8c9771b65b60b68c98a254e42974cc389c4f944579b292ddc7d704504d06a831a43492289409b24a6e70085cc7fbef98e3c99697d

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 b3b7f6b0fb38fc4aa08f0559e42305a2
SHA1 a66542f84ece3b2481c43cd4c08484dc32688eaf
SHA256 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b
SHA512 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 8a30bd00d45a659e6e393915e5aef701
SHA1 b00c31de44328dd71a70f0c8e123b56934edc755
SHA256 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512 daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 07a2804ba47b22e189648c7441f6ae28
SHA1 fbb94e3f2392ffdf8fe64e01dd90cabf196d3f0a
SHA256 c4a572b5be9795b515e2001879e92cb9915db94bdad9fd0d256a71966691d415
SHA512 b206ffd20bc6a56f9726415ea8bef1bd90741653e42e131b5934e0f63c96a65fd61ab73c86671b8b00b66120a28e6d617492ab4ad15e2a342338539267452c65

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 4f7817bacaa218b79d93044c483d154f
SHA1 346804e5194a0aa743ca40258b17898a9a3c15b0
SHA256 92a5140f7aa4386739095f38f20df0ea8f7aabb3ed001a57d91d12a7e7c54f98
SHA512 eba77fe441dd43ad5af098ac91f4dc04c9136766214dccd8c1b19c602d039123eac0d6f7a5209f2ab62ded44196dcc3d5004553cde59af3fd6bd7d5de516d394

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 578bebe744818e3a66c506610b99d6c3
SHA1 af2bc75a6037a4581979d89431bd3f7c0f0f1b1f
SHA256 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71
SHA512 d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

MD5 3fe922500cc08fffdfca0b0b3d9d6dfd
SHA1 6effc98b83d71ec6db40e1ede2361e71ee8ee585
SHA256 3391d7ac514eaf4ea3c7faf6c2304df122f5cf1aafbad1fdb746185ec98fb108
SHA512 8f6e76c6425f5e9ae0f46064a894f8b53dcf57608f3e91b168043d42985dfc9a59a54ccce3339e0d27e7d31a78fa8b9644bc7e9683f35127f4c190e4e19d7cf1

\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 12c2755d14b2e51a4bb5cbdfc22ecb11
SHA1 33f0f5962dbe0e518fe101fa985158d760f01df1
SHA256 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf
SHA512 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 97ffaf46f04982c4bdb8464397ba2a23
SHA1 f32e89d9651fd6e3af4844fd7616a7f263dc5510
SHA256 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1
SHA512 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

memory/968-1256-0x0000000000400000-0x0000000000424000-memory.dmp

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

memory/968-1620-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 93f3ed21ad49fd54f249d0d536981a88
SHA1 ffca7f3846e538be9c6da1e871724dd935755542
SHA256 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc
SHA512 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

\Program Files (x86)\BonziBuddy432\msvbvm60.dll

MD5 5343a19c618bc515ceb1695586c6c137
SHA1 4dedae8cbde066f31c8e6b52c0baa3f8b1117742
SHA256 2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce
SHA512 708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

memory/2232-1656-0x0000000000400000-0x0000000000416000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Uninstall.ini

MD5 b96a2973514b5193b6dab3323084474d
SHA1 941b591aaf2400896f9a26a6c0f15b352ac0f0c6
SHA256 a5c3de3639c3074ef80f52adc34d8483bc076bd332485c066228a6391e43bc1e
SHA512 88ae136e9833e1f7f1fee93d4c5ef295c854b1218fad63a6ea43ec9b16426adf5341cae0d40230f8c0bcbab687332a7d9799f968cad34333b0082b493ad4778f

memory/1068-2363-0x00000286E3820000-0x00000286E3830000-memory.dmp

memory/1068-2379-0x00000286E4040000-0x00000286E4050000-memory.dmp

memory/1068-2398-0x00000286E3D00000-0x00000286E3D02000-memory.dmp

memory/5084-2399-0x0000000000400000-0x0000000000416000-memory.dmp

memory/4792-2416-0x000001C8F6CF0000-0x000001C8F6CF2000-memory.dmp

memory/4792-2419-0x000001C8F7120000-0x000001C8F7122000-memory.dmp

memory/4792-2421-0x000001C8F71E0000-0x000001C8F71E2000-memory.dmp

memory/4792-2461-0x000001C8F7E30000-0x000001C8F7E32000-memory.dmp

memory/4792-2463-0x000001C8F7E50000-0x000001C8F7E52000-memory.dmp

memory/4792-2465-0x000001C8F7E70000-0x000001C8F7E72000-memory.dmp

memory/4792-2467-0x000001C8F7E80000-0x000001C8F7E82000-memory.dmp

memory/4792-2469-0x000001C8F7E90000-0x000001C8F7E92000-memory.dmp

memory/4792-2475-0x000001C8F7F30000-0x000001C8F7F32000-memory.dmp

memory/4792-2477-0x000001C8F7F50000-0x000001C8F7F52000-memory.dmp

memory/4792-2482-0x000001C8F8110000-0x000001C8F8112000-memory.dmp

memory/4792-2495-0x000001C8F7B80000-0x000001C8F7B82000-memory.dmp

memory/4792-2500-0x000001C8F7BB0000-0x000001C8F7BB2000-memory.dmp

memory/4792-2502-0x000001C8F7BD0000-0x000001C8F7BD2000-memory.dmp

memory/4792-2498-0x000001C8F7BA0000-0x000001C8F7BA2000-memory.dmp

memory/4792-2504-0x000001C8F7BE0000-0x000001C8F7BE2000-memory.dmp

memory/4792-2517-0x000001C8F7260000-0x000001C8F7262000-memory.dmp

memory/5084-2522-0x0000000000400000-0x0000000000416000-memory.dmp

memory/4792-2537-0x000001C8F7790000-0x000001C8F7890000-memory.dmp

memory/5084-2538-0x0000000000400000-0x0000000000416000-memory.dmp

memory/4792-2539-0x000001C8F72A0000-0x000001C8F72A2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF21E47AA3A99B8BA9.TMP

MD5 e8b76ad4f25a0a9975ba5df0dd3801d3
SHA1 66c6dcf906456e89863bd90ca5b8cd3114f2bdc1
SHA256 cfe6b7695146c57c1339f7b13b30accd205fa455287869edfc15a2b016d51553
SHA512 646161599ca60a98ea573f6cba0bb6b3370954352dbaa8a213a576979e536e89575637ed191cb4c390640df062a97ae02dfa287f0918206e2100dbed4c1e2cc8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[1].xml

MD5 012d83b1a96fa67271d5deffc746210b
SHA1 91ff5aa68c3225208343ab32a9d224627cb30490
SHA256 9a9bd1e366d0cd09962f0c9e06352588a42b541073d0b47dc9005859bd661aae
SHA512 4206fe15fe8af7a1c6f1c1a4af21971787ca2d42f0917f7d70fa5e82ce6034708de0366f49b537d5386e7fafd57a6bb0a9a03e32e7cca96092e41c22f5e4dbb6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[2].xml

MD5 e8a661a8f3fe592ec50cd985e6fba407
SHA1 3948ac74f82d36762a4f272296c4a88d8b44937b
SHA256 3f73b609fb7120e6ab3b0ad98d229bf43bf76d0b366c2fb1658077fe1d17a8e2
SHA512 2707a2508fa492db9bf8babac4090a5c8263e3f2df159c04f3a85bdb82c75d9384d6366422607b3cbdc567d23e8e5f22c7b61fd18d16a5b25a656a1c1efae898

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[3].xml

MD5 6652ba95ced3af87a8d3c44bdaa07058
SHA1 2393f95e72419a2fd3922f81268cfb4c11cfcfea
SHA256 1c703a5d06033b3491dfaed827720825d454bb238e14b198429af6ac834bb2bd
SHA512 1e11a800398b4a4812f1e07a4ddd0a1ba2340821243e5d56b443fcf9298139c1882e9556e45a49c5aac254c44b88ebb6768d28268faf004da63d05487b96ec87

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[4].xml

MD5 7f01dcb43fe2b6f54f5094bea2b5de4b
SHA1 e03dcc724164588c0db3b5dac811d2feb445ab50
SHA256 45cdc0f878ea70650ba2cfadf27d369a25c9359c82ecdabe0114d0501eaee7ba
SHA512 0fa5f9aa24297da0fba8449053f629e1c3573b2ece2e66f5338c3025a55adb19375b6abda6a829ebed390cf4abd730cc7419b308aca8c23302a87e7e70efa4de

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[5].xml

MD5 21d0ac69361bb06764b8846d09d30822
SHA1 e1720247defa97ccde202edb20b878b119246c22
SHA256 5990dec94caa0921d0694aa698cbc68c7324e90462e0c0c2db334b03d25bcfc1
SHA512 13305ed8ef6e751d8795b093f5b27b9fcfd3bc983d87066c57e3e83cbb992e1ccfebd8cba745fa282112df11a267aa174eb07589e5105763df5d8a7845cb43dc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[7].xml

MD5 96d6d4e78aeac685263c8b2ba0da0343
SHA1 26ed02c1dde37cf4e3d82d8ad16574c214482365
SHA256 273d8fb7256268851f1ab613af7e5b6ec58a82d0fd61a269cb6d408147bd7691
SHA512 1cae3116cbf06929ed7980833a423e7e81336cd77c6791730efb676f6b7fe2824b319e14d4641df288b895139a367f05acd2ddf343986d32234dcbba14c8a282

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[8].xml

MD5 622f5d97964341e43a429f1333d0918e
SHA1 f9a41d4a5293d9d484252eb1efbf645cb6a9323a
SHA256 0bab3ce582a40f2b3229d650bde4e9938f7ee956958c6896aae4e1bb7f560a11
SHA512 826eaebca2791721cd4a15e58904fe4b2f81392079fc10e35dca95aabcb1ae855f318c0b70ed92290ebc325fef2abd7c586aaab843175723c282d080d66d898f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[9].xml

MD5 983af652492e6fff22fbb136df7753d1
SHA1 9c80685ba507021481a8cc01fcef609298dca9d6
SHA256 8370e5cd5789d7ccf237dc3d4fc31e81585c8c8d3bba9935bf9672d03b49a365
SHA512 8dbdc75821d64e105dd55999c9edbf2092983c6a356b82fd0c6806274d9e98e8641d8e399f3f690d6e7d6f1d11ade47ad7db91d413334294d16352ab6127c340

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsml[10].xml

MD5 99f7c284427ccb9b26d6845b6349c33a
SHA1 b5792a50fb2e0a14e79c38c9a5b6b48d980a7059
SHA256 bef500cb8fefd1cdadc454470fb492c20457a6d3c0faf2a589362cd17aee9601
SHA512 843d7ec17989aeb9cbfacd0174c5381ac4b94d4871176486661ade295af83128c70e8b42dc6d06fb2ad54e9177bfe1361e3943f2be29b85872bfaaee1ae24b3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsmlONN2YPUZ.xml

MD5 48bd20bde4d666c9854974dda23b383a
SHA1 3a7e59d33c51dcfd12876d3870b16848a711ae60
SHA256 bdaf0f0c3d84ce9113b793516ab7d38c71fb0416be7b4aa360ef1b55166a35c8
SHA512 18478ec91deb2c67d4c44a35e6ddd5b65b7caa677a27ddc89bbf9d2750d4c346db971c8591283fd15ee11ed7b60e0e0f1a9c497901c9894890d9d23888ab7c8e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\qsmlQFNVXJW1.xml

MD5 1f2a7b840929e7a6d1baca43e663241e
SHA1 e0960a40f4f5b3e5c0f69db87fad9914ef7a0b7a
SHA256 29ac6ffd1dab17718dc3e449a9b651018af0cf8f022a45d1a62320e89db66610
SHA512 a8efec2aafd9a258204ef01a700e83db9857c35b75eb51473c018bcae1ec00b1d0a2f7a2dbe2e75a1d67cf5936876b0e7a6b7c6f1bc7c0f714fc13cace649254

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\WJ5Zr3KXGmLOfRuanmzz65HPIU8.gz[1].js

MD5 09964116a876dacdb4e4a92a44a1a2c6
SHA1 f411874372672002dccca49013012e92fafddb7b
SHA256 521063381dda828e51930bec523a2d9f442aed51ddf3292446acac94daae65d0
SHA512 c89e7aa94c1d8ad33c7ae62e6f3ea0e0cdf8bacf228b33e03b731e74d7f8e04a960d7e44bd430c26bbf6740a3ac5cb1feb622ad2059cac76d492e22d21f78a8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\b5XvfNix8_OHs4DhTF-ooplQTMs.gz[1].js

MD5 b3ca28114670633e5b171b5360bb1696
SHA1 683f2fb3d4b386753c1f1a96ede3ca08547f0e02
SHA256 a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490
SHA512 bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\_wse7ZAlKQerpYeIowH6ixcZlys.gz[1].js

MD5 31a2e167e8eda6790b18616bc0c703e0
SHA1 8fb3c76c819f06c665925fd8140f7575edbfa66b
SHA256 855c209d488fad81c2d2c92815a87d84b2d2381309b94563c89ecc8d0e50ad9c
SHA512 3a2b949d6c121de16e932c8ac05af036a9822538e5e6c0c93288ff4d3a39cea02797c0d2175c6c5a361a6c996fc49c8734486607489919c15e7a3098b7ffb266

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\NRudXMsXYtnM1BQyD6xvAZoudZM.gz[1].js

MD5 2ab12bf4a9e00a1f96849ebb31e03d48
SHA1 7214619173c4ec069be1ff00dd61092fd2981af0
SHA256 f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac
SHA512 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\2MNFZoUV19wQglFaxwi8z4iyQlU.gz[1].js

MD5 602cb27ca7ee88bd54c98b10e44cd175
SHA1 485e4620f433c02678be98df706b9880dd26ab74
SHA256 f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8
SHA512 b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\we5MTeTkjiic9oaBxzZpmSWxZ5k.gz[1].js

MD5 8c8b189422c448709ea6bd43ee898afb
SHA1 a4d6a99231d951f37d951bd8356d9d17664bf447
SHA256 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff
SHA512 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\dvzAZc08QoRQcmA7yoRfhaItvOo.gz[1].js

MD5 2ac240e28f5c156e62cf65486fc9ca2a
SHA1 1f143a24d7bc4a1a3d9f91f49f2e1ba2b1c3d487
SHA256 4325982915d0a661f3f0c30c05eb11a94cb56736d448fdc0313143818741faa3
SHA512 cb90cf76cd9dc16829a3ff12be5274bd26a94097ad036f199151f1c88534a15bbb8f8dafdd699e51df5c38e73c925c00728f807b20c0b097a5842963525baf4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\5DO8gtCg3cuThAzYvD-3z0fqQeE.gz[1].js

MD5 d39510884ee1cc5d9ba822543a71be20
SHA1 5a7a1d51e5f1b636285969a31e7334e5256eb07a
SHA256 e67a34d821594f5e9c5a430dc32cdc6cf0c66b6f95e9bd27d4c4094514004ce6
SHA512 5e1d437b705572702b3504eaabf291c7fd618daf23375695791b1f5f472810183c13b32ab4e998e20b13c8d7dd7965401830e337d990c0cad1bf530fdb1c47f5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\UqV-gyU0dytDPL33PAiwX9jYT_4.gz[1].js

MD5 5523d6fb9beaeb6ffbdebf325618ec53
SHA1 45dd9921ee5391e91f0bb60e86a4a51b8408955c
SHA256 41beded468e4758b55909ea550f5b9c7f735ba67c5735c453981e9b405f56142
SHA512 1347d6a82307191cd0ebbf7042af48db6c3db2953efb007c9951740ea36283e4e80ef4826282a7aa49553bb3639b747a3e4dd06fde7702507b0b5c958e1baa05

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\tdTMdL8EdqhqSe4x2qx8qf6i8-g.gz[1].js

MD5 472e4c0f78992e66f029d6cfa0061b36
SHA1 c04a9b6151f4113564346bd2d3ddf4b1bcc3c7f8
SHA256 627cbd6266a53e45d4a8cd0dcbb580dc2e07e7f2327d936c103031c2003f187f
SHA512 c02b98dce8cd787f5bce00c590d08dda6761b3eeff0de4cb92127ef42a277160145c6eed66e1b1372ca723c5fe5ae899a13c593b31290ba6b48e6e3def1c3016

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\8noA6v-veC88Jmes3Le5xrfe-po.gz[1].js

MD5 6fc02be780b0fc89255072e8a595b605
SHA1 8fbd8d519a0c90773437e23e7bf033b501a76dc6
SHA256 892b90c7e1a5e8f33de13423674abbf40381890f2426d36d0d6a7a3c4e00a3b8
SHA512 cab1d3a9896e739d821f30845b9ad318546e01966c96af1825cbe1b2baffd0922e477cabcd1c3a2cdf4b01301e6c1a6bf892d8fd9ed27bee783051374a4d4d85

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\3tdN5-aUjXHlyFDCP-W57B-Gjkg.gz[1].js

MD5 0c0ad3fd8c0f48386b239455d60f772e
SHA1 f76ec2cf6388dd2f61adb5dab8301f20451846fa
SHA256 db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7
SHA512 e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\U5G6p_Tev2pTiyx-qaKz78k-LeI.gz[1].js

MD5 1c0981ac86e2ea5b7f08f34548af3280
SHA1 57324208ddb3a9e80abd3346607d712c999c2e50
SHA256 00ff3483d93259aedb929a9fee4454a623830b18a08f08781ac1961c1e98774a
SHA512 0f7185a8579d9bf1b89623bf126c58789010c76f7e279a3f44064c78b2e3e04bb0a89394e6be185618071153bc872e43a69211255f3470e1120e51ab0d5f2329

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\qu6fPbDnALKf1YOEETSSe8UzB-U.gz[1].js

MD5 b10af7333dcc67fc77973579d33a28e1
SHA1 432aeaee5b10542fc3b850542002b7228440890a
SHA256 d99b46c716faee91274a2d94869953fb78d312857cab5c1a61ea63d7ae90cc68
SHA512 c0afa2847a873b82c83f45a03c40fbb435668465a4dcefa21a31895a4d1106300f4041b385eefff2c85fc87fd9f1d0560d283116294468b710f6ca4f88fca1e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\f5M90q9eKVXkGU-DAv9Aa4jef2k.gz[1].js

MD5 8d078e26c28e9c85885f8a362cb80db9
SHA1 f486b2745e4637d881422d38c7780c041618168a
SHA256 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461
SHA512 b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\fHuyi8cU3N_FKljgNDAU8JiBqx0.gz[1].js

MD5 f1cf1909716ce3da53172898bb780024
SHA1 d8d34904e511b1c9aae1565ba10ccd045c940333
SHA256 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01
SHA512 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\c7QZ5k10E24NaQY9fPjMQUxFL7s.gz[1].js

MD5 44e2fe4485dff2b58657da38e7682c2f
SHA1 49171495ba10632c88a34b8df2ef43943c57b112
SHA256 9408809306892f1159ffa6e11428738aa327fb49dfc4d59c5b91821872c137e9
SHA512 f2a524155fc56c1d8ebb5a7059a71d82405aca24ece06d2c22aae102bcde969638f57286e0987b745cba9c24be90c5b3f701c31415f4c7411188db33454b3d75

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\rGWTfn1YVmDRfMb1Jkguvl91Ajw.gz[1].js

MD5 08e6ab16353d021ac4dd0d038aa62ada
SHA1 4ec1428eab0a5571344b6c71233a9b6c2d29caea
SHA256 eb9196ffd0add7f34b23df8cdfbb281fc7e3c23faa9363294b053853e68645ec
SHA512 86a6fb451ca8706f79f1814f7bee991c7be3e498abba627d6b2d946ef1ffd30fe95d252f1c1d0d8d0a06a92dd9aff63acae14a8a2fe0e49ab55bf3465410cd5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\SO02eTikN8ZV7bCSXFKur4CKSoQ.gz[1].js

MD5 6c2c6db3832d53062d303cdff5e2bd30
SHA1 b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
SHA256 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
SHA512 bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\cLbtDmV8Wuu85z4ohozDWHwPrkQ.gz[1].js

MD5 3ecddb057770ebff27d7f0abb202f54f
SHA1 ca37399b5fb004a544f49bdc9c8bab352e69a126
SHA256 d22f690af5cdfde25765aceeaa4b66b565435117a02cde1d8601c53c2e5db1ba
SHA512 70ee083bcd9b898456bdbf2b29d504ceae331573ad8541ebeede1aa136add8c8cbf63d719bfc4e8ddf37e4b7e1dfd5233bee807dcde4aafe8be14094b4570036

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\byLmVJQA1UzOFcrs9Jrvys4jXhM.gz[1].js

MD5 2ef3074238b080b648e9a10429d67405
SHA1 15d57873ff98195c57e34fc778accc41c21172e7
SHA256 e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da
SHA512 c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\jQ1w07qyCcc9l2abcuV-aLzD-d8[1].js

MD5 52112879d5349e8b00df2197105d30e7
SHA1 8d0d70d3bab209c73d97669b72e57e68bcc3f9df
SHA256 6d9847b1da91ca359d58f830db46d984b5101f108594cc9c05bc881185c2a977
SHA512 8684ce45dce557a551e5e577a090bb0ccfe92ad43125888c079d98b6835724c1263b30efbdcbd9299913c742367fef3cab1da89f20d38de5b5758c0b2b873469

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\BmRJAuTc8UgOeXgJh_NIObAa5HE.gz[1].js

MD5 55ec2297c0cf262c5fa9332f97c1b77a
SHA1 92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23
SHA256 342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467
SHA512 d070b9c415298a0f25234d1d7eafb8bae0d709590d3c806fceaec6631fda37dffca40f785c86c4655aa075522e804b79a7843c647f1e98d97cce599336dd9d59

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\9hmJA6-cnVArHFzYmc0jTDznMxg.gz[1].js

MD5 dadded83a18ffea03ed011c369ec5168
SHA1 adfc22bc3051c17e7ad566ae83c87b9c02355333
SHA256 526101adc839075396f6ddec830ebe53a065cddbb143135a9bca0c586249ff72
SHA512 bd1e5bad9f6fb9363add3f48fe2b3e6e88c2f070cfe9f8219dc3ae8e6712b7fe04a81c894e5ca10fb2fc9c6622754110b688bc00d82a9bb7dc60f42bd9f5f0b6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\DQQTu0f9ldw9QQHZ9i-TAYjSeD0.gz[1].js

MD5 30280c218d3caaf6b04ec8c6f906e190
SHA1 653d368efdd498caf65677e1d54f03dd18b026b5
SHA256 d313c6fff97701cc24db9d84c8b0643ca7a82a01c0868517e6e543779985c46e
SHA512 1f329898fa0e68f65095b813ca20351acfeaa5f74db886508fd4f1fa85811a8cc683c6fab9d9f094f596c8957219f8e29a6307ea0b2d470bdc809a4b9c9d34dc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\HsCou58SDvv-sLUSbqxcvzTnbfo.gz[1].js

MD5 23466624683daff4c2894116c7b9ac6c
SHA1 99b9540b33b694d9eac6fe5d683e6726d72bbd4d
SHA256 0b0ff20d9134242926337f043aa9e12dad809e78273db9b69796f970eba52019
SHA512 15b0064e3f07eb9a7c85a54511cb6095516a3142710d18c942f648f5947e819031a51f7d72067f9e04b1c560e50e9e3cbcc7e3735554eb38ada0a0be2a2367ab

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\2Ji9RDVmC_M43zDGwF-pccsCT24.gz[1].js

MD5 b19ac21dfdc03a156ae40e0d3359796f
SHA1 14b422a6a0b3023e64dd9f90109d8e0214b9a6b7
SHA256 830e0be70c2f2dd3876bf80598a4d1753589ea24f4a09aad4277935ba83fd3df
SHA512 2c3519c0f8930c71fa032d77381a8d66a4ae07dd4ffbb762d59d98fc4e0d8664dc3d5910449a35a7d7d3089c262a5d89bdb2fe4ef5383a880848ebe466adbc72

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\umSLa-UWDzJyJqPtS0cHaIekH-s.gz[1].js

MD5 4ff32905762c3a445028e11ed69f04a0
SHA1 809535e72d3dbe00f945893f7581eb3897f4439a
SHA256 336342b76b1eec2f9698dacb5d7d7749148a2036172435cd0c1a80a80a9886e7
SHA512 8b20273037fc33b549b6322d4b6a7623b0e24cf737c8d562e226f3bee2f5ba5a0692569fd0039e296146e9845e4f00ed5f08566980ede5fe449be08ff1f0b79f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\FavU1EjA2vP5Q62uDdPhKgsSFpU.gz[1].js

MD5 56dac487c37ee7dee9faab262fe067f1
SHA1 510463f30ee54ce692e70cfb154061cc1199e3a7
SHA256 09662329029b94720fae60c7385ac781b2aecee7ea427308014c8399356e6c19
SHA512 d17eacfe42ae8edb14338dcd7984c45d638e6fa2cd045b3d144490e90bd8ddd6bd2721e1cb0c73f7a3fe582d6ed7d1f375c16fda015df5d4e9a1af6385d06f66

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\6v5u2U4fJjMh954CqHxOmGfCxRs.gz[1].js

MD5 12ae5624bf6de63e7f1a62704a827d3f
SHA1 c35379fc87d455ab5f8aeed403f422a24bbad194
SHA256 1fb3b58965bebc71f24af200d4b7bc53e576d00acf519fb67fe3f3abdea0a543
SHA512 da5f5485e1e0feb2a9a9da0eaa342edaeeefaf12ce4dcd50d0143bf476356cb171bd62cb33c58e6d9d492d67f281982a99fef3bfd2ebb9e54cf9782f7b92c17b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\s1oZaswi-q-iLvkSJAdVWI4a4EQ.gz[1].js

MD5 72a034ca33c75d118741fc3b3a584571
SHA1 288cd516a9e5c1ec865690ab1a6246a1b41720a4
SHA256 16f49634dab9d1c1732f465d25321229fb06bd7161fceec77dc62ca9d8fc1b11
SHA512 a166862571adb533286f4e7f5f9f3be56625dd8fbb8c7ecdd1c507fa9a5839b2b75f514b236b62881b983c6a39da799eed5ac56fd20253f3fa061216f7da34b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\9YFq4imrseEwIuXcDlV0BNdcqbc.gz[1].js

MD5 6932cd1a76e6959ad4d0f330d6536bb4
SHA1 e2e7160642fe28bd731a1287cfbda07a3b5171b7
SHA256 041eb2e6f2582f4c19c0820acf9a0e9a2c7262edede0d397a5f6f0215e83f666
SHA512 28bd0bb200704fbac0de2d7c3d1c64a38d5567f79bf24b9c9894c7c6a3b80bb69a5c9f0929cf82163c8e8d39cb6667a2ac81dcb4e6d2072cc7fedfb63219e584

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\K59yR1AD9pXD4Qp7EsPhFjZsOjo.gz[1].js

MD5 718c9d9c2d2a498de3c6953b6347a22f
SHA1 b2f1a5400618972690d509e970cc3abeb72513f4
SHA256 66133f155e3a433e9eeca08dfc3b4e225d358e1a89ab0665379eff319f9f0081
SHA512 ac55ef9f45d29cfcf7d80c009df4c55335f7c3b55d66aadde275f580f321125a2c7669f7157d5bf9a34b3513c1231935a461f46eeebdd87b7801685fc95dc6c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\Jhcu_55E4oZmA7XFf1oxcaAGFvM.gz[1].js

MD5 5b3e2fd8e824e69b2e32469c046a35e5
SHA1 ac62b20d73e2fa61030d585deed53e58d03ef74a
SHA256 9077771f70727a1d7007a97feb2a07ce753e90e3d1da19a733e46f36e7910397
SHA512 01fde7361cee5d3ce3093f55bfea0745670004d228934a46064537288f983d26b62869ef969875e091045e6a28eae3ef0d9e59e7de824ed6b76cce52a9fc7625

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\C--M7IPvNnU0UEDvmpri5TIEBWc.gz[1].js

MD5 c4e82ab9594cc0319421764abebbc9d7
SHA1 dfcf466acee5ee84265fa9763c32785a23d51f07
SHA256 957e82cf66a7f154cb8789a1f0a45d243d3bf025786f9a91dc5c5628755c4784
SHA512 8cd7435cc5430f506a793708ff73db4fd2f15bfccae0bd70b0a794a5c0e7f7eba4ba59ee08fded33ca37f871b27e85cf2d5a8bd7f602bd9a6df7d4fd61846ad4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\uIb67AAMNs7MKLB7-TYTuX5F-zA.gz[1].js

MD5 eb8aa421c5061f7eceb605c499779712
SHA1 fe6d09d2ae127eec408ce082fa5fe295f803e92d
SHA256 bf0522679a5e3b62e1309c7412c183375c1029b4e19c69c07d7f736f587c2b35
SHA512 d6f63a298f18e22c22f477d4d01227e896bc84ff983d60231a1cc15981f59a4bce14c78a3d8a676204e5c68e07275ece5b6684f325095595ef9e1a30a6fe3131

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\tfIOV7sZFNtTU99jAjgnRcflz_A.gz[1].js

MD5 fc3708a7ac43ace3d3406c2e5f7f1116
SHA1 cbd3116ecd59fd4a44f8b3cd958cbff724989a29
SHA256 37d9b83c929f1a8d94c4f29000cbfdfa72c4bc61c3950df02523252928591c29
SHA512 12122417b29aed27eebf3bb36e740c86567daef7060b5e8d64d11c83a5045e6eca5f3b1bc5a6d6b1a8e3eb23f8c34d48b63fcb41e43143e6b146fb2d51cdbd58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\XRthJV-obvwnJOSPLGMMnjUjJQw.gz[1].js

MD5 41e1135d5d4aefe240c4dbd7b71f40dd
SHA1 cd1d7feee9a4202cf3a32172e8c5b081855f3061
SHA256 2e51a8c4ab5b014aeff1eeac9da5a0937f5ca7dcde7f089f88db05460f2c47ca
SHA512 8b43c0246a2a3447dd0fc818a67faf5c76d4bdbae52989c80da3004f032033cd2fd45e484727facea150125766a8c6b9b1094b855b9e1d23495e85d8ae1ce041

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\ioKL4yhrJqtkOFe3zMXnISprCBA.gz[1].js

MD5 4bdde2bda78febf33f1206a6bd0998c2
SHA1 6629a72b1f08b6d1283c653efe14ca843e31959d
SHA256 e756e88544a52eaf76ed6d67d1b5862cf901c3b1074e2125f1433050e8b28c3d
SHA512 d97d14c44dde252b04d57c9fff49286b5c41ffa80a0301e1787d1d6c7c27bcf059b438e43d99d3a6f7141e1b861eb0ec2826558246ddb8041eb9b3a7dc5fcce2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\L4DRqeT__ThpoWCN679qYPN_ZoA.gz[1].js

MD5 142a83c5800451a9731a262400de2419
SHA1 1e5f6598f7f6b43a6f4e1b2a900ce1676e0c024d
SHA256 7d49a33d66c98ab838f9a15d2ff49bbac72c1588d979644fc174116d0afcb852
SHA512 b1d7fa83b4bc787409c088f7cba58acaa031fe3239a7bc139b6d4839ad6c66156e44cdf6f545d7b6b9309b3ebbfa0b17d9f307884f679cb6d2ae11c6935eea2f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\VXn7vnSx9zTUSf2RIl_Wja69HvQ.gz[1].js

MD5 487d9ac02e3cf57172045869ac3f97a2
SHA1 47c9870beb200a74d274fdf9e98aa2efcd54efbd
SHA256 a97799ff4c48323ad3314a13e6a20a69145d0f8257fdae6882551d6fb6610ea6
SHA512 f13633d84fe8133da9d1823ce418cf42717cbe79176c9c11f4a7dd66905ba1aef571b968bd29d7c7ca91d802b4b36aefdb0c5d715e480215754c5d164eac27cd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\daQvltyGtR0_Bmd7gyyuS0oOMx8.gz[1].js

MD5 e561c275f8ed21dd5507e90cc459be10
SHA1 7a020eba64271c7742816ada9d8b5a9af52be890
SHA256 7b150b4c64d3e893cc3b567d5b91ef3378e7243e05862d34ee168e4a93efe9b4
SHA512 9992b277184399c6e824dc246c833f9efadece12cd989b0122ac377ac451777eb5f145e143d3561ce0ed8a558bbb729f4d8de01f1839cb0796c3ba153e94ccf5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\KDN7DRKV1Zb2p93Gy2Unq-Vzsx4.gz[1].js

MD5 f5dfb6428494da3c1f195528588587cb
SHA1 7575a1f3dc367b2332d837a46d1dd2748b225c38
SHA256 f45968b3999174976d6fbea229f627f0bda56fd84f8b1924c01da624bfea01e3
SHA512 bb677ee6f22dfe28ca9ebc94a6ea7b5bdfb95288ba246c85c135f083c3af765964dbe5f3a028dca6e8a6396e967f24c2734442432abf00e690f34bc8106dfe9d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\THYoh4O5wX4jiJPVNWwc3jVHuwo.gz[1].js

MD5 2fe892c04cd5ebc84869d9b76a995ad9
SHA1 7068354f113dbe13e4a36d26b99278864b1cf373
SHA256 66b8178c7d9750e9ef11b6bef9296bd98e8898779aa4863426aa78e3a592b7d0
SHA512 2ed41cbd6ab2c5717cee790de22220af44c34d6e849b9b1dcf8451c7cb7e6058c6021af63d39fdaf5ca3e5e8199d33c33ae0143bb325c44e3fec55c7125a6f99

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\XaaYzVzlIKSK0sjPeW8zosuyjPk.gz[1].js

MD5 ffdc7892743e65d4e1747d695ab8fa3a
SHA1 02c6c4d62ba6806b28f1c69462e55e631ae13970
SHA256 e7f80dfe7b61e64faef1f7408f32ed0194ae648931d406fa987ec50c7326eb2d
SHA512 d85141d067a79df5b680fcc0d2a49e913847fed449315c238f08b2b92847cc5549798428b4921483604898dd44a75a3595e08e14ae132c4ac72f72caf731422d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\kBL3JdtH1imF0oE3K3ZlDwS_8jk.gz[1].js

MD5 794184fae3c0890ae4ea642fd8f7fbf8
SHA1 91f8e72f3517d86a28edeb1b476f90fa5f972168
SHA256 00ea5dc006fa84e08d604bf9708135b98138ae0a092bd2c101a912b5efe3fe17
SHA512 3bcbc295c3e482ba7d8d99df3ac396fc1da973745a82dcae8d02270afed54b758d3f2c9811ed3c08e817f78a1a6a73eb5564d05e0c78d8009cf2608d14bb96fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\2RFgnacsz6nPw9vvxd8AGFyaQr8[1].js

MD5 e849f94cd30ec77987643a0d405e33e4
SHA1 d911609da72ccfa9cfc3dbefc5df00185c9a42bf
SHA256 b39968f3ab3c3867efc7115c77d0239b0a2c505ae87766231bf46e32f7797c43
SHA512 dbc5ef102c16d14a99f090821176b3706ba08d87d1efba817d763af969a10f9058c7aa0ce54d442dc816e84d294b52dc78623416044c1b6efa59a28055b48504

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\rAZxSKYdsSxpySha14kRmiDqdDk.gz[1].js

MD5 480df9ada0ab4f05ef58e5cb2e2392e1
SHA1 5510d9c30128875621b2f587563e7c1d0153f164
SHA256 1c56cffb0e9950e4a61b6955e8708befa2ceca71017838f1fc233e2038b23c2c
SHA512 dae1a6680c0f1dfcac1c2b7b23c459f162d3d00d83548dce37bb86a74d2c04f2ec6b68449631eb53dd176153bdec74086f287b02688ef8d4d977671060709d09

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\5gLXl8TebX676__yHZoPPn5TP3Y.gz[1].js

MD5 8fb7c28d360242fd16e5ac70038fb86e
SHA1 7a34629530fb652307712b36e51ff7e089c95298
SHA256 29d4a78e13396fe5f5c8b542309d9809eeff5901b1bc9cafa79b8b04c3511a3c
SHA512 95fa210722c42c451553301365effa9cb87f6c386eba374e593f73650039406de7e7829855a3dfe21524850d5683a3e4030622280e9f30bd7868bc0005e33fc5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\cTjovfJ8fuNtDtyC0VQH35vgAUI.gz[1].js

MD5 d807dbbb6ee3a78027dc7075e0b593ff
SHA1 27109cd41f6b1f2084c81b5d375ea811e51ac567
SHA256 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7
SHA512 e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\KWqNO2aZe6YJFeYtVL2of-Fv82o.gz[1].js

MD5 fd88c51edb7fcfe4f8d0aa2763cebe4a
SHA1 18891af14c4c483baa6cb35c985c6debab2d9c8a
SHA256 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699
SHA512 ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\W8bLYGpay8IFp3H_SrUDKaBAn30.gz[1].js

MD5 fb797698ef041dd693aee90fb9c13c7e
SHA1 394194f8dd058927314d41e065961b476084f724
SHA256 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
SHA512 e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\H8bXiOPUHgfeLtHqccpsJxfmPnA.gz[1].js

MD5 f0b47869072148871c9ef8fd599d1561
SHA1 1e5697b450db16224d42caf50de711a405c4b5e6
SHA256 a214296c5311c24def18e675844a5b9363e5e262a3f21388d5fd9d14e49a6322
SHA512 f1b398cab77387a9704ca8be98069353fdeb409d20c283610de22199c2390de38eaea1d0413b4b183cde58680518ac9900b1f8811cb6e758759866c2c33a7d15

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\EbWMC3sa1kqKKLU2JpggRmK8hjs.gz[1].js

MD5 072d0f8c7fdb7655402fb9c592d66e18
SHA1 2e013e24ef2443215c6b184e9dfe180b7e562848
SHA256 4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a
SHA512 44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\pMgv2IcGdINcYpOkU9rVe8Ez9FU.gz[1].js

MD5 e3c4a4463b9c8d7dd23e2bc4a7605f2b
SHA1 d149907e36943abb1a4f1e1889a3e70e9348707b
SHA256 cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6
SHA512 3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\A6Lh3eitc0n-SCd9XRZUqChp8vM.gz[1].js

MD5 2438834b8d43c04b99cca2ad9949f750
SHA1 8c5fb408c84651cf8581c39be5dc93367bce782d
SHA256 ac7ab806fc753ee2fdbd0b541bf39b2b2d389fa60fcb71e6f3e1da88b4af7971
SHA512 8fb0deb31ac682e80c2c6c13f9ba15482e6021e96566e4f20d6b42ecffca1397dc9c478f2399443d875f87280611edc74d3bae5677bf79b5e5ad3a9be087314c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\a7RkbH2IHdmyeUN_MVJdikR1pV0.gz[1].js

MD5 6aa31b2e1206b5fb4457b17f7d8ff677
SHA1 3f76b2807b77f286f044592b87d7cd2d5342e3a3
SHA256 220641c38e01902f0ed9fe147e7213236c6ffdb63794057602bff534c8f0e437
SHA512 36e852ac26c0a7a834c9a55a9871f12127e2fb6b14a6d15d67d187a610d1e1d485ccd60bc819e78698082db6055edee56ded3f56e3799c6551538718517d85b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\YZk8JWO0h-B4ClAA3BQlzKOiVLs.gz[1].js

MD5 3c0e47e84a81f367dab175bd020ac9ee
SHA1 7e3f061ce0fbf6aa88bd4c49ae5f74e5e84fc2bf
SHA256 73c11b91b105e2ceac93645e1d90515326ab52ca600f881504e86fc845ea8587
SHA512 cc89bc0a79abb462149dc8cfe011f4ff7ea9e9adf4e9710fc246c171d509596f008deb7e668099160b02b3b2f010fe8a1997f7d51dfbf0cffbf2b5217deaaf2e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\n9d3FV10boJjjLJynNfBhPDCWHI.gz[1].js

MD5 f759bcc4e614d47ad0085331ffc2966a
SHA1 96379d238158604406ba2d94766c6d247f9b638b
SHA256 df1408633a520a6ce6588c410be0a10453067443f402cde76dbf0375c2a2f9ad
SHA512 9f2393fc36a9c61b4b6f199a5f2c2583dfd7fd637ce50a05c37fcb5eef03e1ae279848bbb168a337163dec9860aac35ab1e435a4ac69de7c81008442e68c5763

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\pwG_b_SkKir_cXBht7AyvK_AkSk.gz[1].js

MD5 8687af7aee2cf9ef84ab842df658cded
SHA1 eac9637ff3d16ff5b73e2fba27f170b17de7c627
SHA256 b9ab96f237f2f30e62829faf8321dd3eb91073dfaa7ec39c1a24e0d492bfb482
SHA512 4a76d12a0d2959fc569fec0f2bd037a2e29722312760aee10827a2423d460f3d9a297b382918f95d51ee6a8e3490f6cd723551a24c02f99759b0c77c7cfd61d7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\Tv_wcCUoY2fsGXPx2d4MRVc1Pis.gz[1].js

MD5 a973478285784a7c5b007f1d4e611b1b
SHA1 564b804b581d2535eaf8921195ff1a3d9ce94d94
SHA256 4693ba481dd4620177956738d188d21fcd9ad43f717f554d5e6eb3ab0fdf8747
SHA512 0cc310c446e69833bbb663b0aa8c7a57c6c526180df300a6181c988518f50614d2f8a224f72cf2cef8a3227ee5e4ef7d82f801e3355c0185fea7e52075d85ca5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\jcWxW7bAgonk1QxcVISnwbZpbis.gz[1].js

MD5 f14827d1112ece3a5a1a9363ada605c3
SHA1 a57af2bd4bc47cb1a9c05cbbcb69b2700fad4b21
SHA256 4191d965ca71924b5adcdd0590809844d72aed7f97ac400a60c9fea50b83d295
SHA512 65a95dfc1eb42fa336e508b1469c30787316c0565eeaf3586e946e284e6d897505556fc179a0044b567551058407e2a5814cb5a8368b2099878d1bd7b748a5be

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\bZr1yJKv0NMqYMU2V9cGN_aPwzk.gz[1].js

MD5 a3ed0a10d3402385766a2d530e3552ae
SHA1 d0ae8524e7cb992c2878168096e6dc6e3b372d88
SHA256 9225ded8980e0b2b2fb218039906f4bbd7fee0c68fb33aacfadfcef21b7dfe75
SHA512 61f39ef6f947fa4ba99ee7c10e37f6f336da4dc5f366c5b94ac850a81f6ce35ca935332f41affab145d6ee1cc1c76b85647c93dd73aef354de6b5e43bb6f322f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\ysiptyHans8IYQDC1YCmzZR7hBs.gz[1].js

MD5 00bee03327af12e5db14aa0967daea24
SHA1 c8afb873b9fa284b539010ca72220db8aee40fd6
SHA256 c8f912cc21b8a576a62b9f03976f49a6b6f96f10fbd1042ec56af4da02d985ec
SHA512 494860cdefb1d070b4f390ecf9803fbdaa88a94bf91c84dbd9b95d4e86205c1ab7b28e24aa074ca13a86fd74194cabd25fc4a64e4dd8730707879dc351f1826c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\pCjAnNfKRza-LKbFI9VevrRjIwc.gz[1].js

MD5 22720d009b7a928af6b6f0a9a765a588
SHA1 6b23f5332585ecb1e5986c70c2717cd540ced735
SHA256 9f0fa7d003ecd211bebb45d69143294a522936c9446b3c0c359cfa2369374c4b
SHA512 3f80f974c9aef814f760d1ca43af03bfdbe2e5d7ce036c0c007a754bb957d48009d0e000e3879a9d9bab72bece9771871c776ead6bbbc1ae62147ab9b11807a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js

MD5 b743465bb18a1be636f4cbbbbd2c8080
SHA1 7327bb36105925bd51b62f0297afd0f579a0203d
SHA256 fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235
SHA512 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\2IeqNnpxuobNf8w1fP2Oy2HEFfk.gz[1].js

MD5 22bbef96386de58676450eea893229ba
SHA1 dd79dcd726dc1f674bfdd6cca1774b41894ee834
SHA256 a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214
SHA512 587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\recaptcha__en[1].js

MD5 c37774be5504a3a7def09eff73263bc3
SHA1 c5160a2908b3fd4230ed5cf521728fabaf3b5c06
SHA256 4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1
SHA512 0b6bd8b8ba94b177597517b641fade09f843f22c3f02d9b1ba6440a19acacaa598aeca3c2315d106d560e78837e1e9fa74111856d52f40ca9a7865d4f4eec9c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y92HB3FJ\www.thegamer[1].xml

MD5 9b210127deb243c5bc3d1ee0aa8dd921
SHA1 94a08c5f6c6c43f3f740660c6d4abb18555f71b7
SHA256 2545c38e9e534d6c6dd64ce8d004259a0825aab8db63c3ac089ae82bdb26d8a3
SHA512 ab9616c960f0392c228eed3040fdcf0691ed86c5f2edd53085100b7f10045f48dd86b58bef5cb5555189be08d73abd3b3d0c4e78b9152e0f5dfcf051500c9ae2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\favicon-48x48.1631f6a1[1].png

MD5 1631f6a1ee521f828a8bea66cb82b3b0
SHA1 4cb741d790d96727509a6f2f72438d893e44279a
SHA256 e6800d21abb536b652bf0735f41b5796c2b601ffc1e43548b57dc64f490e75b6
SHA512 1a170482d77d6913186f3e52c597b748422b7ab07039471183c8f3f2678309832428a83f6132f4f9dea9d16e0dcc78bfde6ab26ec69ec7a80318137f3b99d252

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\-zcyvjXd9HLGSvaO4uGi-wMcJAU.gz[1].js

MD5 7eb1d4a0f288e1a54caa4e1458ff8ac9
SHA1 6f2c3382eed41ccd7a72c23269221c1682aec4bb
SHA256 7d3cc2da3b5f090ffba8ffb886c1a15839d15f337609cda5b2dc6a51ef69233e
SHA512 4482bc2885dfc456672a11f670088b479d550fe506d202712986dff53b3e9202fc7fd5556d9f622ceb74bdf232fbf1e62e7445750eabc1b80b48209eed0310f3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[1].xml

MD5 8ef6dea5cbf02d15df5141b458164cac
SHA1 0d9df57fc97f898afa58b315171877ddcfefc057
SHA256 a0af6dea24ed92f27f92d47f92b3350c6645b7a1df18a67ed178c1b4995b4ee5
SHA512 07e304bdc58139924209143faa224f2781ff995ae0a486065f735a0382d00276519b3055c118bd85811768c3be1a2d82e3003d23ed4be0dc7b7fe377ea3be7f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[2].xml

MD5 ee333649338b20405883e456494bf867
SHA1 b529c7d0a91723908a0071da12b7edd89baee2c4
SHA256 2099f392e33a0fbaa0bfe049312b112d4892dd2748652806983eb1ffb1ac0a1b
SHA512 469c5b12cf7b53afb6912b66704c50318be50470e8e2387da8eb45405e3967f0773d0644c541174f74745000eeeb5ce5b63b6b15b6746a165f1646d0a2644cd7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[3].xml

MD5 59ac99411c94a8c788c4b99d124db51e
SHA1 4eb76c045a07a2d5127284b011e08531ff35554f
SHA256 375f31847411ca0ebcf5ea753471433cf1b0146b37bfdbb32ea05b496921e388
SHA512 d2213ee689f1c53b5a0b90eb195a0f562ab4cd4d06a4c7003769a7ef360465336fa4f4deb1acd725827e4a639ee6e6b75531dd4f343b17abb960dfb98a52dfe9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[5].xml

MD5 f35c5b78cb6106b8c36b90cbc874f600
SHA1 cd8ea67c0fb573ea8bae4f8c988725a7458bc572
SHA256 0774e56223ff7f0598fa9540b4d39a9a0ca8c77ea05847fe42e7a2c4bdc5d61d
SHA512 7db1dc46a7982e3a7fc520a2ec741e90fae48c669d8b7d60ac3b883f7f11fa8975f91f067f565bd9d96a266076bda1d0e46cf8fd772f06dd7e966bbcb1ec36cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[6].xml

MD5 a3aaf3d71f96311b1a4d78f3157b1e93
SHA1 24410f7073326bb7caa7673872ca972d07641b3a
SHA256 f6332efba1ae2ad6ce063685c4f49696fece6496590d98fe465bec946323cbb4
SHA512 b2fd733c74d5d19d58f69e6930668937bac0c47f4a56540fab63bbc5e2be5e2a95ade6db479d31f6231e0531828428d0be3a1049f9beba5e77528e5b5b5e60ff

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[7].xml

MD5 187648ef4c30462d1e8ca0a4f5dba12d
SHA1 91c8eff6eb03a2b1aef28b5fe32fef3fcc0831c6
SHA256 a2f42682a40c2e2162a9341fa2d8d9701c0b0077263fc539c0eabeb00b9ec70f
SHA512 b7e8764584de1bb9256e37ee3ddd0507fe0bec7d76cd2a149cea5d10c0187a106fc2d810a5a05259a6a2fd429e1c0ce5da7055bb8dc6753fe9afead01678a0b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[8].xml

MD5 db262c4f0bd90ad99965f9b8977c3a43
SHA1 7e5156c50149f9ecfed3c0b8f30da4624df99223
SHA256 ca8dc3fd560f6cf73a1f5af8448149fe8b63297847a29ce58b06aa45f86b5813
SHA512 c5b835ab0fce63588e254d445ad8f7c0b7e8395aa0a834c16a4e86a4f87577394f6b8355a6c2ab6f4cee3f8b25288d8a7e7b9f7062ad6308c3bf7080efa0a41f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\qsml[9].xml

MD5 f973ad5901c651d32848b1287a071a46
SHA1 eed608079899b416f4d924c8d25b20b71dfabf34
SHA256 1cb33fe6aa9724177c92695e393d7e44a33d587363c8db44d6de3e73dd27091d
SHA512 9497fd53c611ae05610b615ad6029bf94c4f1bff4b933f3afbef1792da8f8cdbb02159fb66a631c4eb3ed6e39c08edcac5481ddd54d0087b9dfb78b5dbdea769

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\muBDJ82OTyOYjrBgSAappaemqkQ.gz[1].js

MD5 76dcde967a82fe9a7eb33afe6188e80f
SHA1 9bfee53ac09eab6c7dcbb50f9df05b975a152e54
SHA256 6bf600e1e2d08b48d0c9f1f61c5d71ffcd2cfb8acf3795f47afd2d24a03ca3fc
SHA512 8873f1fd08ef95a7452bbd9513cec8fda28c27a0add824ca1c0eea403fb20980a6145486a1d23a95a61c482ad923b77212aef7892ba8538c899c700e54aa5156

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\VSHMB2CcEtm90ymMjOxsoRO9CbU[1].js

MD5 16170699b2de02f1d9a4c32257b7940a
SHA1 55b71a4e05bb67f1a71a2f426dfca271e41cc6b4
SHA256 81d57919a3e7f982e37281ffc46b564b38e5a763ed1c6c0773a174e3881caf12
SHA512 ecdde616d8914ba11c83d06cc2c3ea79a2497608794e620ee91dc89470aead49a6b6f5ce908b2cc17afd21d503d9ce17308adaeefe1f8e3102d44346f90bd866

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GB5OU539\-Sz2s5N7OH1ytS3UvkSX2O_IA9Y[1].js

MD5 2b8415a9bbf8bfeab2adad3a6e963a9c
SHA1 9b1add91fc188e85acf813dc70a2234c78a34d1a
SHA256 d6972c6a87ca861382f3d01bb64c97c06f4414fc85bd191e2cc058a274129e0f
SHA512 3a5c16d55d6f443e6f7a6a77ed6bc56d61210d05cd7def3d1a46ab3f899159cf045966dea85391093bb979e7c1a2612175a5a10253f06e16e9e292c3928949ce

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\vxzWERx0SA8SmaRd0q2rC016a-A.gz[1].js

MD5 7fde246b74c5f67f0aa8c7d7cc79e80e
SHA1 ffdf840ef4a4fc149b32c459fefb75e7e1989619
SHA256 7b51d998064518a7dba2e327ebbb4bcad2536e8803f00c30711b8b8dbbd5d5a5
SHA512 9b463b91e4c79f28984ab44430deaf4cd9586d79cc5cf30739c910a94823268fcd7bb3b82d6035ac655766381b4bf35457d4265b05574262d0980718ff58d7b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\RUy6BubPCKO0vnHGAb-aeKgkQFQ.gz[1].js

MD5 9bd59261c4f7060c0a56fbebe640d193
SHA1 ab581ebdf704164ba948f5bd50f24c5cec603fe7
SHA256 f2e33bd98a56131c29d724c93d9502d8db6a69a9ff6f3e05dc0632fa5815be22
SHA512 c5b74254f63d1f70e26346cb0e28e68ab0dcb6ca362d6e56f2adce443113c2d61544f2dbba975422e170fbeedc8e6bbd2ba114d31eba507315526285f4d60e4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\uEkd_fZ_Wz5g1DLEKthjlm0vzvc.gz[1].js

MD5 dbbd25a4a4f730c8ff26d9c8a21a939d
SHA1 38299ff58a451efd72e02d95dc371316d49a863a
SHA256 42453a710eec2630e8857ee9ad65ae5b0b6dd6e3cdb88874b720ee2c2826fab6
SHA512 63c703d573e4815ea8aa3793005cfd8abc9622d75ac164ccb1490f6c6c7a9da1f35ec27beb1f19d8ea0985361b466e46200083b1befdff765b74900ed7c20b0d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\bSqrnjdioEEqQ1DkOp7KppXr4Os.gz[1].js

MD5 a31d65e2f94b0c7671947a653e7f7ec6
SHA1 c21bf708012f948044771dec640b3c2213e75ba1
SHA256 457cbadcfb29fb7fa3650b9580493f71b7e57142178045b6ca0985589d91f2cc
SHA512 701f099603962b86ff543969c1447330ca5a31545fa80339db8bc558a242d740f41cfe4f0fcdb65690f7b2c092bed5b15340c16cc47717de8fb64adc7a4594ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\zZNw0WGU1nLGF0Ru6IYizdXTJBk.gz[1].js

MD5 1511e1305fbeae4e2826ea0e2fe94e96
SHA1 b1e8f4e08eb188c1ff157375efb8afe5077ec33f
SHA256 e5c67347f550530145ab3d849e51e480fefdbe3bd7bb97b714b19f7012edcfc3
SHA512 ddb65679b2ba30e6e93b0e182f36fdd134926f584745f056a52b1e35467152b0d8d5ff7ef29a8530629efea00f31d54c6e15b518cb859d565062261b4b5b9b52

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1M0RHYDH\3WR1B_Zqw3cGsVUGLgqURnp9Hp0.gz[1].js

MD5 643e14fe793987d9bb21bf798efb1dba
SHA1 c65a371323fff2e360bed5a12d6278921008eb38
SHA256 f37567196fe3233ff3080b514f1fe727556c5033b026592abd76b0f870083d7a
SHA512 7574ee9b7b274d874246d31681b164f249e34bee76264e4fef355d942d893e17a82d6a8013c7b9047705010d0684e1ce26ba88dfbffae5aacef93a954ad6d03e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TT8IVAU3\www.download-games[1].xml

MD5 93e4987fa4ce418da13390beabe7f580
SHA1 29c3dd7581ab96a174bbdccc1655a22e750df628
SHA256 5247d8ce52d0a419e165fb952cc0d0123d96d93a52aeb7be3fd9e51c7f25ad76
SHA512 5522afbd0ebc01c9c74d2e52208f7bf25dc98bdb8eab4f453e0aca3788848d56feec875a9aea9ad63a74127edb6a786c6e73c0a361b36ab53c63f99072c6c736

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5U6O450M\icon[1].png

MD5 5218ae24921515bff4b032eac45e5133
SHA1 d0ed8f50bb8cbbb86392ca442f6f9ed535649697
SHA256 dcc3d40702946151c53845f95bf1ee54a649dd889459072e178769d962978065
SHA512 94f86d47c299f2275dbdbed148ce0bad54eb364562b39336f00c2e27cf6c1e92363643447e783cb4f3fe8dc11fecc078ec391c1a076e3a1ea80ab70a5c7d5acb