5cfaec15d48d36b15ac725930e3203e30e40bf17fc0d11de83d5e4f42a0f717c

Analysis

max time kernel
122s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

toolbar.exe
Size

3.1MB
MD5

4785fc1f2466a561c40668e98a60b964
SHA1

b0f863eac1dc7b521ed95369563029fecfef005d
SHA256

9c94e49f06386735ab62756155ed724470a00066c55056499fee75a3fd503dd2
SHA512

f6ff2ce5d9b208c4b62a26c8cd510a1a0983b600e182da333ce01460b6cd9363324d445d08c0f5992d10ad89dcca47f978f4665404f225da076cd67b829fe9b0
SSDEEP

98304:YuzOTv1n+r0xFM2Bjeml5NpGu2V7fICWyFkYdH4SKCYI7:YYOTv1n+r09jRl5TG7rFWyFkYm5jI7

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2280	TbHelper2.exe

Loads dropped DLL 24 IoCs

pid	Process
2756	toolbar.exe
2756	toolbar.exe
2756	toolbar.exe
2100	regsvr32.exe
2100	regsvr32.exe
2100	regsvr32.exe
2100	regsvr32.exe
2100	regsvr32.exe
1044	regsvr32.exe
2100	regsvr32.exe
2100	regsvr32.exe
2756	toolbar.exe
2756	toolbar.exe
2756	toolbar.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ = "TBSB05204"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}	regsvr32.exe

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\icons.bmp	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\TbHelper2.exe	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\accion.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\aventura.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\info.txt	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\noticias.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\peque.dll	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\smses.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\tbcore3.dll	toolbar.exe
File created	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\uninstaller.exe	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbcore3.dll	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\license_es.rtf	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\ninias.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\clasicos.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\deportes.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\favicon.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\toolbarconf_es.nsh	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\videos.png	toolbar.exe
File created	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\inst.tmp	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\arrow_refresh.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\aventuras.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\btn_radio.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\musica.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\plataforma.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\TbCommonUtils.dll	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\uninstall.exe	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\your_logo.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\btn_canalesportema2.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\computer_delete.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\habilidad.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\infantiles.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\logica.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\logo.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\plataformas.png	toolbar.exe
File created	C:\Program Files (x86)\Mozilla Firefox\searchplugins\ecustom.xml	wscript.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\cog.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\estrategia.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\favicon.ico	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\logo_urtvbar.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\tbhelper.dll	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\toolbar_es.bmp	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\basis.xml	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\btn_canalesporpais.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\deporte.png	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\license2_es.rtf	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\update.exe	toolbar.exe
File opened for modification	C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\version.txt	toolbar.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral15/files/0x000500000001a03e-411.dat	nsis_installer_1
behavioral15/files/0x000500000001a03e-411.dat	nsis_installer_2

Kills process with taskkill 2 IoCs

evasion

pid	Process
3064	taskkill.exe
2560	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CA3EB689-8F09-4026-AA10-B9534C691CE0}	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\updateXML = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} = 00	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\mac_id = "6ead7206cc74"	toolbar.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\CountOS = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\toolbar_id = "{8BCAC802-9C9B-4D33-A01F-C3A207732A10}"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\History\tbs_combo_000243	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\ShowHighlightButton = "1"	toolbar.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\UpdateAutomatically = "2"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar	toolbar.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\blockPopups = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\updateXML = "1"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\KeepHistory = "1"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\rtime = "1711551999"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\UpdateAutomatically = "2"	toolbar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe = "0"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\firstTime = "1"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9CDA7951-EC4B-11EE-98C0-6EAD7206CC74} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\History	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\TBBreak = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\ShowFindButtons = "0"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\rtime = "1711551999"	toolbar.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} = faf96fc8edae1b45a9cc39a53173ae2e	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\ShowHighlightButton = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}	toolbar.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\DeskbarMode = "0"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\toolbar_version = "1.0.12"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\OpenNew = "0"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\CurrentLayout = "0"	toolbar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\toolbar_id = "{8BCAC802-9C9B-4D33-A01F-C3A207732A10}"	toolbar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\updateXML = "1"	toolbar.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000b4cb4f17ab71984c1c267d02826ffdaff32d04919c52ec579358ca2ea3be276d000000000e80000000020000200000009b3180f5e5ddf668d64c4918d874b2fd4aa8d95234f88f0b05725bee1f2cd16e200000004da262de6eba6b76dd7eee61cae29400391a94d6be82a6ed0d42e2a32df96d864000000091e2820aa4969355dc45fe579ed7dd961538391216252e488dc2337fc008fa8f630f2c70d61a402f533261dd3bb39ea484a56a5ca665482aedf1c4910a3d6ac4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\toolbar_version = "1.0.12"	toolbar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}\ClsidExtension = "{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\AutoWild	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}\MenuStatusBar = "Pequejuegos"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}\MenuText = "Pequejuegos"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\TBSB05204\Toolbar\DescriptiveText = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}\AppPath = "C:\\Program Files (x86)\\Pequejuegos\\tbunso7976.tmp"	TbHelper2.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}\TypeLib\ = "{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TbHelper.ToolbarHelper.1\CLSID	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}\LocalServer32	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}\ = "ITbDownloadManager"	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib\ = "{4509D3CC-B642-4745-B030-645B79522C6D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TbHelper.TbTask.1	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ComObject.DeskbarEnabler\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Pequejuegos\\tbunso7976.tmp"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TbHelper.TbPropertyManager\CLSID\ = "{C339D489-FABC-41DD-B39D-276101667C70}"	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}\ = "TbCommonUtils"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}\ProgID\ = "TbHelper.ToolbarHelper.1"	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}\ProxyStubClsid32	TbHelper2.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks\	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\Software	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB05204.IEToolbar.1\CLSID\ = "{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB05204.1\CLSID\ = "{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.SearchProviderManager\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TbHelper.ToolbarHelper\CLSID\ = "{AE338F6D-5A7C-4D1D-86E3-C618532079B5}"	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}\TypeLib	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ComObject.DeskbarEnabler.1\ = "DeskbarEnabler Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}\1.0\0\win32\ = "C:\\Program Files (x86)\\Pequejuegos\\tbunso7976.tmp\\tbcore3.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}\TypeLib\Version = "1.0"	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB05204.IEToolbar.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}\LocalServer32\ = "\"C:\\Program Files (x86)\\Pequejuegos\\tbunso7976.tmp\\TbHelper2.exe\""	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}\ = "ITbDownloadManager"	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}\TypeLib\ = "{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}\ProxyStubClsid32	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}\ProxyStubClsid32	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}\TypeLib\Version = "1.0"	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}\ = "CustomInternetSecurityImpl Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TbCommonUtils.CommonUtils\CLSID\ = "{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\TbHelper.EXE	TbHelper2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TbHelper.TbRequest\CLSID\ = "{1C950DE5-D31E-42FB-AFB9-91B0161633D8}"	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}\VersionIndependentProgID	TbHelper2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}\ = "ICommonUtils"	regsvr32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3064	taskkill.exe
Token: SeDebugPrivilege	2560	taskkill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1600	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 3064	2756	toolbar.exe	28
PID 2756 wrote to memory of 3064	2756	toolbar.exe	28
PID 2756 wrote to memory of 3064	2756	toolbar.exe	28
PID 2756 wrote to memory of 3064	2756	toolbar.exe	28
PID 2756 wrote to memory of 2560	2756	toolbar.exe	29
PID 2756 wrote to memory of 2560	2756	toolbar.exe	29
PID 2756 wrote to memory of 2560	2756	toolbar.exe	29
PID 2756 wrote to memory of 2560	2756	toolbar.exe	29
PID 2756 wrote to memory of 2984	2756	toolbar.exe	33
PID 2756 wrote to memory of 2984	2756	toolbar.exe	33
PID 2756 wrote to memory of 2984	2756	toolbar.exe	33
PID 2756 wrote to memory of 2984	2756	toolbar.exe	33
PID 2756 wrote to memory of 2100	2756	toolbar.exe	35
PID 2756 wrote to memory of 2100	2756	toolbar.exe	35
PID 2756 wrote to memory of 2100	2756	toolbar.exe	35
PID 2756 wrote to memory of 2100	2756	toolbar.exe	35
PID 2756 wrote to memory of 2100	2756	toolbar.exe	35
PID 2756 wrote to memory of 2100	2756	toolbar.exe	35
PID 2756 wrote to memory of 2100	2756	toolbar.exe	35
PID 2100 wrote to memory of 1044	2100	regsvr32.exe	36
PID 2100 wrote to memory of 1044	2100	regsvr32.exe	36
PID 2100 wrote to memory of 1044	2100	regsvr32.exe	36
PID 2100 wrote to memory of 1044	2100	regsvr32.exe	36
PID 2100 wrote to memory of 1044	2100	regsvr32.exe	36
PID 2100 wrote to memory of 1044	2100	regsvr32.exe	36
PID 2100 wrote to memory of 1044	2100	regsvr32.exe	36
PID 2100 wrote to memory of 2280	2100	regsvr32.exe	37
PID 2100 wrote to memory of 2280	2100	regsvr32.exe	37
PID 2100 wrote to memory of 2280	2100	regsvr32.exe	37
PID 2100 wrote to memory of 2280	2100	regsvr32.exe	37
PID 2756 wrote to memory of 1600	2756	toolbar.exe	38
PID 2756 wrote to memory of 1600	2756	toolbar.exe	38
PID 2756 wrote to memory of 1600	2756	toolbar.exe	38
PID 2756 wrote to memory of 1600	2756	toolbar.exe	38
PID 1600 wrote to memory of 2884	1600	iexplore.exe	39
PID 1600 wrote to memory of 2884	1600	iexplore.exe	39
PID 1600 wrote to memory of 2884	1600	iexplore.exe	39
PID 1600 wrote to memory of 2884	1600	iexplore.exe	39

C:\Users\Admin\AppData\Local\Temp\toolbar.exe
"C:\Users\Admin\AppData\Local\Temp\toolbar.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\system32\taskkill.exe" /F /IM rssclient.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3064
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\system32\taskkill.exe" /F /IM tbhelper2.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2560
- C:\Windows\SysWOW64\wscript.exe
  C:\Windows\system32\wscript.exe C:\Users\Admin\AppData\Local\Temp\parametrosFFtp.vbs http://www.pequesearch.com partner-pub-6602099248235180:ab2lrqoi99i
  2⤵
  - Drops file in Program Files directory
  PID:2984
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32 /s "C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\tbcore3.dll"
  2⤵
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\TbCommonUtils.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:1044
- - C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\TbHelper2.exe
    "C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\TbHelper2.exe" -RegServer
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:2280
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pequesearch.com/on
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\TbCommonUtils.dll

Filesize
117KB

MD5
3ec2121c9da9ef9fddbc88edac1cb622

SHA1
4d3840371f5e131989f8d47c6c47616ad7593875

SHA256
600f336e90372a148b1460f6feda5f6fb2801c3f54c40584221f2bf5bbb0bfc9

SHA512
af461a511dbc4c70736a8029e84bf8e875cae2cd91162e304d292ad2c0dd174b4cc0288306537d9c9d875788f8122670be47f7d547227ed499e92ac1b40b12ce

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\TbHelper2.exe

Filesize
198KB

MD5
f990b3799426cd9742f0e38890628b89

SHA1
e92de99adfa10c90bef30c96cadb52ea3af7749c

SHA256
d88964c603ea4b607bc5001d0aa986ba54a7a39ea35dfb9c1a43fd7978ec7f48

SHA512
bb1e512378a8c62611140862d044943b990026b1bd2e97bad6063cd9e111f7791416186ad5e10839683c8c0c280141d6b7962fe4d0540af93cda5624f9a7a5cf

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\accion.png

Filesize
3KB

MD5
3c5f18da30a7b58c0e927e79abd5a96a

SHA1
736f88132fadb34506f86749ddb542473c6cc560

SHA256
1e50928b4f38b94fc787cf87b150db7d6c4b586c3a6c88bfa221af57de461832

SHA512
a166c6f36741f93fd1ae2cf74ae74d55fa20d6de3a9c5891ac7b207208044f782caa3ce20e151ac5e36c631c762ca07f7d1353091940634a4ddf2cf7dd3dd7b8

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\arrow_refresh.png

Filesize
685B

MD5
6b95778460f660aa7c08f47d244780a7

SHA1
f2eea1beb95edd6009a6f5098cccc3962794e1b3

SHA256
280dbbf4671d54b64df74e62245a831d8586215bac281b4cfd6f2254d7bff59e

SHA512
b346a5e713d48ff2bd6ff67a806a36c8c4f8a80c9c2ada1e3a13ae5f26e9174765935c22848a409b3607744c299d3c4a9b66083e57d2c22faf6a644eb24ab6f0

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\aventura.png

Filesize
2KB

MD5
7250a1d1285eed599bb2485a188417d5

SHA1
fa23d13d4d17d3200a5d139d61b919f8875d3bac

SHA256
969e284c7ecfc144d23db4bbf382f2207fa55c72f1b0c203b167ee1971897f6b

SHA512
411fb88bc9916a70cb1ce47ce66184e372c90c48cbc863123262d5d5db6533ed795c804c9ef8ad96294e1ed3686c69d414ef383adacdc69239248adb002b927c

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\aventuras.png

Filesize
52KB

MD5
4870703a4af583c8a47d9d030c49b47d

SHA1
5431411a13cabda950288c222074d89aff9a45de

SHA256
bf888431730831514ba95b68aea0794f4b48ee4daf9508c720992e2dc38ff600

SHA512
c611c86306ca6e22e5e3c5dd2cec0fa023038ed567696d955b78f42b5a744ba4a8cbe7976335c8b67aacf160d59d433c7978b1bdfa3b7539f8952ffe62e2cc35

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\basis.xml

Filesize
12KB

MD5
54507dbdda179bf90279ba2b2cfed982

SHA1
112fa03ef665144d36c3c2e89f203c6f3ff6b1ab

SHA256
be372ab9dc9de52fbc6ca506187883f18852c15c0a05ae930491570f05f47275

SHA512
7e6ca404e91ab1e031ecef5fd69ee5c73357937b90da29389f22906c178ea1f8d893edaf3879ae5458d6001ad23248c3cf8fcc3db8df9594c59ec1a1a506c0e3

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\btn_canalesporpais.png

Filesize
24KB

MD5
1756733dbbf06d47a04880ec27f024a0

SHA1
5b61f6a291b0081a8f905039f1dd58f28c4d5bb5

SHA256
42960a9d896cdead2b0bd0b756145a0e75f9b5aa446aa04b1c2f3045a80526e1

SHA512
70ffb2ff894cfe5edd671262ea78485a3206ec5a59c614e54d15181f5b02bfa0969a4ea6b937f2e11290bfa3725d3a141987a9c8bbbaa4995cd3b06478869076

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\btn_canalesportema2.png

Filesize
23KB

MD5
83727de25d9f3800392741e7f3d221cd

SHA1
60938195cb99cc008a701e017ae1abbcc66c7794

SHA256
58c9107ec09e8e2cafe66598f4779478f52cf480f00326eb08582111129062e3

SHA512
63d53bbcde956818efe61bc9308352e8fd54a08b3f40b70ae2f41a0e58c9d48acedd45b9a44e84de20990886154457bc43d28991763eed1d4e92fc01b07dbdcb

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\btn_radio.png

Filesize
21KB

MD5
917cd17a294a0bbad6fa8c15e2388899

SHA1
5da8573ee8a15435fa1f97bca24f1632c3f444d7

SHA256
268bb361f709cb3fe98ee0fad0e664a2b9ffe834d4de226940926da3ca298e8f

SHA512
e622cf1a09b96381e64bb43d43ad1a9c2e1e5867992e22de42b5453a24322b2bb462034921bd189413299728d3b6feae5ab272da0ed74370cc220deb770974e5

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\clasicos.png

Filesize
52KB

MD5
3d431f85259bf8c4013bb8ff7f9d6871

SHA1
0b71b58f3f4cb0e24f56907b0cad4c9b75339a26

SHA256
174a33c867d886f847fc07fcdff91868f8b0bcebbfee4c33b467e71b285735ca

SHA512
3b0992cb42664e21dff7f36ddef3116594a307709d6722cb8d8c23db1a934f7d7497647527809eec3866f33fa460330725aae93574af24506dde60d659e23148

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\cog.png

Filesize
512B

MD5
30a18063ef42b090194a7e936086960f

SHA1
bda19a5e3e34a27909ee79f59c4042ebfb12994c

SHA256
73bd21e518c03a9904199b19dc0a0b621e0b9fafcc9482e8b9623e05bb4cafb6

SHA512
8b8089076c0dc5a77ac6fcad0e0f98520a8e6271fe7cc03dd33993522eaa39be602182d15cc630e14067a80677c1af6eb126df2e4525de4473e0b2a1dd5bb180

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\computer_delete.png

Filesize
775B

MD5
83a683bd157467c88733772d239d973e

SHA1
7baffb7264edcfb64786860c988a42e30c4d5db9

SHA256
8c011bf02c9b01ffcb3398d20948e6dc1b3f2de797a70249c5e7f5bd396a6683

SHA512
1d4b3af0085291de10c1755dd9457418c44c6b89d55ef1d717520057d12bce8e633f3a02e830b57c64403a42480d2f368022aed4dd80513de703df2ca3c29197

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\deporte.png

Filesize
2KB

MD5
e872abd3d0a9a7ea5626a48663f311a8

SHA1
1dd2dc3694a0c0b2fd1f78168575b4aacf8a0fa8

SHA256
63565024b9d0f8ffbdf50748349702b1ca6055d54c487f8ddb5d57654ba5f4c4

SHA512
ff9d96bc891257c1f2f15f532480bfa9e27c321c4f91374514af6d32aa011de5bc66c50dd3c5edc2b440636346ffe56b3593fdf62327d69426a654c64ea99d3c

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\deportes.png

Filesize
51KB

MD5
0618b45850004ade305a19c4196cb858

SHA1
8444e1afcb84f74bfd718dbe11498ed39d302987

SHA256
638b0fd9806d253e2a16c511e1a3eda61bb15b834f0a57cb756647da5d216863

SHA512
33a4ea0d007c6e97967e1c74590090a7aa4945bf5fb24e28025028e30052d01b878ed673a9baea55b8482972a75629f9079ce2ca86cd3980d95c160d7a223ca3

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\estrategia.png

Filesize
51KB

MD5
a56c0eda7ac93162ee22f54e025d8364

SHA1
cc065ca293027d94bd94011ea58e77021c376f12

SHA256
b25a1d2ce45cf47fd0b8dd42a5ed7a39c5143b41b040866d2adf1a26ebdfb6dc

SHA512
12294276f9018db61b297192da0f3ba9c3142af878f03f9fb31a5bd6c79c4c73c6ed9ad0759abd43acd2911b54fde2fe164cbedded354412a3d30cdb1db8bb28

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\favicon.ico

Filesize
5KB

MD5
dbdc085fa22b7da5a978af51dbd41103

SHA1
8b994da9f4f2027d19423644ad496f7d8bdb21ea

SHA256
616e999698be65e4f3860a2520d9e1788af1976680c92f3657bdc75df6bf9870

SHA512
914d2c6f83c9c3076ad811ab841516017c11dcaa5ccc5a59a70b433e60151024ff4507481787608c1cfb04624c302d52e11e30e08d058381e0fb37d56ec78742

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\favicon.png

Filesize
2KB

MD5
e3445964bb14cc185d7f648cc1d84a50

SHA1
d0e7d0105be50dc62736df374cde9e0b74cdf6a5

SHA256
3e282319a20a7a0bd80c4f17437edd3832a87d623ba1a37b2ca3aeb976cd48ac

SHA512
245e77b4c9c5af98ab9da29e1dc3d5977164a24f12b11869aade0f935a9ad872dc02aaffbaf0eee8c43ff279671dbc34758a7fbfebfd7751d1d82ff5b2932abf

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\habilidad.png

Filesize
50KB

MD5
4ddae0df044ec07829389854c1e9fedd

SHA1
a9fa81cc1d40c3bf2b3eb649a75149b9d3c10ab9

SHA256
b0158c7e84df27580e87fda51b22fbe1e004fc9dc4cf9852a905ead6feab016f

SHA512
887c087a879cf066a47749f74152f5f6f279def08220399e00f9ecde95c651042864f8cf4fdc6fb37bcb375d35f7e2b7414d608939d488c3b6f0925b936b6847

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\icons.bmp

Filesize
164KB

MD5
e98caeca9bb74b1c8e41035b540efc63

SHA1
c8aa9831610cef9a71b823852e30c20ac852d3ed

SHA256
8d53c349759199d988f5137d1674f55148a7fdf88a03d937f105e6b57a50cac0

SHA512
7d1c2a90ed63b584b3686f01bd7d6df1ef8e881718b78ba660c5dfb89a76b36e063d7443c9cdaf2227098a6b46272515e70fdfba6e719efa72fe1d20f26ba8e6

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\infantiles.png

Filesize
50KB

MD5
e03ea095599abf7a92beb61c3a19a0de

SHA1
d9e53abbf879da071027c8b071ef745f9eb2c7cf

SHA256
73f7375111e3a0b68098bf8a7505e28d637d309c02d3ecbab4aed30233352994

SHA512
6cf2fb8f9cafdb05c54a6133edc0ade25ba5a725bf83613d8e092df296254bc01eae30cdece5022ca39135c71e3d1b8566a438a829d5d9c7199caffcc964bfa0

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\info.txt

Filesize
715B

MD5
1cca92d8b5e00eedf06136d043502d9e

SHA1
332dbc39ca6cde899d69e72fdfe86e1571d5fdc9

SHA256
bdb74ba2a7db4bf1eb0f3f81f6cec66e52e2d189ffd72aac417228cf39f5c661

SHA512
6bd0d3b78906ca84b1302ce9c9b664bde52c4890ef695ab7c0980135cee23a804b8cba823e4b10ed17383ccfa438b260c05d258473586503ae4456c21ff00468

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\license2_es.rtf

Filesize
35KB

MD5
12ebbccaed28b4563d2fcd4ec7732de0

SHA1
40b3bbf374b56313b3cca311ff1d7ebf73ecc9ec

SHA256
f63dee2f111b8d4a9490685aad7fb81f1bb1f53aa905cdf4edaee85de514eb56

SHA512
aa4fc4cbbecce5a8899d4805c752c717b40b4f1e692f6be4542acbb14542937707976a7d371b4263ce7c58cad630f7082966e955aad0d1220f85c58ae065de59

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\license_es.rtf

Filesize
47KB

MD5
d18e55bed2144a1fcba280b899caf67a

SHA1
bb3c34d58d3551708649beab02f404acbec5b27d

SHA256
8e8e2fd737c7f86c2a06960cbecf3c292401aed22e52a91c485808af9a4960cc

SHA512
8ac644f0279daaae09872d13d62e9c98d42b1213b870d0f2b230b5e1dfb6e38ef87d2d1530e8e46e6763b4efe2001b314b188de6efddf01160fa63ceb4bd5381

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\logica.png

Filesize
51KB

MD5
6386f8dc7cd41208d22e2e6f1b9f3b45

SHA1
e8db04d4cffa0aac8846ff987a54b226978c76b0

SHA256
1a34098333726f9ac55e8344dc14e37eeb45ea88ea088c2250de364e87245f68

SHA512
7e2df2353cde6d559cc314796388c2747f2d2461d02368528a05da16154f1cefb9e58a9dd3cef87811a3ec2694c9598b7d03d184ecd21117f5b85db5373f35f0

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\logo.png

Filesize
51KB

MD5
c4c129ea46862c4c0e702727da33584e

SHA1
5e2f24bf201d42cd1e8c33c809e7fe3102475890

SHA256
90c75e57ebeee38a78e5123278041f757176617dc7d0e40b06ca9ef7db51ea5f

SHA512
544e0efdc4475b6159c9cece8e43c82a03504a82eb34687c03874ca7aecdf17c04f9084cd643f4c1b5bbd8e03c3053d9e448e1be5e7a5b842373bd7b16c2590e

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\logo_urtvbar.png

Filesize
25KB

MD5
9eb5e504ac41f9710138f990788e783d

SHA1
baa8dc158c2229d8efa16304f39f452bc9f4e739

SHA256
319dd9d23911379c73bae9a311360fc7d0684324454dac56f0fd326d7ba77e16

SHA512
34bddda8078747b9e633db25553f18b0ce5f5040d6103a7c10600775517ea778d33650a29799297e2b88363a4197dda6c863f86c6ae56d78db42a24aff8a1bb0

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\musica.png

Filesize
52KB

MD5
92b2dd131b26ca0771cd30e552884e91

SHA1
8c72cdce0a1950f958ff9dd096d7813ed485f83f

SHA256
76e6972a513155ee419e8b071002b462a3a4ae57a503640a62dfc2f94e40afdc

SHA512
7833d2a5791f45604e4c290730d30967d222facb40a9bdfb9625ae4147365b2708f32916c35aab479f9146d01b87bc435d5a6fa0fc1aa103c34aa2c2d6845938

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\ninias.png

Filesize
51KB

MD5
f07d826eb7c209462ede06e6bfd7d8dd

SHA1
1ea547aba57155fd3cd1a5ca4c2623049ea0bd8c

SHA256
9565599b7a1c2066ddd08ea152746e1b8a9d3268717ef5925dd7f060add4e630

SHA512
df44b6002f592869b59904f63c85e4d7d1391ca1b52353c115259278cec28cc5ce457a4bca287994ac1d545a36f8a6dbdf35fbec42f05455c485775b911c7302

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\noticias.png

Filesize
51KB

MD5
b83da5b82eb31dce1bbb98fd4029da3d

SHA1
00555aea60b16b127cfa731c4e29274589c8a5a8

SHA256
186dd343834b103d92f98b9ec6f5a911c69da347107ec75e7a2227bf89e22a71

SHA512
bf78074ddac912416a938adcf8bdfd9af24cf0fef121dc4345a457f30ce4c18f05724a615fe21782a021f6aed819cf67cf5cf7b4d92ea25b571a40422d44cc4b

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\peque.dll

Filesize
46KB

MD5
46fd28f5e3bd350d69324a5136b499d7

SHA1
683bb44ac881c963cf214d7000d2191065f7581c

SHA256
4a7f7bf7a94c103d4ad308ef3d4de5f21ef263ae265270ba1c748fd7f2102cc9

SHA512
98cba6905816e2325c5484213ce918f38091d4fa90421b9e31a660bc68ae700729744476f7337e49ece48bacead44adc7f1007c7e9ca96bf8b10c9487c3efb0c

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\plataforma.png

Filesize
2KB

MD5
52d0083a2dd60cb1bc7b24a15400a19a

SHA1
4e1759e14be55acb9fcc99c72e36fb26cb8f0a23

SHA256
ffb628e372a8a75698358d4a6bc8f094b677e7e5d01adfb3f824a9ff26238e3b

SHA512
ecea9586991d3a4e39b3a8d950d28453bec87f3e5e873e32b206e2a8bac8f1c189ee1779e21065123b0027be2f32eca0967380051ba511b655cb24161574f714

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\plataformas.png

Filesize
51KB

MD5
954f808a1c92fb3bbd7eb2ec12b9f111

SHA1
10eb6e353ce32f55531ff72b83ca3ba84a951231

SHA256
82a61854583623d48900bb64e8ad3b91b2b9fb08adecaa832b22b6b314adb99f

SHA512
2e1a3e66bbcfce307c6feafff423e4cb9857660d61c66ed6dcbd848daa007778ca56ab64910ee883537001816154b853a9b455b88dbab477de00dcd2fcac9cca

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\smses.png

Filesize
3KB

MD5
14a9051d7670f1dab33c516cf1a2f2ad

SHA1
7884a0039bee11d98b4dc5ee5e7f0b13d339153f

SHA256
2de78bbb04d50552627cc337ac3663f02644a53e3582e588c92e8e52dd68ec8a

SHA512
909afe6efe5bb784a9a51481934d3a6d0b10484c094cedf09f5d270c1141547c075bbada2d0e6198302c45f8ac52b9e3455a1c17d9e4e1659404d087eb0c9c85

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\tbcore3.dll

Filesize
2.5MB

MD5
cceaadc55eb13402f53544dade5183fb

SHA1
8871968463ad5a60475ec6c78f50f62558f79949

SHA256
0371791628b1ce5f6ea3134773a06f1766479859439e9bca5d855bee51393ee7

SHA512
e5f0ff94e04c1eabec7a5b919ef135fbb6d07ced6876a51228f76b4ad08a612bf3d00055f93772ecf1634f5677bb1d401e4bfbf7c8952704b775588d40c24d22

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\tbhelper.dll

Filesize
303KB

MD5
c971332990a06bf95210ed6f899ce22d

SHA1
0bda79a68d49aab9d5313be030b1deda3447cc37

SHA256
d002d04a0a0aaaaf22ef8fe81e16edf548e57d54744a7b3640d79d80d2159d8d

SHA512
049933b04c9896bfd2affcbcf07faf4bc50b047b6f9a3a9e7ac4ad2644d7040570e9d457b081019f183f204979571cfcb06f8356de6f25b14977eaee5fd500ed

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\toolbar_es.bmp

Filesize
33KB

MD5
4aa05d6f4a937d4bdf0f35ed71281ad5

SHA1
a854d9957ca7fd839a59966a767e7f3ad9038719

SHA256
f2e74be0f9bb0aefcb46c38adb3660989fd0466edaebe7724a1996b870cc6416

SHA512
3304423e5f788ec0f80521c691324822738fa294ba9a1ddd064e8427f4f40012c2a617b88bca71949dcd0df081c4479d81c2c48a659c87ddd12151b3c40636e3

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\toolbarconf_es.nsh

Filesize
1KB

MD5
031a4262f160f64ba0ff01cf99f6d436

SHA1
0d4532be72711a6eabc310c2f3464a16adfc8e38

SHA256
7797d14103faa6591656b95a9978ff7b94651eff898af680df2a0748ee79a028

SHA512
ef70dc82f4086bba6cb93d9566662c7ea602c2c9dd002355bd07e4a39a538759c1a729bc147bc4c583582190d763edf0d359f757c44f75856898b4a81d9a5c3f

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\uninstall.exe

Filesize
47KB

MD5
eba99b8eadc2239d2f702050d7ff226c

SHA1
8dbce65c8587c0f4671d09b48ef8f47d0580cb7c

SHA256
cebc178af1e0f75ee94aa390d161a06856c74593a52a51418dc006428eb73149

SHA512
e855b9346ba07440dc66b091d451585d80442ba73d7ff6b62a35af409bbe624972c844a1c216322303adc4eed3f39fc535b062f6479f19942c859db0d79c4287

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\uninstaller.exe

Filesize
98KB

MD5
2a8f6602d2e1747277a6a8e1167404ca

SHA1
f49589bc474b0f4251958df869d520f9e0660026

SHA256
7b1f460ade267b0301cb0d9f54971e3ea288ca89a53c3332494eb7d4b70504ba

SHA512
8e5ea5d05716ec153e11b8e3e8ccf67c6569037f61e96aa50b4a9dd22050d8f359bc1178a4e01285a557c93edf05cb41a42fdc1e77606d5c911f55dec0adb9fa

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\update.exe

Filesize
75KB

MD5
c0c8d6de70d3bdcd30fe8c825fedda7f

SHA1
34724e9bccd05d55a51a4491ef1533c11eb60e02

SHA256
1a4d3e8bfeffcef2e93a4d2495c89c0736a4464b202508138da0dacf7093ed42

SHA512
f9e5aefb2dcded815a8e5c8512518de2dcc1d6d0845960f1db5cd23078e42fcafa6caaee2a1135e93c3cdfd1b616da5990395ff60724c8d2c7aecb4ea253e99a

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\version.txt

Filesize
48B

MD5
f9a3ee844f52829d4d9f9a50a73c4a45

SHA1
071f61bb4eb8cc6565a2063d7013d34d47987ebf

SHA256
cd9c7adcfa5adb5ca22b2f8f2fb90b7e0c77bc0fb16d4b2c01d81213d44d3d6a

SHA512
83ceb3ad082b8cc8d1e9b0e3c7620c7d65b590eab78962d07dcfd438fe18b545253c475853092313333a0ea6acca2f68670dd96b37a88306152294815040dacc

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\videos.png

Filesize
1KB

MD5
69cc612eb08085220474a23f09542e2d

SHA1
74291b5cd87b74bb05940c92ef6a853d33af2b3f

SHA256
e0d8c738fb5fde259584588e776342cae3a1613587e81be153921a3dded47b10

SHA512
695fd8e43a573cda144c7e346f49cd764d53fec3dc044acfd1faeea5e66689883a44d74138749d761f0a23a761eb24db6c8fa961c521dfee1e3a901e8c19c8ac

Download Submit
C:\Program Files (x86)\Pequejuegos\tbunso7976.tmp\your_logo.png

Filesize
4KB

MD5
4f85d6b204fe0eb75858031af68b62fd

SHA1
85a2e6a6ba242c0cbd6027b0bee00fe47f9ac390

SHA256
f1f6901c53d9bc846c65ff79486c93c82ecd832912104b76f0e0a049883e0b1e

SHA512
d2be63b38b5012b1179d92c62327bdf703ee3b9762fdc98364ee35dd10a2c9dbb1120e83a36cd5ed8e7188708db70799dfff73d9030b5eba0761378955911e56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
672466e24f8e0de33cb81f2be14702e5

SHA1
9b1b747f201da00d83f9dde4acb36f83e2a3e9c2

SHA256
b7aba2fae69b59dd6516a184a21aa0e7835aa85695ed7e36fc0c559116a6180e

SHA512
944ca7127f6ac2e6e51d9378031da0e0826e0e72b3c9ec528c6878caf19e9f4062d7b5b389a4cff4df417e018d24d41a8eb00b6a8b81fc822ebef59d37333941

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e92c1906c0d97d18adab8dfec8d52ceb

SHA1
086a9755c847e282fa8ad02b03732daee1966619

SHA256
8e20a9f42ec1ee2c323ab31065152b56294042b603806247e61f8b956efa6cb1

SHA512
6521b7333e87f9013aa22513b15913cc2c2412b32b2f51924c8739dbb01d5059bbccf9b186112400c0f7b839581c16dfb4c5e8f485f4edf9f7d513060f325909

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4855599173a82aef142020bae492a6a

SHA1
c03b99edfe9349eb5eba8090cd613c8bd4831939

SHA256
32bd702b72c96720132f1e2b60670ffbd22fef66bb16b4aa54e8f7c9e148bc6f

SHA512
1e023ab2faefd29ce95a075b15258327586477b793d5b56fdf1ccfc1dd9a0adcae1afaccf6877291421ddb56a44fb9d15173759c4fb815d36f46d30aa7b25d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c85b320c6eff4a498b4d36ca89ecee3

SHA1
8784ad62ea3c92ca069993005f687245de2faf3e

SHA256
52e1da49e20342e2dd25f10c02cad2e78df17f633596999aa26134ae6f3ba939

SHA512
1b41a79c607e7cc964edf7113125e06975b0bc7907149cec2cdcf8552c9b5594a6cbe512a848016b25fa54aeda6bca16dd18b4c12267cf6dd5d9f5c236ccd6ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
055f0e2c49a24269060d13e774451065

SHA1
affa5023a8e9e1c4b0910fbf34716ceecaaf247b

SHA256
2b62492d1b7605bca103a6cde86e7edb718c6c3044c6a4de0cc0c1191178248f

SHA512
1a733a8f80c361af5e429214fc95072159bca9cae27cad7c98ace662c1daa64ff82599f8ff9b85bb2a41bb8ca4be3e122cc56cca0eb6f46bf7e261d481d16f06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8acb880ca7d6472f3ed499f1a94b61f6

SHA1
8019eaa1d80bcd1b4f3d7b6977e4ef06b5ae254c

SHA256
b8dfaece4cf2994b58e4fedf2eedd0da17fe5c08e057ac8467854c844a782212

SHA512
192c8b1432626dd8634f337610ba868157f7c0fc73d66b011ae41651d4de4a236ca646883a03c166c8a4b20830b3895bca0e3ee6fd5d54b2ce8ea43200817def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c126984f8bb6dc99a3207a2099906b9

SHA1
97af5be26132db77d30eb5b73f847a00571aebda

SHA256
224498584489c140d35e81cb8fc197c0d0a5529ccc66582fb55df654d9251c5e

SHA512
8b86faf8a58cf8d7199cb0652f829b09310e09223433def3f0f77d8365b38b59c4dd9d9b6fb2135b676733ccba8261a70030e16816b822006c310e1387ce9102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cc414aec65dd5fd1627a4f7b3d9e2a1

SHA1
a8cf742b02045b629eada42695e6f94efc3a412e

SHA256
fa6dbe61466534287260df79194070992bf72022a5c41771bb4726bd5caeeed5

SHA512
f93b656a6088b7aa3a6c64da84f81ca3703dd60be423aa8b9474495019d2091675f5c435502f888753d87f7ebc542238cf558be9b082a0d7b7586dd597ea246f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d47a2bfcf9523e312b9ed15795ec084

SHA1
c4674a1e02d845fa6c1a2e3444b9b4e06212ff85

SHA256
6e6ed4949964597c74cf12319c8e86f45c4c0acece6db10525f95ca272438b2b

SHA512
971d2e40edc6bae295a37961cbfce70f7b31e1ee0fd30b5ab325634b9ae6229818079c011459033aafc18c21b2f76105a2dc999ecf9a4c42590897511420d3ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ef26667cacc90c419f3304cdc9a8fe7

SHA1
3627e047382522b5fb762e1b0f06af9c58a0fde6

SHA256
10a6a33b0c7a2081991160cba04b326b69453607e74eceafd8b6cec86c59e724

SHA512
be35679debd3108930046cd411379fd3d89a965951b4446639cd3c26905e0a9631599a2d7e6affef0d1c3cd72224319a310b996d2bf5eb9cdd3f0db963acf9d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91ae5515ce9cb4d92d2cb6c2c7c28275

SHA1
a15c59279e803d4256ad655d3d43a125799eafbb

SHA256
679c806feeedf4d1cb82acb16f57b63ffbf725c06a608844ecc94eb6b413c19e

SHA512
3ada16397d4254455ba62d87769332484e89dba0445498e21250038b0e8aa3440b7f515741317d32729642a5dd6ca14d09b317ba06eeb14e010b9abf9be0ca6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6302dcc331ee46b5a37a5525fdec5f9f

SHA1
cc68f8b51ddef65e024bc2b5b830d5af18135d25

SHA256
90d3fe6064ff995d17ed05a899ab99a83c91b7ce875812b2e43015fa40dea6ce

SHA512
b0c14ce725740e1daf2a6ca95ba81a0be9193d60d6e8815b58fed5721fad99d75a2255d65a0d3e41274f0b6a44ff131e24a9f1774d868006d7e1c2529f259001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b951b0a52831fd4db729b1932adbb9f9

SHA1
7754eeccf1dcaffaaaa8d72df4ef71ef6c77cd41

SHA256
576b1b2e879e726a71a86b42900f64440f27625cecb642e0f2bedb988adde0b3

SHA512
3474ed5c17d903d0f65cf019352b5cf33a816bef5f303bead38d185a68d09f6d86db746f56bc6c4dbc2cd5b05ebdcd98beaaf1a2cf5326b7c2066b5952b74b5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72c025c450e377603e0304e448ffdba9

SHA1
3c1421a1c9d453d83fb171f3becb93f65cb9a6a9

SHA256
5333cccbb12bd8631839fffd477c7888d209a90ff554e350513873a4aa398dd7

SHA512
ea79ffec88ea87c83621b0dafd9835c5d4fc33d6a048d4c2250bb0f5f05005621560ff1ab922b3fec4587c03eebbb9e7ef7cc677c8dda2b147780954305aab3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63b4524f6fed8fb3b01fbcf494548106

SHA1
422b96480d44c4e63a5f5f478c12ec6a39afa05e

SHA256
c4af8d249d034d497fba8bde55435322b53bd270ca358d1f452e61445fb6013c

SHA512
c85faea412d0646cbe5a55b88c36648387d70de7b25267867e9bf1046bbcaa0963e5b85fe86a6fa4281329dd2aebe17c8439e356bb75e1b071ceb564b2e731f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a578324ca7b76c20d65e332586b51ae

SHA1
aafcd753cfb53697a1b0038d6d9b373c985863fd

SHA256
a54fdd39ebb1493cdd74ce0811fb122e6e3ce240ac8ed283389322e4f3672a1d

SHA512
f2681349a94ca2e7a61be57a302dd06a81662a2296571643bca18148a30ed6e3be694c7a3cc9bfda4ff080ad1a5572feadc46254762510a87f619641b8dbf2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e4a1c9094ad8b3339fb10858c26aabe

SHA1
9ccec4ef8828a9c068c25c80f69120b6a20b954c

SHA256
51f9aa047d0416bc8f42626a86d9f989956c8fba932be9fcb7c1cf6e785ea1b5

SHA512
a57b3063a56a124dd49ab45ff82bdb33ef8622fa5adc8da00ca0b9f547fcd5db43c28a3f7a21f92104f4f538413479d90f3caadc431526d54943a196f8ebc7ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab12DA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12FE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj781E.tmp\CabDLL.dll

Filesize
80KB

MD5
3b8cf4f6c883c7ca0c964ef2a96525aa

SHA1
7f0d1b89783056decea951fa7b25d3c4c354d0d3

SHA256
58b29737613b3b916ae6d8ad12790da5cffcf0f354739abfa41bab60a80d40ea

SHA512
6474c7a8fb31c0e1cdbb4fbc5653a060961557565484ee2d26beb8be0e5d047790f8ff96710729bf5ee9eb00011beb98c370eb2ae01aa4ad0971f58910ebcd24

Download Submit
C:\Users\Admin\AppData\Local\Temp\parametrosFFtp.vbs

Filesize
6KB

MD5
5ec59b5ac77266afc3a93dbe77f38633

SHA1
4e1d8dcf106cae18384995b489682012c5d4443f

SHA256
afc23f0eaebd37f645e9a8f95592b74f3910e1330d8604dc6aa6a0a1002adb56

SHA512
2e93e4139a61c351fd40a82eb8d09e6e5e79253c319dc9556cb2201f794a86bb8cb7c582450afb4f978d31d6279c1175c41a889d763beca5139cd5713cbdd685

Download Submit
C:\Users\Admin\AppData\Local\Temp\peque.cab

Filesize
1.8MB

MD5
744f20b624c28ebc10d796c1396e4e3e

SHA1
19ce646383a286088741c5631288ece62c99a287

SHA256
8c1638dcfabc1ace9f40c74295b4c4b7ee4863e196e607586013a6f8cf77f59b

SHA512
8aa755aa3e4a6ddb5854a35f2b2ceb4a3a395c6fb0038c995b2d1d76e7168802fa8f8406bc17d46cd712efa80f1e90f12c945dfa0b36f3819c7696d072888113

Download Submit
\Users\Admin\AppData\Local\Temp\nsj781E.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj781E.tmp\UAC.dll

Filesize
13KB

MD5
bcec2a6095d38abc192a68d094c302d0

SHA1
9e88c5b957b45524690513b75d81dee259d5d599

SHA256
446000200eff4f9c20761ce1680902daba190c81a57154f4917b1741d7800e3c

SHA512
b48e85a17904a104eef573358763a0b1215eec96f72f83ff544d2dab22737bc42411ca505adf3f7e95c6f7e7997ad3e408f258093727105b678d5eee8d8e6278

Download Submit
\Users\Admin\AppData\Local\Temp\nsj781E.tmp\inetc.dll

Filesize
24KB

MD5
ef630cf1898c257df36b1037bd1e5392

SHA1
b2c47d9a741d2b5391387059552b37f2daddade2

SHA256
41776a77b4e3bba1c3e70d10b9f560248148b8f2c45d39d4cd8683754112860f

SHA512
986b405d723294ff5b3649f899bc048c5693bd386dc3f489b390ccb1d56e8e65a9dbe6d0863d553525ce93d505a162eaa087faf4b4c5133345c3330d01327211

Download Submit
memory/2100-431-0x0000000002780000-0x00000000027D4000-memory.dmp

Filesize
336KB

Download
memory/2100-423-0x00000000005C0000-0x0000000000614000-memory.dmp

Filesize
336KB

Download
memory/2756-450-0x0000000003AB0000-0x0000000003D41000-memory.dmp

Filesize
2.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads