3015d33bd080947518976132aab36686a17777813f757c2c729c14bc3fc2dc68

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CyberBuddyFREESetup.exe
Size

53.0MB
MD5

2949c5b7d4af460ce10d9e5ccdf3e361
SHA1

e93f2716bb57ce05c7039d819cc4fa2ed1049cc5
SHA256

3015d33bd080947518976132aab36686a17777813f757c2c729c14bc3fc2dc68
SHA512

c0e171f4b2a2d3782ce0fd74af922b2fe19c28b09fb8739ef0c9c52df9ffd113f758ca23e370a3dff51f1a703ddcba7364f6753abd0a8434d320f28478ea7828
SSDEEP

1572864:4eiVJyjnmF1puzYSSOHEk9A48zjyD0madTQ5:4N4DmLMYO9B8zjyD7adTQ5

Score

8^/10

discovery persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

tv_enua.exespchapi.exespchcpl.exemsttsa22L.exeMSagent.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	spchapi.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	spchcpl.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	msttsa22L.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSagent.exe

Executes dropped EXE 11 IoCs

Processes:

CBsetup.exeMSagent.exeAgentSvr.exetv_enua.exespchcpl.exespchapi.exemsttsa22L.exemerlin.exegenie.exepeedy.exerobby.exe

pid	process
1488	CBsetup.exe
1140	MSagent.exe
4520	AgentSvr.exe
1448	tv_enua.exe
1652	spchcpl.exe
3540	spchapi.exe
4484	msttsa22L.exe
1392	merlin.exe
4428	genie.exe
2108	peedy.exe
1848	robby.exe

Loads dropped DLL 15 IoCs

Processes:

MSagent.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exetv_enua.exeregsvr32.exeregsvr32.exespchcpl.exespchapi.exemsttsa22L.exe

pid	process
1140	MSagent.exe
3140	regsvr32.exe
116	regsvr32.exe
4336	regsvr32.exe
5044	regsvr32.exe
1900	regsvr32.exe
4440	regsvr32.exe
464	regsvr32.exe
1448	tv_enua.exe
2212	regsvr32.exe
2212	regsvr32.exe
980	regsvr32.exe
1652	spchcpl.exe
3540	spchapi.exe
4484	msttsa22L.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

tv_enua.exerundll32.exerundll32.exerundll32.exerundll32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	rundll32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

CyberBuddyFREESetup.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\AUTORUN.inf	CyberBuddyFREESetup.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\AUTORUN.inf	CyberBuddyFREESetup.exe

Drops file in System32 directory 6 IoCs

Processes:

tv_enua.exespchcpl.exe

description	ioc	process
File created	C:\Windows\SysWOW64\SETA09A.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\SETA856.tmp	spchcpl.exe
File created	C:\Windows\SysWOW64\SETA856.tmp	spchcpl.exe
File opened for modification	C:\Windows\SysWOW64\speech.cpl	spchcpl.exe
File opened for modification	C:\Windows\SysWOW64\SETA09A.tmp	tv_enua.exe

Drops file in Program Files directory 38 IoCs

Processes:

msttsa22L.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB066.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\female.vce	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07E.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\msttssyn.dll	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB067.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\male.vce	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07C.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07D.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\wttsa22.dll	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB066.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB067.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB068.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB069.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB06A.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\male.cfg	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\~TMP4352~.TMP	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\female.cfg	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07D.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07F.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07F.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB065.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\mark.vce	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB06A.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB068.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\mark8.vce	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\melanie8.vce	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07B.tmp	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07B.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07C.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\wttsm22.dll	msttsa22L.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB07E.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\melanie.vce	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\sam.vce	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB069.tmp	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\sam.cfg	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\wttsf22.dll	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\wttss22.dll	msttsa22L.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\SETB065.tmp	msttsa22L.exe

Drops file in Windows directory 64 IoCs

Processes:

tv_enua.exespchapi.exerundll32.exeMSagent.exerundll32.exerundll32.exerundll32.exespchcpl.exemsttsa22L.exerundll32.exe

description	ioc	process
File created	C:\Windows\INF\SETA099.tmp	tv_enua.exe
File opened for modification	C:\Windows\speech\SETA8E8.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\Vdict.dll	spchapi.exe
File created	C:\Windows\msagent\chars\SETB844.tmp	rundll32.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSagent.exe
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSagent.exe
File opened for modification	C:\Windows\INF\agtinst.inf	MSagent.exe
File opened for modification	C:\Windows\fonts\SETA089.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET96BA.tmp	MSagent.exe
File opened for modification	C:\Windows\occache\tv_enua.exe	rundll32.exe
File created	C:\Windows\msagent\chars\SETC3EC.tmp	rundll32.exe
File created	C:\Windows\msagent\chars\SETCFB4.tmp	rundll32.exe
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSagent.exe
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSagent.exe
File opened for modification	C:\Windows\lhsp\tv\SETA086.tmp	tv_enua.exe
File created	C:\Windows\speech\SETA8FB.tmp	spchapi.exe
File created	C:\Windows\msagent\intl\SET96DC.tmp	MSagent.exe
File created	C:\Windows\lhsp\help\SETA088.tmp	tv_enua.exe
File opened for modification	C:\Windows\speech\XTel.Dll	spchapi.exe
File created	C:\Windows\speech\SETA8FD.tmp	spchapi.exe
File created	C:\Windows\speech\SETA900.tmp	spchapi.exe
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSagent.exe
File opened for modification	C:\Windows\msagent\intl\SET96DC.tmp	MSagent.exe
File opened for modification	C:\Windows\speech\vtxtauto.tlb	spchapi.exe
File created	C:\Windows\msagent\SET9696.tmp	MSagent.exe
File opened for modification	C:\Windows\msagent\SET96B8.tmp	MSagent.exe
File created	C:\Windows\speech\SETA8C3.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\spchtel.dll	spchapi.exe
File created	C:\Windows\msagent\SET9673.tmp	MSagent.exe
File created	C:\Windows\speech\SETA8FC.tmp	spchapi.exe
File opened for modification	C:\Windows\msagent\chars\SETB844.tmp	rundll32.exe
File opened for modification	C:\Windows\help\spchcpl.hlp	spchcpl.exe
File opened for modification	C:\Windows\speech\SETA8E9.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETA8FF.tmp	spchapi.exe
File opened for modification	C:\Windows\help\SETA857.tmp	spchcpl.exe
File created	C:\Windows\speech\SETA8E7.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETA8FB.tmp	spchapi.exe
File opened for modification	C:\Windows\SETB064.tmp	msttsa22L.exe
File created	C:\Windows\INF\SETB080.tmp	msttsa22L.exe
File created	C:\Windows\msagent\SET96A6.tmp	MSagent.exe
File created	C:\Windows\INF\SET96BA.tmp	MSagent.exe
File created	C:\Windows\lhsp\tv\SETA086.tmp	tv_enua.exe
File created	C:\Windows\speech\SETA8E6.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETA8FA.tmp	spchapi.exe
File created	C:\Windows\speech\SETA8FE.tmp	spchapi.exe
File opened for modification	C:\Windows\delttsul.exe	msttsa22L.exe
File created	C:\Windows\msagent\SET9685.tmp	MSagent.exe
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSagent.exe
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\SETA088.tmp	tv_enua.exe
File created	C:\Windows\msagent\chars\SETDB7B.tmp	rundll32.exe
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSagent.exe
File opened for modification	C:\Windows\INF\SETA099.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSR.dll	spchcpl.exe
File opened for modification	C:\Windows\speech\SETA8FD.tmp	spchapi.exe
File created	C:\Windows\msagent\SET9684.tmp	MSagent.exe
File created	C:\Windows\help\SETA857.tmp	spchcpl.exe
File opened for modification	C:\Windows\speech\WrapSAPI.dll	spchapi.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\speech\vcmd.exe	spchapi.exe
File created	C:\Windows\speech\SETA8FF.tmp	spchapi.exe
File opened for modification	C:\Windows\INF\msTTSa22.inf	msttsa22L.exe
File created	C:\Windows\speech\~TMP4352~.TMP	spchapi.exe
File opened for modification	C:\Windows\speech\SETA8C3.tmp	spchapi.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

runonce.exerunonce.exerunonce.exerunonce.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeAgentSvr.exespchapi.exeregsvr32.exeregsvr32.exeregsvr32.exemsttsa22L.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\FLAGS	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2835060-44DB-101B-90A8-00AA003E4B50}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28016060-4A47-101B-931A-00AA0047BA4F}\ProxyStubClsid32\ = "{B9BD3860-44DB-101B-90A8-00AA003E4B50}"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\1\ = "0,4,FFFFFFFF,C2ABCDAB"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66523042-35FE-11D1-8C4D-0060081841DE}\MiscStatus\	spchapi.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F440FB4-CE01-11cf-B234-00AA00A215ED}\ = "IVCmdNotifySinkExW"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LWVFile	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92655FB1-ADF9-11d1-BEB9-006008317CE8}\InprocServer32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FC9E7401-6058-11D1-8C66-0060081841DE}\1.0\0\win32\ = "C:\\Windows\\speech\\Xtel.dll"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C63A2B30-5543-11b9-C000-5611722E1D15}\ = "IVCmd_PSFactory"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB96B400-C743-11cd-80E5-00AA003E4B50}\ = "Audio Destination Object"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05EB6C61-DBAB-11CD-B3CA-00AA0047BA4F}\ProxyStubClsid32\ = "{B9BD3860-44DB-101B-90A8-00AA003E4B50}"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B445334-E39F-11d1-BED7-006008317CE8}\ProxyStubClsid32\ = "{B9BD3860-44DB-101B-90A8-00AA003E4B50}"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66523042-35FE-11D1-8C4D-0060081841DE}\ = "VCommand Class"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05EB6C63-DBAB-11CD-B3CA-00AA0047BA4F}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A02C2CA2-AE50-11cf-833A-00AA00A21A29}\ProxyStubClsid32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEE78591-FE22-11D0-8BEF-0060081841DE}\VersionIndependendProgId\ = "DirectSS.DirectSS"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BCFB4C60-44DB-101B-90A8-00AA003E4B50}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A04-459B-11d1-BE77-006008317CE8}\InprocServer32\ = "C:\\Windows\\speech\\spchtel.dll"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\MiscStatus\1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8F6FA20-E095-11cd-A166-00AA004CD65C}\ = "IVMsgDialogsA"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A02-459B-11d1-BE77-006008317CE8}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66523042-35FE-11D1-8C4D-0060081841DE}\ToolboxBitmap32\ = "C:\\Windows\\speech\\Xcommand.dll,1"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD913803-5CA2-11d2-A1E6-00A0C913D1EF}\InprocServer32	msttsa22L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E97F05C0-81B3-11ce-B763-00AA004CD65C}\ProxyStubClsid32\ = "{B9BD3860-44DB-101B-90A8-00AA003E4B50}"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0FA8F40-4A46-101B-931A-00AA0047BA4F}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4E3D9D1F-0C63-11D1-8BFB-0060081841DE}\ToolboxBitmap32\ = "C:\\Windows\\speech\\Xlisten.dll,1"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D67C0280-C743-11cd-80E5-00AA003E4B50}\InprocServer32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C7F3F20-8BAB-11d2-9432-00C04F8EF48F}\MiscStatus	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2398E32F-5C6E-11D1-8C65-0060081841DE}\InprocServer32\ = "C:\\Windows\\speech\\Vtext.dll"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9F11A90-90E3-11d0-8D77-00A0C9034A7E}\ = "DirectSound Destination Object"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2EC5A8A5-E65B-11d0-8FAC-08002BE4E62A}\InprocServer32\ = "C:\\Windows\\speech\\Speech.dll"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F546B340-C743-11cd-80E5-00AA003E4B50}\ProxyStubClsid32\ = "{B9BD3860-44DB-101B-90A8-00AA003E4B50}"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}\InprocServer32\ThreadingModel = "Apartment"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server.2\ = "Microsoft Agent Server 2.0"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A01-459B-11d1-BE77-006008317CE8}\InprocServer32\ = "C:\\Windows\\speech\\spchtel.dll"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66523042-35FE-11D1-8C4D-0060081841DE}\Version\ = "1.0"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{492FE490-51E7-11b9-C000-FED6CBA3B1A9}\ProxyStubClsid32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{88AD7DC7-67D5-11cf-9B8B-08005AFC3A41}\ = "IVDctDialogsW"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}\InprocServer32\ = "C:\\Windows\\speech\\Vdict.dll"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F440FB8-CE01-11cf-B234-00AA00A215ED}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60462311-3373-11D1-8C43-0060081841DE}\1.0\0	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D59DED2-E367-11d1-BED7-006008317CE8}\ = "IAttributesA"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A02-459B-11d1-BE77-006008317CE8}\InprocServer32	spchapi.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

CBsetup.exe

pid process

1488 CBsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

CyberBuddyFREESetup.exeCBsetup.exeMSagent.exetv_enua.exespchcpl.exespchapi.exemsttsa22L.exe

description	pid	process	target process
PID 4292 wrote to memory of 1488	4292	CyberBuddyFREESetup.exe	CBsetup.exe
PID 4292 wrote to memory of 1488	4292	CyberBuddyFREESetup.exe	CBsetup.exe
PID 4292 wrote to memory of 1488	4292	CyberBuddyFREESetup.exe	CBsetup.exe
PID 1488 wrote to memory of 1140	1488	CBsetup.exe	MSagent.exe
PID 1488 wrote to memory of 1140	1488	CBsetup.exe	MSagent.exe
PID 1488 wrote to memory of 1140	1488	CBsetup.exe	MSagent.exe
PID 1140 wrote to memory of 3140	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 3140	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 3140	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 116	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 116	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 116	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 4336	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 4336	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 4336	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 5044	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 5044	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 5044	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 1900	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 1900	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 1900	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 4440	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 4440	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 4440	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 464	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 464	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 464	1140	MSagent.exe	regsvr32.exe
PID 1140 wrote to memory of 4520	1140	MSagent.exe	AgentSvr.exe
PID 1140 wrote to memory of 4520	1140	MSagent.exe	AgentSvr.exe
PID 1140 wrote to memory of 4520	1140	MSagent.exe	AgentSvr.exe
PID 1140 wrote to memory of 4068	1140	MSagent.exe	grpconv.exe
PID 1140 wrote to memory of 4068	1140	MSagent.exe	grpconv.exe
PID 1140 wrote to memory of 4068	1140	MSagent.exe	grpconv.exe
PID 1488 wrote to memory of 1448	1488	CBsetup.exe	tv_enua.exe
PID 1488 wrote to memory of 1448	1488	CBsetup.exe	tv_enua.exe
PID 1488 wrote to memory of 1448	1488	CBsetup.exe	tv_enua.exe
PID 1448 wrote to memory of 2212	1448	tv_enua.exe	regsvr32.exe
PID 1448 wrote to memory of 2212	1448	tv_enua.exe	regsvr32.exe
PID 1448 wrote to memory of 2212	1448	tv_enua.exe	regsvr32.exe
PID 1448 wrote to memory of 980	1448	tv_enua.exe	regsvr32.exe
PID 1448 wrote to memory of 980	1448	tv_enua.exe	regsvr32.exe
PID 1448 wrote to memory of 980	1448	tv_enua.exe	regsvr32.exe
PID 1448 wrote to memory of 2288	1448	tv_enua.exe	grpconv.exe
PID 1448 wrote to memory of 2288	1448	tv_enua.exe	grpconv.exe
PID 1448 wrote to memory of 2288	1448	tv_enua.exe	grpconv.exe
PID 1488 wrote to memory of 1652	1488	CBsetup.exe	spchcpl.exe
PID 1488 wrote to memory of 1652	1488	CBsetup.exe	spchcpl.exe
PID 1488 wrote to memory of 1652	1488	CBsetup.exe	spchcpl.exe
PID 1652 wrote to memory of 3540	1652	spchcpl.exe	spchapi.exe
PID 1652 wrote to memory of 3540	1652	spchcpl.exe	spchapi.exe
PID 1652 wrote to memory of 3540	1652	spchcpl.exe	spchapi.exe
PID 3540 wrote to memory of 4984	3540	spchapi.exe	grpconv.exe
PID 3540 wrote to memory of 4984	3540	spchapi.exe	grpconv.exe
PID 3540 wrote to memory of 4984	3540	spchapi.exe	grpconv.exe
PID 1652 wrote to memory of 2152	1652	spchcpl.exe	grpconv.exe
PID 1652 wrote to memory of 2152	1652	spchcpl.exe	grpconv.exe
PID 1652 wrote to memory of 2152	1652	spchcpl.exe	grpconv.exe
PID 1488 wrote to memory of 4484	1488	CBsetup.exe	msttsa22L.exe
PID 1488 wrote to memory of 4484	1488	CBsetup.exe	msttsa22L.exe
PID 1488 wrote to memory of 4484	1488	CBsetup.exe	msttsa22L.exe
PID 4484 wrote to memory of 1780	4484	msttsa22L.exe	grpconv.exe
PID 4484 wrote to memory of 1780	4484	msttsa22L.exe	grpconv.exe
PID 4484 wrote to memory of 1780	4484	msttsa22L.exe	grpconv.exe
PID 1488 wrote to memory of 1392	1488	CBsetup.exe	merlin.exe

C:\Users\Admin\AppData\Local\Temp\CyberBuddyFREESetup.exe
"C:\Users\Admin\AppData\Local\Temp\CyberBuddyFREESetup.exe"
1⤵
- Drops autorun.inf file
- Suspicious use of WriteProcessMemory
PID:4292

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CBsetup.exe
.\CBsetup.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1488

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\MSagent.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\MSagent.exe /Q:A
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1140

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:3140

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:116

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:4336

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
4⤵
- Loads dropped DLL
PID:5044

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
4⤵
- Loads dropped DLL
PID:1900

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
4⤵
- Loads dropped DLL
PID:4440

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
4⤵
- Loads dropped DLL
PID:464

C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
4⤵
- Executes dropped EXE
- Modifies registry class
PID:4520

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tv_enua.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tv_enua.exe /Q:A
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1448

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
4⤵
- Loads dropped DLL
PID:2212

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
4⤵
- Loads dropped DLL
- Modifies registry class
PID:980

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\spchcpl.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\spchcpl.exe /Q:A
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\spchapi.exe /q:a
4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3540

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
5⤵
PID:4984

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\msttsa22L.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\msttsa22L.exe /Q:A
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4484

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
4⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\merlin.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\merlin.exe /Q:A
3⤵
- Executes dropped EXE
PID:1392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Merlin.inf
4⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1900

C:\Windows\SysWOW64\runonce.exe
"C:\Windows\system32\runonce.exe" -r
5⤵
- Checks processor information in registry
PID:792

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, RemoveCabinet
6⤵
- Drops file in Windows directory
PID:2152

C:\Windows\SysWOW64\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
6⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\genie.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\genie.exe /Q:A
3⤵
- Executes dropped EXE
PID:4428

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\genie.inf
4⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:3612

C:\Windows\SysWOW64\runonce.exe
"C:\Windows\system32\runonce.exe" -r
5⤵
- Checks processor information in registry
PID:1728

C:\Windows\SysWOW64\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
6⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\peedy.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\peedy.exe /Q:A
3⤵
- Executes dropped EXE
PID:2108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Peedy.inf
4⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:3584

C:\Windows\SysWOW64\runonce.exe
"C:\Windows\system32\runonce.exe" -r
5⤵
- Checks processor information in registry
PID:856

C:\Windows\SysWOW64\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
6⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\robby.exe
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\robby.exe /Q:A
3⤵
- Executes dropped EXE
PID:1848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Robby.inf
4⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:116

C:\Windows\SysWOW64\runonce.exe
"C:\Windows\system32\runonce.exe" -r
5⤵
- Checks processor information in registry
PID:4892

C:\Windows\SysWOW64\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
6⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Apps\CyberBuddy\Skins\Skin_GrayLined.gif

Filesize
3KB

MD5
943c65305dd515d223aca6cab0b49e8b

SHA1
c773be8b10a20c6dc7012163bc9bfbc2ab87fa1d

SHA256
c07544bb3e9f5297ceeeeda1c42240a076b6cec1326f6a67ad9b24245e40550f

SHA512
fe3eb7f6ab9fd7ca44cb69070a57e5fd3b12b2a924da5e6a539e80caad9638873cb64cfae1400894bfdc146455633c6e41367e8997ceef2ffbc97864433b4f73

Download Submit
C:\Apps\CyberBuddy\Skins\Skin_Neon.jpg

Filesize
20KB

MD5
ec49c7f1149629bf0b08b240d6456d46

SHA1
83a76df96126f9a2934d63b178f825343cec8b92

SHA256
2018cffd161c8f7d4f59dbe0ab399a0c2410480ac8443d11848de66888d09b9e

SHA512
b1395cc444741c2baf28ca5b13186be322196ca1914230439597b9b86663fccc7c4e25a0d139bbaa25e815edb215ae894a8d582170946b3889cd30668598bb1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\AutoCorrect.bak

Filesize
5KB

MD5
40e4e24f12cb613916712ddfdc6a5963

SHA1
b1bd390d63ea70bdd80ae11575dc8774220588ee

SHA256
f28a31ff364f6129cf5efe2b37e90768ee45c4609f81fc373612d66e4548ef33

SHA512
86e778fd4ae36d44392650f3490a92eba64e67517ce098686a6e8be59950e46594469c4aef55cba2f0d320605b853ca6c3aa9dbdbfec0b1b7ce27e3c98290ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CBSetup.exe

Filesize
521KB

MD5
af2f8405ec7c8a6a9622001b48f8034a

SHA1
1ed083d5901fde8dc10d79b889ff39cbb7aa6bc7

SHA256
a61fbbac49ffdfb42c7bbd4e4538e0ac22ecf09d63032d29e01a43fda7954884

SHA512
0ddc6fa3a4ae3089452a34b934c030a32d636bc1f4aa3a99da2a9c7a4a188b58961968edff6e2ad5d1038bd0d8898616368db668006a7f1057efb6f4817adc41

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CBmaskLargeFont.msk

Filesize
1KB

MD5
f7f7b07a7c0dfb2857a729c55d69180b

SHA1
102132cfb915e75444e8e4634266ea08eb3326d8

SHA256
a454635383d4ac12203d4426c0a61e039feda2d76a13b2495046c5ad56dfba4b

SHA512
7469d99687ca43eb009c5dd72a7f3cf01dd8eeabd96b7f03e38c32b584d4386d3259235e0d0c7b94f5080440b7039e661b426764b870544694e013e04c6f6c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CBparms.bak

Filesize
3KB

MD5
d81e08ea1f09a9e1b888cba00e206841

SHA1
7059437dd4d16ef5a8f14f24a5202ce30f351b88

SHA256
4885dc89cc3f08f63c80f2a48efa2d58c1b4b9a6cda9f4c2019f9f7e16b9b35d

SHA512
a77831cc191bc4b52adfaffc728b80b95dcd866224646193a01050a388eb1c7d1bb8fee6e9a9b08630939783fe6f558386223940ea7fb4c93147bc6b49c6c658

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CBrestart.exe

Filesize
444KB

MD5
f7695e3191d60d0494b3926b891df944

SHA1
6575fd4073c6ff28622852e8a826419dd70b6d0a

SHA256
21ee99073a7a300d27884ed2137b425391f47f0a8ccd3a495dc3d4058df7455f

SHA512
18d2f4dac1eaea9253ed339322251d4df818ea7a9e7b955ec795f7d911a8430abf33b7672b078568bb7ce7533d8daee4e9e79c0f056b6ed5a1a0e45ca09bc87a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CYBERBUDDYHELP.HLP

Filesize
539KB

MD5
006836bfe3c7c0437467b57658237f2a

SHA1
6ded284f28c6cc6c8095c5180f79160189197dc6

SHA256
b9ec7e33a267943286e61d79b969baa2ba87f95a04ab83208c97e028ccb94859

SHA512
5c78fb5d45f60ebb8911f0ab3f1e5d6a2b5db0d9bd1a252f9551be65b11e871d57bf43c8234f9d7d1491c6fb17a5504119bcdd7241cc8f076d4aa46635a53026

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\ClockChime.wav

Filesize
58KB

MD5
349fbc716701fa60dd19f4324a0a58e9

SHA1
c6ae3137c8be41c894d93c67051a559ba34d681b

SHA256
88f964b1e25be35398e5c123868c879e03bf38a7605562c8a03fbb6441c51c1b

SHA512
9789a6a711965fa24c0acd43be0490597f55a789e34a942bb9b4d191fc4fb755f8fbaacf300797790992c11a036266b0b6123c58f672b67af25eee8e486d9552

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CuckooClock.wav

Filesize
17KB

MD5
c207e330b9217e36d9fb54bd7daf0940

SHA1
98d2c72b3ca3b8dcf70663532fe18d14d73fa108

SHA256
00674c6b17e8e8a6c4e4178a547d079baab5b0b5682744d1f8773fc71995a4e1

SHA512
641f04f1cda87908163418f52a4fa3f958612befd2a1d8ec2ba5ed13cb4c84b70406201acf183482e199eaedbe8d40fdb7a0821552ce0cbd3013273d42b762ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CyberBud.exe

Filesize
2.8MB

MD5
68186a7f56908fa0c76df9d073317454

SHA1
800ebcb767c2f81faee2299e82741ac45a3d6d9b

SHA256
40ba0639ce6ad40a3ed3eb6276f4a71d68fb2b6229b11ea7e237158c2a469e1d

SHA512
75c176601d09d3c2bc246e933d22fd02aaae63632c88653a421b31f3909eda25009464da10480ff1984142c94c13f4a3afb69f71b9ba9c922bb8312a5d0cbe39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\CyberBuddyHelp.cnt

Filesize
1KB

MD5
5e94de4acd1cb93f1a1bf76f3c54e8ee

SHA1
566a518f5071e9bfdf19c667c6b7c405dbd5f666

SHA256
9f019eb0a16e072c97baf8696372a3b24a59a57c90753ce0ebff86c91ece6052

SHA512
ce7999820742d8ea95d7d30595cbe2e0399f7cc8fd58b3068750d164e05b9a0658c36ed8dcb71e334d0339131b3f476c7f2adf109871ed04a6d59d26d94e938e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\PageSound.wav

Filesize
77KB

MD5
74ff2a3f0ef4424f1727f657a3dc7ec0

SHA1
ec4709919d88aad50fda4411108e2f07b2ccd600

SHA256
2df527030a971aade2039b3744d688bf57ac043c24d54b1a879efa6468d6fa9a

SHA512
0cb3e3e46dc6478a8c64fad06d173b0c58ce1f424f70b6d3a67645491f35d81a64d4129145e16e0cef4bf7de421a5bcfaa110e24b819db70a6e5d8db226e9376

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\SkinGrayMarble.gif

Filesize
30KB

MD5
7db42cb8451055aaa603989a1d6bf672

SHA1
adc5bd4c83d783b9b104f01c58493435c26dc2e0

SHA256
239ba32959b2b9d6494ae62ae6d2273e7128361da41958dcb13ffcd759476116

SHA512
5b63a5a8f6fc8cc9eec093c5ef0e48bc5af46a2b9d463889caa0a1dd759d7598918b52003225217d84fc5033f61d0f7b06740265f57b73f06ce7b1f5e32ddf3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\Skin_Blue_Speck.gif

Filesize
15KB

MD5
318b7158c0d65568a5b4d1cab2b1024d

SHA1
a44254d80965d81457c12ac852a10f996d749f7a

SHA256
5120c33fbded565889a23259152064e78a3161e5bd6b487751ab3d4bb0c516d4

SHA512
8a94da034a584ef738ec5a5bbeed4170e7b605e52cc0c92530ddcded9b05cc669038cfcd1b8fe4943978d9aeb1acb8ece520f9e7b9d497f3f6f435d51a5f73da

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\Skin_Color_mix.gif

Filesize
28KB

MD5
b7a8a4941f700829d6574e3fad0dc8bc

SHA1
84b1dd3cf0725d9e2f4ed64f2cf4e2f01c0fd67e

SHA256
1fd5db687df1e46e56c0de454428c76111c6f68bcf0ece8d7bbd9a8f3164c973

SHA512
bd5a54a01cd78cbaaddb71fad2c027559434137fc6f87ccd4f7b546475f6484fed85390e08fac150b1a65d002a40ca857c530b9357643dc52e540ffaa338d649

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\Skin_Machine.gif

Filesize
16KB

MD5
769ff27e9de2204fd9eb63dc84e0fed2

SHA1
15a2720671bb50728d51414f82d216fa3d6100d5

SHA256
d228968f18bd9bf2d24f2380361dda56c3f6bb30c72cba6c435173625f4c0b5e

SHA512
50fbd3243ad5f75e725eaaa6516cb3a41cf7b2fa8363f87374ba8bf9e566c7c180752869c4c9e5b9a119597189d4ba6728f373520d63386ee6d084c85e30fe5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\Skin_PurpleBar.jpg

Filesize
21KB

MD5
f01359c0709dcdc0a318101ca5c8fa57

SHA1
ca61d47b4cf4ae56cfe2b7228bdc90cfdbd68a82

SHA256
4a8312292588df14df079bb4ad225b317c420af864a6142810d40a1d35cb8837

SHA512
e3ae6aeb4afa51c07d34858956789010dc9b1ad0d54c5b275c53455cbb742191a5fc94d395007fdc4f4562713616db12feba48fd0ae53e8b4f414e54a393f70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\Skin_RedSand.gif

Filesize
28KB

MD5
96d4d4dedda7d506fe4bc0b8309d7d05

SHA1
85842c910f23b2551e6ab3f6a87fe5253b9c7b4b

SHA256
75f5e279409c8fb202b8a951c57a430a19a9f30bf94e65dbfbdf92c76411b16f

SHA512
396b7c5e6a1dfd5ca602b4e89d33c399c99a7aab69b8f93ea9b71dac57fc4576b2cb346af835aebf895fbf049377905515a8e4f425cc0d4068a9d36355f31540

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\Skin_Red_Line.gif

Filesize
3KB

MD5
90ef93a4566b1b74a7f4377db8491efe

SHA1
df8d08c29d1749c606cd2a67f14dc7f92e402a81

SHA256
ec29111f8c8ba72bb573a3718b4674f8e200104d79232841f104947eed7a27b5

SHA512
f95aaa3e57b947c72192b0ecbefd7e9dbed7a8910b29296a67ccec72bf4e8632b8aa29a542c58db062d4731376d04d05dfaf13cca3b89700899d097b9646ba44

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\SoundFX.txt

Filesize
11KB

MD5
46167545dbc1eb7feba0538cc09ec60c

SHA1
a62f2e4cce78d08439bfc0c74ecbfd5d6b333c77

SHA256
37f3581c33d0643d570c26cba5754c3ffa99148661772a714e806cc7f1d3d83d

SHA512
d30f0970073b271bf1733c24dd59dc0906df5746aea39532ebbab2d95bc72bc52fab7350896af30b007cc2d0edf639267b474ea2c46913f68bea7bf05e268a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\UserResponses.txt

Filesize
179B

MD5
14b1455caaf92d242a32535148985924

SHA1
d43aefefa0de63b6a4c0ae294d6481391c4e44b9

SHA256
491fe15cd00df08ce588c0f2dcd9a1393bf8fb9b467c60f76ce8d2cd117d4d80

SHA512
30d49407867e261ef6fb40fad86aada3a4b356f09601f56ccf3928401a573ebf0c2758fb4bbb64f0b738eb2be931c95d4d8661f73c273df13a44f6ea50adcc9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\agentcommands.lst

Filesize
3KB

MD5
d61e3accf1bcdd11c5af30e6fa31aaea

SHA1
e70fd9ea8e1a3528a662e9633a19ccc1b17df329

SHA256
afa438e24a10747fb56a393cec50d05518026f21db0ff35f9a3816c2a97fcd9c

SHA512
f1defa1b2631a0f133368cd82a3abc41cc57588c0835255df9c2ccf1222cabdf464e3cddbdb8b83591f5fd1366c6bfae84ebf1b48fbd6872f948bb50c2ebb561

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\animations.txt

Filesize
246B

MD5
2ed327ca2de37bbd35e20d6ebffa6d74

SHA1
554c25c2f8458fbba9ac8eee23c22c54752f6523

SHA256
dbad62c828e4a1d7968a17d277f747b5297e0211ed79bd096a48694053198fad

SHA512
00130c4237e19a14b0752f3fd246ac7155eec8ba2830d98310b6650efd903bc993af3df0817eb5515fd8edbe3cef2b9d49217131536b1b537e921a384948bd30

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\autoanimate.bak

Filesize
2KB

MD5
225fa6290cfec04fadba4ea81b7c2f16

SHA1
577b8aaa746dc175fc0ed458c4bcb18bf9b6a08b

SHA256
27aeee624f39151ecb93ae173a88d73cff9cc2456c23f8685d495285c7a558db

SHA512
6db9c7ce3eda2ab044ef5301be45e276e54d0375f52a10491297626dd1ca6a5e5af27ff7a30592c804cfd198d1114aad64a28312624c6a69d62268222fc12342

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\awaymess.bak

Filesize
97B

MD5
999904e8f063e1fbd9c8f5a35240a5c1

SHA1
985d6e7ab86e826254692590167403f974d9c83a

SHA256
5789fe6bd42152e6a1c071440e662100d749dc2721ad2ce088b43641906d79c2

SHA512
eab7979735745cfb6b1ed619c85ee43700d1922a2ab669bfe4c8417287a5132fdaf00fc2f65468a1beb230fc714a5b7202689f477900bd0d2527a884ac1213f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\buddyin.wav

Filesize
26KB

MD5
744de3f35859c1bc85ef250e7e13d54a

SHA1
cb140672a8c2be21ea7170d8180d15b6c758f337

SHA256
c71de6a897d3a17d40d96f1e1e6f1e4ef74ebd570c7db82c5445b1e6846c8629

SHA512
ef6817b66547e4a1ea1d3b526cb6fce7c5dca50ace652a1b0900532c4399942c221288a8b71f650e8de91c204564e42be45ba14f94c86d59f0c577d8dc9b318f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\buddyout.wav

Filesize
10KB

MD5
f6688a8cdafb545ccc36457666ad214b

SHA1
7de36d03a4837f500218c1ec3dac9b39b5da3cc7

SHA256
cdcf6d46e681ea610d1ac2954a65e634528147b9677ce34b33daffc0d8beb497

SHA512
134caf35ce967d7d7882adb50b017248df03957a198a62020b02fecb5ab6a52081e4ca08925d9d6bd576ab9778e715d0775bbf031a867f296eae2af34b45b4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\calccvr.msk

Filesize
420B

MD5
e0d734a46c34ee0e7bf0d8de700a460d

SHA1
e37a33ba0bf9dd4b71255367ce8adeaecd3ce3f5

SHA256
d2719e8d205d3fdc324961d133840b151ae3fc638ee081000741c6c536291ce3

SHA512
b128949abd110d86616937d67a27cd7f522d5a39cda2713f26d3c6086cb73a03aa847b613515215dde09b997c152f676e9dd2c94e3b3651f9cc224f63eb14023

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\cbmask.msk

Filesize
820B

MD5
b6759e4e05628906113b0b6ae9c69047

SHA1
71abe7c3e447a746e5b5e397e485bd2deb8d543d

SHA256
6ecbddde58d8fe048256485ad52b650ac23251356276934637cdefca5a488de9

SHA512
ddae3dc29053fd1cd817c35faac3734d7f922561c5e38c263ef9b549acee85005ab4d5a8657c979595dc73b952e615bcf6d546df379b762573ec3d9d441426e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\chime4.wav

Filesize
18KB

MD5
1c605cc19fbfd0d25bb818481d840abf

SHA1
23af5d7ca0d283fcb01f74d4701ece2776fd0656

SHA256
e21cb11a19ec3397db6069996419039fd8e532c44bd3bc763b81783ec1c5bea1

SHA512
dc8613b7989f5e0af03ca3982fe9f2be9fca5e7bc2246d56ee7233e4034049f4c2617ecb9513dca87a863219ad0645d91ad63e6ba32fda8be2a8d7f352825e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\chime5.wav

Filesize
21KB

MD5
95edce2e4fbcadaf2388dc5e7a3fc469

SHA1
9ebfb40539a97d1f436154207153f571a0890178

SHA256
7b41ec6c82079fd082927971bed777a2cfb59e76d381597c09b96e564fb11c50

SHA512
dccd4a31c7c13e6a8167e0e8dce233263605b27c85c5169d52bb80631bb25e35bdc242c6a375e5cb4452705a967b2be635dbbfa02136701085d597a9bfd47c21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\chimes2.wav

Filesize
42KB

MD5
a6e18706ff826d55da09ba022e8e5054

SHA1
c4af872575d04f470cf7a2b1d1bd66797b6578e9

SHA256
9d4328ea27edd4311e519b944b385622ae1eb100a04d343d4e43491a426692c8

SHA512
2fe0f05cf54a806be9bf3b6889a46911699b1610e31089d52cfb288f5243eb72296db7ec880cd2973f8f6c1b63cab4b39dece788606e2c5899405b5ced1584f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\firstuse.cbb

Filesize
795B

MD5
351365bfed427251fddcf59f6ae13e34

SHA1
c386fba5086ce467532f32d3cbd59ec5e31164d0

SHA256
ad5e787fbbdffce3dbde77fb63177e3c6293af63be132381feff6754db065df3

SHA512
25c23dc8d1ca5d657da498b5a4276ba88b5f1a4e7ceef63d1465de2cf952b9201c04d19b910efb3cda5420a353318ede67de3b5c1e4fa9e025c7605a76e17f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\install.dta

Filesize
5KB

MD5
82319f9899c3f9b4c1bd8e1465597205

SHA1
1c07d4bb0abde3791cc2819c69b14f957ac59da3

SHA256
90742f4b60c8846f134d259574646545ba5d60603673592737b3a937500469c9

SHA512
344cc215363bf0f814be70d1bb8cd59d30eb4ebc994361f5d8c0db95be618328c91dc3f43426e98daa85ce58caadb71e85370747301b99ce447770ccd8a08e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\intro.wav

Filesize
95KB

MD5
dd1360eb18cdcd53ec4e86d546cbd954

SHA1
b96efdcd67663aaef34e78b5f8076342a7e81a5a

SHA256
2fcf9122c896cfa7d4144688992118ab9e03555fa073e0a9c2517f1b622b47d4

SHA512
130ca77d57823e557b1ac25e6281e41378a72b7bd5d1319eaa47ed64a6d92de928931e5661f9a67a5c00e44679bf9b9fdaf2f6b1f47d51274d84bd3bef83692a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\phncvr.msk

Filesize
196B

MD5
a849fffe6ad4665a9ea2b820a4866d92

SHA1
0a90bc4956c9eb386e9aa99860c68f96ed31ec4f

SHA256
fd4f6f869d43dad73ae2ff6c1d890cae8befc611dc8bc6b4382e3df60ecae757

SHA512
3c139bd1e93268737e8e58d17f661779186164e23371e18966f49d5c731430db448ccb78413a11bbcd8a567b2ea6f9453fd47e33101c7050967ee89df1e04de3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\standardanimations.fil

Filesize
538B

MD5
87dac30d9d464290ccfd084b5b9dc2a7

SHA1
61243dcdb5d74661d371f33e0cde67ce94215e3b

SHA256
0597d3c595e250f4963b3722f1e8c2d86c78e14fcaf448419a67c3feccefdb66

SHA512
26e22b89b4e891d4a6526a8cc19b83f10c3552919ae1f14d59e4ddd5ce9fc7d263b2ced8b0426e2e3fb240477b4523619bfe57a144741b6c47811125743314d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\stdtalk.bak

Filesize
16KB

MD5
a2335067f7e2e3dd43fdead5c6fb3e57

SHA1
9fd04dff228b2dca96cd35edc78243406b024192

SHA256
e2b6eb5e5281a681126e32aa4d2e105243f5241ef6e9a4bd295e4fe6c02c05a7

SHA512
7d026f4309558a33a3d983be3d6835b924e008bc9d67e35470543d112da5f3a262014b1e675ddaa7081a8e6f045923442067129f5ceea4dcbbb307fb0f8f988c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-BahasaIndonesia.bak

Filesize
25KB

MD5
a74c47482521e2c606ec626c7c216b86

SHA1
7fc80ffd7626eca238e0b59fb178e0912613b077

SHA256
72aa637bbad5df0c0de5836c00e3c568b998395660e8c9e4f9daade9837a15ed

SHA512
2baf7a5e94ef715c45179855bc3d5dd15bc6342454b22eccf412b1e4728353c74836d5709dcab263a60efd9d916f77579c7234bc81d7e8dac9b69059365aec6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-Dutch.bak

Filesize
25KB

MD5
d9d2bde377b9f9eb4ff514186a8d634e

SHA1
504640b65e4c5ed9115aca8a8c276dba93fde5e0

SHA256
1fda91e5bd09009584c22905915bc898711c3a698314e9f504a32ab6be305b5b

SHA512
e89ca8cbef26c020356af91e0ec4ba0a0e17b429c5cf6f85e642eaa7c00a996770f3bd6547c1935e210388ef6a3a7ea3454e34aeb1faac1b7777a6ab5b47d715

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-French.bak

Filesize
25KB

MD5
2e287be8cf1e62f5e226a30f13d1ba45

SHA1
4cf6ce95d556d908f540f07bc84ad118fd441531

SHA256
8d348af2402af01fdc291e50f5df90e98e47c05c351550c3c19767b7297a2578

SHA512
4c8725275e9a0456beeeb21b4a86b3c6a484b2ca65a2269b927fe790c179f792acbc5aa05dc653733de0a7af439117690099ec4eb976a49c56da5d0b4eb3d338

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-German1.bak

Filesize
18KB

MD5
1acc9f58f104338928e3b900def79a96

SHA1
c93928e8483db86809edc80589aa4849a6c21da3

SHA256
3137da06b972c03de67feb5fe0c18f2d1b30b73010e27d250e85b7828101b767

SHA512
59dd772ec3e6207704324816c47d691910969479eaff96747896dc31485dfc56e04fb2e574b2ff43fe6d06038aaef3d1a530c9afe1d8fadfc3ef3bd67752571f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-Italian2.bak

Filesize
22KB

MD5
dd0aa8ca04583260cf4b62ae7f5af571

SHA1
31821bddaac858d2128eaf57b760c5edfcff2a5f

SHA256
f0aa463e375acc64e80988d1135ac4d7c50aade4bc488f7a3a23448c1aec3450

SHA512
98adfdf7894f9bc77da5b6673446c2364e38a6e32285612592b134041321fc8c919235db275ec49d5b0809274d3504422291762ec11b7f9a912f5ac7d74a1a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-PortugueseBrazil.bak

Filesize
21KB

MD5
cb5b38806005bea7a7ce3fdf5fe21936

SHA1
da308e72850e8511894aaf2cec636106c001ac62

SHA256
431f5f8fbd9dff7a5895d5625f143c348046df0eeb685a5b154d30ab17fa62cb

SHA512
e371e2cb74f7671cf250fb4c3008448cacfada474be90a630f91727806134718c00af8b874fe30de391de1adb1ca4620967429671a7201b4bc041c2203d53f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-Russian.bak

Filesize
31KB

MD5
a75435e4f2481be06a9053caac6e6bbc

SHA1
f03ea78a8c66eec1f103e3372a7c43ef5eed8550

SHA256
25eff24eecfbdf546167d1c3ee1897176f55bb76a44bd2b388b0392a69638d7f

SHA512
b8f160411388e947f279b1986d30f53bb4d0c2978b443305d2ded055643a4f7b32eeb11496dfc5d5aa7eb417be93c18ec7b58117530449e2975ab1260e9c1847

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-Spanish.bak

Filesize
19KB

MD5
5908e19c03737a011eae6ee88f317182

SHA1
25ee06c416f06431dad5445b9c77a6d587609038

SHA256
2bb2c447375be49a7c71dd416bd74b4b478df28633e785e7e6ff1e1585b8caed

SHA512
34c86d9a9760d161effb4f75321396e79d3d2786ce2a84aded454eb8698607520b1e4bc655dd8a3a8af48636c7e8212cb75e76422f583c430c016259c3c2a30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk-italian1.bak

Filesize
22KB

MD5
ef452f30b3fd7fb368bc8779f54357ea

SHA1
38bbfbcacb736ad73eac32e19e801a22d53d3ab7

SHA256
20fafedb8e3262cae90ba7787d72a010a7eb0263df2a24b3e9823dd7eee6b9a7

SHA512
6f2c5822d0bfc9d6d7e55adb5705511b186572c454b464e43a5c3f13dc9990f052ebd2f9f21a32417358443adeeb8299eec3d2e435614fd9d40462ee6735c19f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\talk.bak

Filesize
25KB

MD5
441c84ebe90def42c290ea2c80f19d35

SHA1
c2cc17c6bdf5dfe6ed6d1aac65b111c21e5d1fe2

SHA256
e6c7a593d000bf20b5c7736ab6cd7b7e88a3fa0599a41a3489801f2099dc84dd

SHA512
9d58d258cb0b4a8942cd4413e13a82077cca0ecfe644d06ce3b006fa4b7800aff6cc61c2b6b26607a34bd4cf9a6747541ca52892c36509251d94aa59e3c6f282

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-BahasaIndonesia.cbb

Filesize
4KB

MD5
763ca0e4a52dc414be2b62a696f068a3

SHA1
85aa9ca3b7229f51f1b7cc1940a97d5e4ccfa0ca

SHA256
b8afba67955f2996bceda949f12bf2995c85fa5e20be81a13bd5b0093f02cc8d

SHA512
2fb8e55654bab3ffe83adb755a40f9e86bc14ec6edd52c59bb13b0dcd79f5ff7b971162a875d06f406433b8f497643646b2fcca0a3029fad85ffb574bd6f70ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-Dutch.cbb

Filesize
4KB

MD5
69f88deff81d524b509a41ea610c5f2b

SHA1
4f47483832e7dfd95cb9f98a919368fc571048d4

SHA256
9d549e614b89192ca810e063916cd32bf4958910f0ebbb43b0e550caa8639a37

SHA512
6e8407b1f5b29e72634efec9ac27babbfc1783718a6bb917ebeba3cac9bce499ce4c508e4b74006787c307733c00b7207930ef2577e6fd5c8fd09c7feb3f2f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-French.cbb

Filesize
4KB

MD5
32d70d57e5f42a3b339e04dfb184d2c5

SHA1
a150392862458b73ffb9645f5919b22e66ddd6d3

SHA256
220834cb1ff9bdcab63653f0e82c7f4934d9d0a0cf7805b6fde75449eb702fcd

SHA512
e8c094d6a4112615192002147e2fdcd3b381d53aee8543cc70f43086a4d9c1a660d996ac4d776b46a06b38519fd0d69631642dd2ef241257e3c0eb4ca0900427

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-German.cbb

Filesize
2KB

MD5
8e198cdcbad0f61237363b9838f8bc5e

SHA1
f6552f4b76539c28b0735c5ff959036637171362

SHA256
2d1605d5d60fd6e8ca75d40fccd3c1a67d720bab77a7a39b279ffba92483f38f

SHA512
1f675ecf4c64bd6a93266726be2a850a9d0f1bd19421e13f99740c73b813d561a8105a6475c46f8c92a1c9dc37e9f901838cdae963d9ff7299236d3b84e12490

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-Italian2.cbb

Filesize
2KB

MD5
961241cc82d20a1c6e9f832d1c3fc88f

SHA1
8c9177f581bb9825812227eff5eb741389d86cf0

SHA256
85e040b55bad556ae3e93f6a85f89de5b43ffe0ac9344bbee2830d0f18a0001c

SHA512
f2ed58e69a8218af0db4a111add9fc5efb3fb7c03706e991f337c2eefff58ac04eed1eff42c97b4ac02da554fb920f19c259e1beff6257c42d6de7ffd0c07d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-PortugueseBrazil.cbb

Filesize
3KB

MD5
81bbde506d1e820f538c5ed58645c5ae

SHA1
0be103f8170f87644bfafcced3de1268e141aeb6

SHA256
0bb0f4984e3c4d3b9d8d053abe1950808762e9f695d48d33684c028023f788b5

SHA512
99fcae7abeb5247e46619be51e8601d5d2c5b8a60683329ca7ea240f24600728b2da7f248e3fa9053b616cbaa6bc21ad1102fd56a5a196a574b973c80178048d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-Spanish.cbb

Filesize
2KB

MD5
36676cc0cce2841a33310f453ebc085d

SHA1
02ce980ed287e014593ed5556aafc5630d8edf7d

SHA256
5de23d1670b98a72d01de6ad92d1659fb81dff71d864e1c0ce3ea96a3e37f00b

SHA512
e2b42ac55b420663a2f76dc3ee8c47d8b2dda9a6ddb62e3851b600e83c02c80f465b7c8624bd7a2e46b774165563974f8766f422a28e1a63d56c407e13d6fa82

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour-italian1.cbb

Filesize
3KB

MD5
e947b507383016ca723d63d7766f5dd8

SHA1
0e0612cc6f3201a96902328d30385c5d261f9924

SHA256
11be993663e68e0ae0f4c04c4d994d2a3ba13e9fa6ac4b121f3717d702a988ad

SHA512
cdbc8215ce6bdb65b68a00c404d42f8c6ee2d40d8a08aee995e83ddc552e36a8b8cd983da60f1610872eda477279352dd1360e090cd30c24360771dec4451552

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour.cbb

Filesize
3KB

MD5
bde12c628de2bd7df2c6b0c78dd4c5ef

SHA1
c1dd95f19db19ff92942f1cb1d1a510dde7183b2

SHA256
686017e0b9468622f4384c2954ba65dcf6cb73c89fd3b11d2f6d9e23d06096f4

SHA512
df6ba1d540a4354db7df5eece537f4f32496d23963cdff5c8a8621de59f4dca6f4d81f9e5c4a9ca0674378c6cac15c11b8f5b45a863f64eb1414d30bd74c4705

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6590.tmp\tour.mid

Filesize
66KB

MD5
e3a6151ae866b044d03d26987b87095b

SHA1
557a6d40e2033e3b71afba16520e7b7912289f03

SHA256
acc797812be58fb96a3e6e5a0f3a53a4436cec0812efbb411a101ab91f51a7e6

SHA512
e99ad7033fab180c8ab797c722dc0cc99bb7150a0320a4b6d23d508ff3aaf5e0feea7b2fb38bebcf2ff6d086780bb3baf26a0ea950527ca2738f35ae34f35972

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
76KB

MD5
533a380c0ca00e0c3a0dc9b038a8b912

SHA1
f647bd665f329403ec87d50fbd8fed6c6f0e1e93

SHA256
3113d2c0a87fc75f3ca11646e3c429a8c15f1556f6b7a6104dbbdaa85ff6ec34

SHA512
416812009e333c46cd8ee11cc979ef5aafb039084d7bf0da468f40116197b3abd4a3d31e75bac3d3b7e3468643341a1aae2657e17e31cc6bd9716a823bd9eeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
56KB

MD5
1233b28631b64f0b2fe25e340d2c7646

SHA1
e785e3efbd6805af5a6c6c9192854d5b4250825c

SHA256
9ca0974c15e7f554ebea658aea15fa9739f801137e96348deecb53132effd812

SHA512
beca42ff5da8c4a07fcd4304166dd1f6d815a6ef3a3e51948c2566c2653d20fa3d669701e040ce38e0ceb89860394f82f205ed88de7fbe50c359dc3869f7a19f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPCHCPL.HLP

Filesize
6KB

MD5
4add01eaf6d9fa8c21bc2ec6e473a878

SHA1
3b72793b1d34aa2292025fa94f59546fc030a8e9

SHA256
e04674b406f2ac0acb4080ddf2aa131251cec70cbafbc9b4796d5ee180597a48

SHA512
8304244576ead82539c3a0660dd66b8c3d0e5cb9a2a1c32a6a9df8e3c8e6b359d0ab5210c86813aee838ae26e3661d0f3e494b8ab45343c1f9a9141da7ca2b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.CPL

Filesize
48KB

MD5
5b6a9e6737531dfe95dcb29208d4b639

SHA1
cc812359c46383d4c489a76825af8c6d01964463

SHA256
9f58d16004d0b59392908cacab9e41a638af4a05026af17127ed9792840390a2

SHA512
84b82dcd51bb4db6b5b4bc907182350125ef1accf9b5167f133025ceed8ebddea563b17e749fa9105fe0b89765907ed297071a183f3e8b8ec31ef4a4672796cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.INF

Filesize
866B

MD5
8275c5f0d81e4bdaecaff93426f37ee1

SHA1
8b96c3b0eb9fe86a2ef8c6bde9095c4af26f6c40

SHA256
a8b41751f021ec02a909a7eef1d2a99a22bb583c525f4d2c91631f999faa5887

SHA512
53e8bca5dbe83551fd61d7f5819763bb013aca9b5952a7cfc8e5d5efe33ee6448749352e004616f2ba28c8383e3907663147208b2a1ff5d235cbb0f117646d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delttsul.exe

Filesize
6KB

MD5
5374ff1d24799e7102e42215a9bb9ab2

SHA1
ac50d9487834048d5349bde8647b8118698b5a99

SHA256
fd3b70dcfd7db6dbdc95fef7ef9501eb4f7efc21f8ae8dafe72bec88295b7e93

SHA512
ac883a8ca039ce44e0d8745cd446191f4e4253f185891152de7b541537570d58d3f8f0fb2bc6c176fd37dd827cf21901b033dd0850123993cf0c0fba5d9a4d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\female.cfg

Filesize
26KB

MD5
52a92ab0cec0bd79be7571ee7b611621

SHA1
7abb8398a2619ee9faceb26cbafdbaefedaf5026

SHA256
5a2b7d9e47e555c4ae5d2b58f20e37c789ecf1136eb50cb06fc8d7ebd43396fc

SHA512
45c3037abcbdf23e2deb5f048c642203dc969c07068d1606f2cd676b4167774bea8218bc466dac115e878998be5035d541faa353efa9fd77fc651cb3d1356ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\female.vce

Filesize
2.0MB

MD5
614186fc84e8863a9e0ee17c50521d9d

SHA1
ce402cd4d6d65f3137e0ec0c62f1ef27fa371586

SHA256
24aacb9a15a7fbcb72b26ea54c03f593e6a8b4f757145582ab0833c00462171f

SHA512
05bb45cedb7fa7c874efe329381656bf30653cb31be6f4eafd76454fec44f6fe83a84ade2f8c305ed0edcef5129da35dc751a49b5f360f08c0d5783d88734328

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\male.cfg

Filesize
26KB

MD5
ee90b35bfbf7648b1d6129a89907a344

SHA1
353b5a36d8a112a7696c83a783e5ef94ff0da5d2

SHA256
a2de20cbd52e3df9937829c7e5ac16ea70245447abbe444719db396cac7cd911

SHA512
5fbe331cf7d6624784f7daa63e2bc9abade4f62ee77704f208e2b2f1118d9b5a818a90ca20f55ba9f20d82e23be711cb7016f6208c9ba1fea5bbbd3caee8aff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\male.vce

Filesize
1.8MB

MD5
3d1ed403035bea0b6c74e99c4afa8c30

SHA1
b56d316ce0622c34689407cb05e0b39b0580eba1

SHA256
516716a1b9ef27c44acdab6f1610f4cc3a0cc7a368b4e4607a87a147255990f0

SHA512
488a1986cabce1c566c84cb1ec48097b3fc58eede4571d364d2a1b99c8b7c8e65917d544cfc427a5ac7c347d07d67514494c30c9d6a3dcdf23a39a554f57dc71

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msttsa22.inf

Filesize
5KB

MD5
ed869db0730c40b3ac6b7eafe4e616eb

SHA1
1828b45a86caea3312979da72fec3e5e15f8559a

SHA256
7976712aa18b47101fe361a06b733b272133aaaefc734fd4521983f95cf79da2

SHA512
8fe0c7eb048fd7c27ec5c0433cae4a6321c77c75120dc17cd3bb9ce86a0ca293fb82d838d077df7cc5dca40b9c5a8c571727622d9783bbdebc0fc4fc0ab14cd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msttssyn.dll

Filesize
831KB

MD5
306131d8ed2cf34bac1a3dc938e75163

SHA1
64a1e737a1558785a1a2adbd896c11fdd3f595a5

SHA256
a8a2ddb9b82b4325e1315f481302cd5ba9edcf3742425ed582370f1b3940f731

SHA512
011c68ccacca01233398d7bd434744eef70a0e2b980744fc71434119c62665667a4cd9bb819d470e0d71960849286970dd92052d2961575a53b4eba12d58d97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sam.cfg

Filesize
7KB

MD5
f7b6e89451af34e3134abe42fb7d278d

SHA1
c55165469f32b8d25b8355351d41c0c4e6e4bda1

SHA256
63d67120fab657fe2fa995e0131734397a73e9e55497567d34cdc188fcc86a89

SHA512
9db990076d2afdeaea982f320d7a77aebe19f02a70a7f21334751419928165861c3805dabab42050b157f0d59b402f08e70f3a3608d858f815cc0cee9a2c9428

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sam.vce

Filesize
1.5MB

MD5
205b87a3e056d8219f702272bb76b9b4

SHA1
2e3259406b174bb7c354acb461017257e87f6d65

SHA256
7ebd8216f022db406c11064af11109d80c62d162db3ee6aef388e51fd90579b7

SHA512
36c1d889ccf0908942c99a6e0513c41eb6cf39145cbe598467c21d1b4f50a5eadec95ca8281f47f50a7243da31e2f6171d894e8707e48e794acee3f34ed6fc57

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\wttsa22.dll

Filesize
52KB

MD5
f6cb806152ffbc1b73d2a64c312e3f14

SHA1
6b43737e7e16197a6c35d92dd1e5ef6623fa9cb9

SHA256
7c28f39eb9b236e553be41adbe4781e9e835410b984fedbf94b4a6e60c7236d1

SHA512
f43c9ac071eb40453945ccb7099d6651c0f53ad1929ddc577bbfaeb765c9333911fcf9471a8914dc4e11925c0bea77825a355f4e668c52c0152340cd34684784

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\wttsf22.dll

Filesize
52KB

MD5
0cac2a17bb36a16aa5524061b4e6804c

SHA1
91fb27970c9f42758387c12adacff94418ee9975

SHA256
38011c1b5691de4038862620db2e4578f2bcdde6a16f464c8f7f29a194cd2278

SHA512
a8762b1e75f7e5448153055943d974998f7e0f00ebb43316403a13764da79c14d2d2bd7e350e255fa6c16032809fdecdcdcd9ee84f56ad17c37f12ca38a4dc07

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\wttsm22.dll

Filesize
52KB

MD5
ccf813d9996b64cf3513ca6c3b125c0f

SHA1
9a00b57b92f5ae37c4dd4e042465162a749fb120

SHA256
688c767058736d055cd60be3f7e5e0e6c5d96082e2a123537fb543832ff348e0

SHA512
bc3aaf7796d1bee5a7bec73f178f4f2bf68463c7961477cbaccf4cc4bdb4065c7b3e74b834f39fdb153d973b37648e7990fb04bdfa844f7d0e2ff131d289429e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\wttss22.dll

Filesize
52KB

MD5
51e1841ae4410557e8e9f1e8d21b0f5b

SHA1
9e47e4ecd3a2cc7c2c3291703404e46ef4fd5870

SHA256
b8a5a8b54ac5d7a750918b567815b0008ffd1d00a72336e7bdeacc86101ffe82

SHA512
4f07ce6a1cb2039d190070b7cd61e2d67c7d798af67e5524db970228307a45c4c071cc3fefe2582987a36a3e31b28a3a45313ab8ed28ce490413c06eabaf7ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\MSVCRT.DLL

Filesize
260KB

MD5
63da4613383ec70e047b4cd5c48f0b05

SHA1
578dd3ee844678c24c0831b6cc61a7dfae410bdc

SHA256
d4287ab5e4988dfe99bd54243d50dbe8744094f11fe5f9809a1a6fb9728c2124

SHA512
0fe7226cba7984f22367d03dafe568e8c0e44956a831fda93d4bd8ad9cbc9ee87dc03e4a56696c0bb0e5f8ec27a304c06cdb56c52d87263362359523f0a220a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPCHAPI.INF

Filesize
57KB

MD5
b00f1393bf87560945b6b38425998a79

SHA1
2fe00a212f952f7e4a53d53880ac90ef8d8c32e5

SHA256
9e7e55b61d3619729829b263e0af2320223c7eda74eadb2644c63d728405c86b

SHA512
854222c8d68ac0d556fe0fb4e1bbcdccde963bf1fe82c1689dd86439a519d8afb5c9db7bca4939fbde011dd4c84c09610b779adc64a18f0caaa57783ce29c7ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPCHTEL.DLL

Filesize
243KB

MD5
c546b50be180b4f7810fd78c7fe8433f

SHA1
d7b071eaff8d0498724c1e779731db51e41c900c

SHA256
ea6b0454ac40794ce46a6fd8fd244179cfe76293b18cdb52f02b372dc0f64d1d

SHA512
34ef3830a489510b42dbe0b084d3e688f7558ad2f806e344b760d5e25744763792ca52a664c312a47417cf629a74ddec302f47eed813e76316ae2e5aaaf6612d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.CNT

Filesize
207B

MD5
4653630ff6f8405f6d26000802e638ac

SHA1
3e6978815d5e0465c7ec557a2da4c253fe89427d

SHA256
51d0efea836528cb137914a6dd77f049cf0457245fdfd608c3936605adb11c57

SHA512
961db65e440dd831f2b490d4c80f306047e65cc0ef6f1c921a732b89a11b289b84e8556d4711ab9af0821cb01f4cb84f8ceccd51865448f93a28f5a02678805d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.DLL

Filesize
549KB

MD5
898fc91bf6424f629e933273b6e46ffd

SHA1
2c777a8cb7f6e9a469f6d6486c98e70414949acd

SHA256
171d545ca7d10188875fcf103b664be2195996bbed2bd4dacfa8cfe827f1a441

SHA512
de7815a04cbddcff2c2ebef4c6d441936314924f6bdce3b3fb4a8bd4b62b761c7dbb3b99a12deb45b23b186f42a431d67b43fb9950f3d447ee9f721bf6cf6ffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SPEECH.HLP

Filesize
13KB

MD5
a7db03e26dd567b3ec5804d5064c738c

SHA1
37abaf849e1cbc0eacd545c19e7ad81d947c113a

SHA256
56dbafcfa4a628fcd20e49bf169115bafe596104f8dd51d2aac8d7cabb452c3a

SHA512
d7f033695ac098a07f6d7cd00f0bee86bd581d3ab9b8f4b5073337fcb1277b5a49a99ea7d65819587ce2d807e0652c7ea0d98524f1cc934be64776c25d2daee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCAUTO.TLB

Filesize
7KB

MD5
695b08aa62b0dd9031fafcc1bb2a16d6

SHA1
1b151114b4f1fff8b3ddac92f4e8b3de2cc02ff3

SHA256
0e74c1dcbcb38daeb9d505b94f74b32ad8d37e8a26ef4022d46999eb3727720d

SHA512
f0a816783fe19a740c50cef76f5747ba19f86fbb41ee95d53c234f0bdb1e28e7d9badf55fef6e7e8e1b9d1d656ef5c4f5d59baa418fe6968e42a083963b3f128

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCMD.EXE

Filesize
372KB

MD5
367351856db877b6c659dc42dbc89df0

SHA1
6725fba6e42487929f75c59fddf44c8d090a50e5

SHA256
6b2c21142bbb3050101606f05956a60dbe04f971bd8034d918731f8e9450cd35

SHA512
2c5ea481d64203751fa059bbf54e17a826df8a89d73d923dc4c5a68a0c25687cc3d74e511cd740eb801c6210c18a51bf268d3dfb9648a83eed137bd384640634

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VCMSHL.DLL

Filesize
152KB

MD5
2f8c18e8e067f6b84bf8c6c482862a70

SHA1
1c350c5a4674115cb8ba5620ec61fbebcd8fe974

SHA256
437ae2139661f2fb5fd97b34ee751521db477ee8c3454c920c5480020aaf94f8

SHA512
1a5a4d6064cfa35106c865661249d1023ab777b1c216c34dc0e86df435338cf1f8d8589fb567d34956e71a607db4aa8ce43039f42d5fa3ddd0c68506064588e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VDICT.DLL

Filesize
175KB

MD5
6dc843c473b68ea93202a32b6445c765

SHA1
3616292d1b84b9273471af195927d422d7fb9394

SHA256
08b35a07bf0dd5b231f7b25aa48476a7f78c9fca7a76c047103025d1a95952fd

SHA512
77623c61303b1f5fafb5d5af3e1d409af37ed3bd8c8c8bdf83206f2b5ba248553758696cf16835299f2267265689ce0fcb8564cf6823074257ce6964ac0bd517

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VTEXT.DLL

Filesize
169KB

MD5
c0a7306a302dd35145a37286dcfe6e04

SHA1
beba434997c5f60e988bd98928c13273996cb516

SHA256
b7a0114e8bd9875e98fa6c98215d3b4582e0d1eae9b799b912145e88095ee815

SHA512
ada43188cbf3d877ed055fc4a7395482a7a0adff6268880685b450f2f79c081aa8499f4770cd70c70c146002ac7fd516421202e275a71568872b879d0696d80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\VTXTAUTO.TLB

Filesize
6KB

MD5
283c7d582752fc0c025421fca7b7e1d0

SHA1
ee6149b8023ec61b18b098ec3e37648c610c51a3

SHA256
544b33cf240a425cccc910269c68b99b411b2374571ab8af51a490f9cc277f77

SHA512
844a6689000afc5fa724e1e1fbd4e4efc6ba6f67a4c5d2ef88c0c963feb5f9cbc62779affc11c318bef4b049a77d6818b0b2f8fd0c85cd14e6ae7414885b482f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WRAPSAPI.DLL

Filesize
52KB

MD5
8ccb0967e7371d64933fca913065789f

SHA1
63173da8984611aca496a253dba336af23aeb558

SHA256
8e0a80b885a73c8b62e87ab7f2a4b06a556b4db37a1fba9b37db2629f4c36a49

SHA512
9064f27f70b7a4e48dd9fac1954060fbdb5d5b35355f7be5c8a1221cc931ef20df7e4543b28e4416f86ed0c56b6a2a204d78db4c70e298bd29db5ccab2349d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XCOMMAND.DLL

Filesize
125KB

MD5
198c46362e9e7742f7efafd936624bed

SHA1
87b628c2a14a1c5897fd0281a682e9bdcb32bfcc

SHA256
0bd009b376f9ee2c2cea181adc0014c6c9ba91a4eaf7a3b98441a1696d302e89

SHA512
8c747cb697294df0daf092c8f139ffd18c92a098b1b709359739644029b5523d6b5d9ac80d11e1a4fe885ad13fe8a810222d6d609997b722ae0908421f9168a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XLISTEN.DLL

Filesize
204KB

MD5
ce7367a398dd2d0f77041316906114fb

SHA1
128bbde9b589b94f88ae9799043b3c05fdc73990

SHA256
287fec5f90f973a5aa4100bdbca1c9cbb0e242f908d218b975b9623ea25f9393

SHA512
a5151b5ff83ed72288e76e9f7637ea83746e61a2d9b13476cec6ddbb072c36b4c5929c40dd0c39a600338a9d8c4a5bebad304b0d29d9f4050a67ec2e894b8519

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XTEL.DLL

Filesize
199KB

MD5
69c2b85b9db59f7ad8d04e6dbfbde511

SHA1
4547a87c80b3ff9e2a148f7c0822c2495240aa5c

SHA256
c32846fab920f5da84005aa169ff259c54a3b9504faabc52f2f53d240ed2418e

SHA512
e677a28a20b4b481d87cd2007dfc3d6f8b88dcd0cdf25df988a43b8480458a37c145ecb8a9ff48ae41586fb571230e79208ba7baf74dd27b78d93412fbe1ea11

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\XVOICE.DLL

Filesize
191KB

MD5
06201e3ce75755e5eb4138a0a3e1925b

SHA1
05296f4e2774b9c3270365bf19304bf28e13fd51

SHA256
2bb50939fa7068791eea58c1fe6b112bcf5bb423ca55b9698411957a6f82d1b8

SHA512
0bdd01a7f42a3b6de0ca094d55d79437897e2f329751735097d2b7c4ed07792ba81c07544ec9a1f8c89a9472b57b3067dc204bd773721ab8398637949ae74d77

Download Submit
C:\Windows\msagent\chars\Genie.acs

Filesize
1.9MB

MD5
22bdce2c97e773a7614b34d7c1720232

SHA1
ce5c3c484a9fa32f403e4f2fd2360fd6e38b8320

SHA256
87887195179efe07ad6ee7a44fafbc0fa6b96d0990ec604f5651951c647f8f9e

SHA512
83ad39d3f83754452d557061f0792fd8af85d358ee4d279b27f2dc3a3866193b88df4d21a645baa3ebcf2b81a348af461114c61aedad554e665fadc3cb26d07d

Download Submit
C:\Windows\msagent\chars\Merlin.acs

Filesize
2.1MB

MD5
3160957024e058e719908b15ff9d8754

SHA1
a0dedda6c52b91b80b16ddce0e51580be71141e3

SHA256
a88151f313bea60002c5e5cb8b4d7dc5e2d919ba8fe78db1a4d05279a9ad58d7

SHA512
7b982d2ed5337ec8d1877161cf5d1d205147e1f73a9ce08e7488ce2d2d5c096c570e700f9b39beabaee9e081ca502e3676907cec45fc20319ec8866c5d858d47

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
C:\Windows\msagent\chars\Robby.acs

Filesize
2.5MB

MD5
87cd1f5f69cf4ae9c758f5184385a6d3

SHA1
1ba1665ad534b18721c4b10a39c8cd183bb2eed3

SHA256
b8b1d44cecfd53bb7f9e8f483ab2dab0274314fda0c389214451305dbad9efa5

SHA512
a07970082b5b69cb6d4057e33ab373f20852bab66ea55bbbad87457a703335eeade72df001b845d0a3dc8b1f87ccc09b58fe8d195b0b0f1452888ab609eabaf5

Download Submit
memory/1488-908-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1488-469-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1488-1511-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1488-1522-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1488-1538-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1488-1539-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1488-1540-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1488-1542-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download