843e83ec5baf168092655fce86dcd43de64f501ad6539f2fa8bf12842846428b

Analysis

max time kernel
270s
max time network
992s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

login.html
Size

26KB
MD5

bcdeabeb39d67b302a73acfd8837d409
SHA1

a466409c9b48e8d9bc55994f407ddf8fa67e3996
SHA256

843e83ec5baf168092655fce86dcd43de64f501ad6539f2fa8bf12842846428b
SHA512

504ab9c863518b5550592178b99d12fd75d85f226be696ad5d1b961ba188e2e0e21020481491e14e12883f2ba381f4df628ba45f172c977ac963810e3fbc314c
SSDEEP

384:cxm5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZjuulffGfMfl/z3syZj5XCqzGX3Q:X/+scm2f/Yb6H9uul3UWl/7syZ9x

Score

8^/10

discovery persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Executes dropped EXE 5 IoCs

pid	Process
2956	MSAGENT.EXE
2052	tv_enua.exe
2204	AgentSvr.exe
960	BonziBDY_4.EXE
1936	AgentSvr.exe

Loads dropped DLL 58 IoCs

pid	Process
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2688	BonziBuddy432.exe
2192	cmd.exe
2192	cmd.exe
2192	cmd.exe
2192	cmd.exe
2956	MSAGENT.EXE
2052	tv_enua.exe
2956	MSAGENT.EXE
2956	MSAGENT.EXE
2052	tv_enua.exe
2052	tv_enua.exe
2956	MSAGENT.EXE
780	regsvr32.exe
2404	regsvr32.exe
2344	regsvr32.exe
2412	regsvr32.exe
2340	regsvr32.exe
1764	regsvr32.exe
1692	regsvr32.exe
2956	MSAGENT.EXE
2956	MSAGENT.EXE
2204	AgentSvr.exe
2204	AgentSvr.exe
2204	AgentSvr.exe
2052	tv_enua.exe
1636	regsvr32.exe
1636	regsvr32.exe
2020	regsvr32.exe
960	BonziBDY_4.EXE
960	BonziBDY_4.EXE
960	BonziBDY_4.EXE
960	BonziBDY_4.EXE
960	BonziBDY_4.EXE
960	BonziBDY_4.EXE
1936	AgentSvr.exe
1936	AgentSvr.exe
1936	AgentSvr.exe
1936	AgentSvr.exe
1936	AgentSvr.exe
960	BonziBDY_4.EXE
960	BonziBDY_4.EXE

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SET1E5F.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET1E5F.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Snd2.wav	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Uninstall.exe	BonziBuddy432.exe
File created	C:\Program Files (x86)\BonziBuddy432\Uninstall.ini	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\t001.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\BBReader.EXE	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j3.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\registry.reg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\favicon.ico	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt	BonziBuddy432.exe

Drops file in Windows directory 58 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET1AF1.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET1E2B.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET1E5E.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B05.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B07.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\setupapi.app.log	tv_enua.exe
File created	C:\Windows\lhsp\tv\SET1E2B.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B18.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B07.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SET1E4C.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File created	C:\Windows\INF\SET1B17.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B18.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SET1B19.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SET1E4D.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET1AF0.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET1AF1.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B06.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET1B17.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B03.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B04.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B06.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B2B.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B02.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B03.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File created	C:\Windows\fonts\SET1E4D.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File created	C:\Windows\INF\SET1E5E.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\intl\SET1B1A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File created	C:\Windows\lhsp\help\SET1E4C.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B04.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B05.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET1B2B.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET1E2C.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET1AF0.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET1B02.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\help\SET1B19.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SET1B1A.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET1E2C.tmp	tv_enua.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70699afbb9c2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = a0f24c3fbac2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27258931-2EAD-11EF-B238-4AE872E97954} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75609311-2EAD-11EF-B238-4AE872E97954} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f3ba359223ca07458045d655a52d62f1000000000200000000001066000000010000200000005c2b4e379c9bfe299aaab364c92a005792d2ac9b6ad3d1093e51e768d959e4ee000000000e8000000002000020000000995fe579a31e73c8ad5709a9600559092d10d2dbf102d8d02b18ead77e19bf9e20000000b8b6fa4eace54f7f62043adad203386709165bb05a331d8100fbfa3b3c94a1e440000000e2bf2e9beb9f3065b22b3920b39d50d9d242409bd341c9dcfce3f43ea7c67db417b56db8025c3c717902e93960cdc5dbcd7508c2d684db59f3611bcc1163838f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f3ba359223ca07458045d655a52d62f1000000000200000000001066000000010000200000001eb5a15754a0bfe2107826e56551473d13012ba6044992887b8f3a538bda2bed000000000e80000000020000200000008b93beb9d07f740c99b097e8823a5bd8ea8fc87da9056e1d3d7e0eba405fec5d900000008a1927a7fd06ff6a959fb10c91f26ae08d4fa29fd8b49fbf8c2a97d38b8c08abcda69b11a034b782112427a1f0ccfe2ae827eb3252b12b49745fb14015d88b440f794c2d20045aa52c7d8fdd6924cbb511756fe51144a5f54cb71e6d6d9c54745f92c5945ad8980290a63f0198ce537113799e19974542c34c0fd11684f9bfe511e11a3b41c8c74ee7cdc7c3c708f92c40000000ca4369894546da7d54839631a5219f034aa55eb6332ac3ca57e2798aa90d75e3341b95b0e0c1f60003b880935fef5240f337e7ea5863626ff6eb57b7b8989344	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425012668"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "4"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\MiscStatus\1	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\CLSID	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{157083E0-2368-11CF-87B9-00AA006C8166}	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\ = "SSCommand Control 3.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F581B2D6-E4C3-40BF-8A1E-F68CDFD8FEEC}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\TypeLib\ = "{29D9184E-BF09-4F13-B356-22841635C733}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{74179610-5A56-11CE-940F-0000C0C14E92}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinLabel\CurVer	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\VersionIndependentProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\1	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\ProgID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5AA1F9B2-F64C-11CD-95A8-0000C04D4C0A}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\MiscStatus\1\ = "131473"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\MiscStatus\1	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSBase"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5AA1F9B0-F64C-11CD-95A8-0000C04D4C0A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\Programmable	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{972DE6C1-8B09-11D2-B652-A1FD6CC34260}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{322982E0-0855-11D3-9DCF-DDFB3AB09E18}\TypeLib\Version = "1.0"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame.3\CLSID\ = "{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCheck.3\CLSID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28E4193C-F276-4568-BCDC-DD15D88FADCC}\TypeLib\ = "{F4900F5D-055F-11D4-8F9B-00104BA312D6}"	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ProxyStubClsid	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B1BE807-567F-11D1-B652-0060976C699F}\ = "RegiCon"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD5-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSFrameBase"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A45DB4B-BD0D-11D2-8D14-00104B9E072A}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ProgCtrl.2"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{22DF5084-12BC-4C98-8044-4FAD06F4119A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBDY_4.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CFC9BA2-FE87-11D2-9DCF-ED29FAFE371D}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\Implemented Categories	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Programmable	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComTransitions.1\CLSID	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\ = "SSRibbon Control 3.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDateComboCtrl.1	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{972DE6C1-8B09-11D2-B652-A1FD6CC34260}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ = "IAgent"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBuddy432.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1936	iexplore.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
1936	AgentSvr.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1936	iexplore.exe
1936	iexplore.exe
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
3036	iexplore.exe
3036	iexplore.exe
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
960	BonziBDY_4.EXE
960	BonziBDY_4.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1984	1936	iexplore.exe	28
PID 1936 wrote to memory of 1984	1936	iexplore.exe	28
PID 1936 wrote to memory of 1984	1936	iexplore.exe	28
PID 1936 wrote to memory of 1984	1936	iexplore.exe	28
PID 2548 wrote to memory of 2720	2548	chrome.exe	30
PID 2548 wrote to memory of 2720	2548	chrome.exe	30
PID 2548 wrote to memory of 2720	2548	chrome.exe	30
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 1244	2548	chrome.exe	32
PID 2548 wrote to memory of 2604	2548	chrome.exe	33
PID 2548 wrote to memory of 2604	2548	chrome.exe	33
PID 2548 wrote to memory of 2604	2548	chrome.exe	33
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34
PID 2548 wrote to memory of 2600	2548	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\login.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef63d9758,0x7fef63d9768,0x7fef63d9778
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1336 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3152 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3808 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3760 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2932 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2240 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1132 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2344 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1332 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4344 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3988 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4392 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4052 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2428 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3792 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3840 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1372,i,2441852210724864469,17099949348772993284,131072 /prefetch:8
  2⤵
  PID:2544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2688
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
  2⤵
  - Loads dropped DLL
  PID:2192
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
    MSAGENT.EXE
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:2956
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:780
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2404
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
      4⤵
      Loads dropped DLL
      PID:2344
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
      4⤵
      Loads dropped DLL
      PID:2412
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
      4⤵
      Loads dropped DLL
      PID:2340
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
      4⤵
      Loads dropped DLL
      PID:1764
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
      4⤵
      Loads dropped DLL
      PID:1692
  - - C:\Windows\msagent\AgentSvr.exe
      "C:\Windows\msagent\AgentSvr.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2204
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:1688
- - C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
    tv_enua.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    PID:2052
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
      4⤵
      Loads dropped DLL
      PID:1636
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
      4⤵
      Loads dropped DLL
      PID:2020
  - - C:\Windows\SysWOW64\grpconv.exe
      grpconv.exe -o
      4⤵
      PID:868
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://bonzibuddy.tk/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3036
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c
1⤵
PID:2204

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:960

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

Filesize
391KB

MD5
66996a076065ebdcdac85ff9637ceae0

SHA1
4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce

SHA256
16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa

SHA512
e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7a587cbb935b1bc581135f64389ef3ed

SHA1
7eb5b6d4f2cf5bf81ed6e0cc399c1562f73a4b95

SHA256
d129b2d581bb6e2aceececd23ed71005c8a924332cb3b22ef916f27a7deb9353

SHA512
8875171b2175e905f943baf70459a68884a5d91374008f4d8f4ddc78df4f98a696225ef35550c8e2df7ee26fa4506bac02aa7f0314f4075264863df3de776cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96118b2a081fdf465d3a8799e310fe7b

SHA1
0db08d7758ece3d987f1ece2df937c4f8e81bbd3

SHA256
755bb8b2448f2b52b0ee23aeb90434add2b8f408efe89d2481e3f504fe6a38ba

SHA512
ddef5a1b3ba312242e868350bcd5cf2de6b69b780a438513a65eb4edbec242f1735f3ef408b58a8f2803d06106904d2e3e9e9e2da90f786d485e1cf2b46c6ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0c8b6f05fbb1904601a1ff875e8d31a

SHA1
943e3ade44949f087777346ca8e004a4d02fd69b

SHA256
29e81b237b6aa5d970059762f0e848995efdcfe657c68d3fe81cb90fc5a24469

SHA512
d6ca7d1644d9856c358b010345ffeb67689a0c663f98ea41ca7355b609a720fbbd4e685e259c0aa944d69b7004a56943b4ec83feb29c1e1ae07fa28dbca385f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
352ed70b031cf62070ccf67ac5ee1576

SHA1
8871962e8621e506a18b04b8709ed6ac5d26a230

SHA256
2d4cc83ef8df5712c0ce7320b99f39b3f96deb7aa45ce00e34ad3e5b1b6a176c

SHA512
7deeb3780f84a49c6ecce7d75fb2ccfee45a1b2b79ad5e15f0b3d38a32e7fa5fb68fd1f5079bb6ba164147f6b6ba4bf5cfaca5a734a60fd965c0093dfdcc5dee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67edcf57ac85b2d0ba55979e932f1bc7

SHA1
702035f65d7787b121e29b0376202ad9c66e77f9

SHA256
23f18a05df6c7f9286e2efe426102f95a0d5704f07664f63c7d428d964beafbe

SHA512
8d035490c939f465e303ef039e6cd7b9d4869cc6913cded2ae59dce97fd9d77c6e6d42c41ecee1415b43e3d3a2ae8e94db514f159600af4752497cd2bf95d27b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e9512cdad6d1fa1c32c9aa037d0320

SHA1
12cff74c427ff3892c86598baefc36014f008fd4

SHA256
488de5a2cdec810b95b4745ccc9780c4172eaa47e998059ecb72dc87bf6c072a

SHA512
86fb732f30ef73209c792d18829150d433c85fd5f3f67445d0c095724e54447a538e035eacf825d748c280f5ce1c84737ad919913d8c58b7f7ea0310f707e554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
448f4d12299937a25f34ee0ec7f7be8f

SHA1
d7e596635e9603e3b4d81d32d4ebe0b11b5c81ef

SHA256
196ec1d5a465b77244b5a6f0d1ffb9374147716eeb538b1865f14a63b6611d9e

SHA512
942d72969a25b7f18f1e35c895f04b969c237be3b10c3a900f2da0ea0853d8321f2ab408f897d0e656c586e0a65829244f94b94a483863d977ae1de25b4de5e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c823a91dc267c09c85c36d7d51c82536

SHA1
1ee1118a2acdf78b1a1ffd419d10686fbb373a4a

SHA256
58036663ac716cf411f3a7c191faff86eb365cd1c292f6b0f19279173f6bb677

SHA512
a716a58333ed64eea09d7fef5d152c470336e4581cae6f906a65af50fde8a1141973c8ae01c2be84974a612a15814da6f893382979b5723444945c23aaf02bb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c57313526cd3dab1954d93bd86009d09

SHA1
c4beb675b7cd195e2a783bfec1ed9defdc1726ff

SHA256
7271a5ca30434a9d18ba961e7779e4fe4f7e9a99a093d1a99d66d0fd1d497f51

SHA512
a78c3cf0530e67569236b0671925d7defaa17c0f1602b843c852911d59a29543f555cad0b16a5125649c8a81929a6e6a153b18e3d23ba01299a8f7aad92e68ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ea6a667440f348ddc985a1240fb58d5

SHA1
9c164b88e762b890d40932f991d3ae448a17f7c4

SHA256
689bdfc3ff3fa8accd294116c5e507f3644e1051bd6ea9d1e0dac2a1ca4a4dfa

SHA512
f99027f5e70b474ea7f160c62ed34be3ca0f3a82bf3548ffc7b8108ba874b9cb86123df343c9bfdd0f9636335db48c889465ef2f802eab59dd9a4c27e333400b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc0341bb7cfd4d80ee460ed81f4fb08a

SHA1
8ed8c99edbebb1a23e208c1ea6b6e7dc95e37089

SHA256
0d3c125cad4d4dee8cf84e4771538a30a754912da5dbf96883f00b1bc23e95e8

SHA512
121a66e57f50e7849ecbba6ca53ce252634925b541a0646c091fa9a7ccf6f525beb18d47e76510131ed9b4b289b9c220d3280be74496077236c1d53ea4b03879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07ea4e2f5f79c811c14b3ed80e73dc6b

SHA1
bc4d7cc36c0cdfff5ef3c7ecec12b1a296076e31

SHA256
fd2d6383c74ed3eed9c54c2b9a390978a9615f3c4b49154d7ee6c50109639263

SHA512
ac787de5f954d1c39fe6b7229ff9bb57c1a1eb3c1fc12917a558fc0be504b9a3a7edbfdd43090e9a7105dc64e73f9579974c5fd98b3b47ceca4ca25b0a16f3a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec55a2ad19c8dd05994417f96d084fba

SHA1
6d0d6c5a6e711252c389bc2cd408ae19c146401b

SHA256
50c50c39fabc602f604cb149b27b9f92e49ce897b1228e832e5faaf74912c93b

SHA512
98e2c6c35032fc6accbc25291cc3b469beb29d5cacac2b2758486b02fdcf1f0d208fabfb64eee371e11c0d9930255014892a075f52dc0af0b16971bc72a9d651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75df03ae02f67b5a1613ed8acd364999

SHA1
b2bdbb15c502e75b3b240628b67407c359812a25

SHA256
736a24f00e662d6b19e0c0bcbbb6d2ecdaa6ec7355f8d0648be576dddccc1835

SHA512
6339885e1322dc07d8fbdb9bab794626e6e502f02f065db5d7d1b2392792519af9ac5b7a2a0516136114dbd8df2cd25e41667a24e7a9dcb1b5344d7acea171b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed0f5b04ef399f3c28a69fc4f6da0482

SHA1
298d6be8fbbc0f883681ec625f097944e8c9fda1

SHA256
4ba02a47b3a6387bc4382e73a835c9dd803b53d02b66b5482a15614b1e07aea5

SHA512
a5a2c496c35e07afa42b47c2cbc6fdcac18de3bf69e1bf73728d0f381fda51d4251c7916230c88d386378356c31bd1ecd5a73d600f37328df8f39bf33617c80b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d545fcb050324f97dc6967ae442d77bc

SHA1
ad40f1e7a03d39d2cbebe30975789f3f18da9ec5

SHA256
1bc7fa6aa8630364ca8ae92acb30b700840e2fe840152462de797588d9424636

SHA512
1ff9b8a8ed1a31ab82cb2c0b24cacacb680d58006e768bcdd4f5055d3eb3f1de5ab07bac6dfbe549c6370aea8760e07bae6e0ca211f521a3669edb8ef9449dac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
526531811fa52dff0cf72003ca72606f

SHA1
11192cbf991045a61b49d9641b1aed90059f183c

SHA256
13af34b1ad4b5747040081f1f0b954335253cc741b45754f431318ecb4bf2dec

SHA512
5786dbda8c8e0238ac926e7303d95a7b7e32f533fba5535ece9e075ceb251bb3cbdded67529a1937b38869d0f4c93814911240eff0864eabaad1edee8a512733

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
213cf2d88e5860d31d0f63dc482ec012

SHA1
d741fad271ab6b5b27b0efa079c393548b4a7d2e

SHA256
e849ee7ac36250e50abf01debb3301590c8ad85777b1554fc41303462e392fbb

SHA512
9904b88448111fdf5c64d2c1b6e0582452b7719d520f7af933d99e76148821695bbc9c5ed9db1bda2bd9ea56bb25b39109688370cd00f7048552a36037085524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bbee02c6e7e0ba8f63a9134e734ff43

SHA1
380db73d1e79873d00b06d61597e0ed36714b8f5

SHA256
bf564857f8013738923682b0dbddcc0060900ac85f162d687ddf9ecd10f2e49f

SHA512
a7f2b4e4667889b81d8ef577f23cf8ce747e41bdccdc54a85fb9782063ba4412b5e563b79c5959fb853c2caf392f540382637106538e88618ac76312956dc573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
757cf258d0e299fd9b1777e3862ffc7d

SHA1
512bae9a8ad367cf62e34ba38f1fd5bde55f7d5e

SHA256
8f7ad573451a597a8c754a79182c0a24ede7df345e3f8456e816b15f0126aaf3

SHA512
c97cbd674789ab2ff24b5ca0dc2dc2ab5efca4a4022ebd8ec75e9939dfc08a71a71feea11a9ad496a1dee04b2e61dc998f730033acaa601ae206ddf4bfb34d21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4df93888b6084b9f55bdc42fd80185c0

SHA1
2248d1d1ae27b14a862cefd7dcc13ae98a45bd1d

SHA256
39324038830cecbe5eff439006a239e7ccec07d4fa930a869b671a6506f4b53f

SHA512
9303c51a39690bdb54fe76409b34fe3dec60d43db85493512e75fa960a51eebacc29ee6de5ffda4406a9a06804d8eaf7dcce2d25f7600969081f116f905b80d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31c1874e0ae2f5694c7493fdcd7cea9c

SHA1
de32831c0312c8754dabfd33eb3329772f5ee406

SHA256
42e4d9b44bdf71d7097cb5d5890606fd94c2cc79d10c2646ec5898c3f6742d5d

SHA512
61c469695069f2a90236de323297f04c627a84fdbe286522daeb7aec137770103aa6f38ffff626317a144cf8d8ef0ba9f43f399513c9c97be59d8c0d5a0965a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ceaaaddf210592008f244e699a4b2c8

SHA1
2bc39727436a264cfcb7ed18d5d3507ae38e2ab9

SHA256
d97bd1aef184c69be09674218fff0b971a4dcef1af6a896e507b422e83c0c959

SHA512
6c3ca30214822697fe5723664b3edf38d9193060db1e53c8aa5b492303a5882be26ff94242764ff93aa013ced057aab878dbcf6f4aca893da6e3a252259e2ab0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8688b6e08a43cf0e2d22bd6db33233d

SHA1
5512125fede73459eee714396f2f7c3c38bd7220

SHA256
44d505e8887abcd63cf934f0097d85f3ecceea3ee86b867c83de28a2216ae850

SHA512
bcf2ab135267e06e50f8a126b9f49ca51ecd25986c8e4f1b70662bdf3134426d31d9f6619a774b1b82fa237862af71c6b3c48ba79353356e395cf0bced0b3952

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84ac3aabb8a31ce05379e4d2693cd3b

SHA1
0a409d1d2035ba62e64ab186da1dc70a03783d71

SHA256
0e15df963f453948e831eaf83ccfc8d52bb9a7a028a080203159f2c253a07a93

SHA512
9b297f4875afe9e8793952cb4ba488669d4a3fae4dfebe7ee13cf4346ff9023f5953b481779c6dd9f0417ada45158e07c9be34e653e148bdab3547c24fbff251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d6451618cb7e1b7bff750a5cecbc4b1

SHA1
f52cda6514dec4af27fb62832b64510c092ef1e3

SHA256
4eda5f40c0aae2749e8d898aff2ff38f09f9203d6cc6b9a540cf7f95aebdf7f5

SHA512
725dea4b83a156b0cad73dd5ebd974e464a56b9b60d4597a2f16272074546786d1d783bcb8fea2fed2f370ec29761ca82ba568086e9c05e598086f19e170db3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11c12c9a6abb2f865740a3baa8324412

SHA1
da24bcf203db21c817a0d54ea05505f528e961a1

SHA256
50a04253dd31f34a6e8745b7fbcce1998836da038dd5a75f8e90714b8282dcd4

SHA512
f3f1395421710cad72ef6661e99926e0078a0c635d2edaa3abbcb1a23992ff72a43023ba72bd97690ce13a15e084f2b62a1661c56edae4bcc8ad33e3151a6ee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ce3000d409bcd14fa60ddc29955c9f6

SHA1
16e6a49c4632112c67771bfc805f92ac814e72f5

SHA256
e548a15267fa9dc5239d7c2e001e70ea6948082c33948a1241869e3a8e87cc6c

SHA512
604dc412807c6a454ddea7633f1bf4fa955d0140e55e2392da610598f2082e590ac4828994d04e83b65dff37a2eee14af58a6f8254e3f7bfd95498d141894835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a3dcebe087f0f673ca7b8771b2d515d

SHA1
6aafa8c31e1a8c6cdbd24e6d5df21f66e12c0ce9

SHA256
683d9a3a8c7d86824edc452bf2f7bb6f532046fbc9af72cfede593590eb3b1e5

SHA512
924f59fe21d8ef28ab98990a5cf244b10e4150887bbbc6ff08bfb6f9a7c70ec136c774a1f4920fabba54329597b3339a9a3cf4e974394e774f7e6c662c740ca2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54ea8bb198aad0b39c8a1d2c73776157

SHA1
70cb4ff665876ab9b53e418e8704615b62564229

SHA256
3f736c3bea5143b43123fc73f1a697e23d11ad8bdc8a54d8e7c3e0ff871cb985

SHA512
ec2103d457a400f64f03ebeed9385eb76eea6bf0c412dabe296420a44608a6fd73c5510b24944f86fcac3e754bfc0184710bfe45edd73d23e861712c68a2c9c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d31e51c995a246ef1d69636fdbab5b56

SHA1
149cb38ad553158a81bdf5cb7599f817a9967269

SHA256
4711b5507b8a9beb21e131b6178a9283a29c5d43fd48d5d159501e5c755a7a2a

SHA512
9f2029406997731cf559b7472335c3798978290133a724537b3a845757223c2fea3bf78ac0327c907650db3bf0064c65351f153be18fc84f9f81052e2b3130a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d8f245aea0b9fa2fb52536095192961

SHA1
b2ad96aa72cf79d7302eb4944abc409d68270af8

SHA256
4815b44a3c3682a2b8ec3268b2e04f50e95460d05be5a8f7aa236830248ef123

SHA512
9ee4ac8558191f4c096076573d4e9dc61d1b586fee161037fb9b4b0c1b2844f09b47bb21d015b486f0276721dc61211561aaf8001eb7e35cc521004e25594457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
457a70ed946d64dc81f5e0d91539c4da

SHA1
1bf60272c44269d319ef2b38e00b77d7356fd0c1

SHA256
31ff6bfd2693add4a1ff5eda2d5f2b85c1174cbc4621d1098496855cf46cb5b6

SHA512
456950017d19d0c8fdd7f45c4a7ed89ad2d678547617dc40798f58d5c14f5d9a8a39dcfb1a405b27f8e64be51383183f39f5650b28b22fb0175d0430de5b2345

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
446148d2e5067da08ada639875fbdeef

SHA1
64d061bb25f8b3220b1211dda325f7e041403cac

SHA256
e06ab3d8f9a3dbb6a9cb861bab35ffbd806a40d5049128f458c05540d733cb8f

SHA512
ca570e87e5ee39b5c33ddc1ef5ee063a9a47e6194fd5a46762486fd57a03bbc7d8143add54563974e97210947361f7e231bdedb5ba7dd059306fd14099664bf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01ef89d14345cbfff76bbe47a21b44b9

SHA1
d05449399679ae76c0f215f45eb9afe59e34e4fa

SHA256
479e0eaaf7116d1bc8d5ca18a359b7eec4b2f8d0638177933b4991cfebe02302

SHA512
5ca8e1c010706adc53a2431bf656dccd6ee7ea9f04e29c8105ec46ddb5adb1ecf6c22442e4d1ef6e98e9685ea5d5708dbb516d37b2c9f7d17665c1b6f3754ee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cefd5262528a33324cd89dcfa10954c9

SHA1
16addf9765be54415d6893d8882e21992083034a

SHA256
09b38b5bc58ce5e8619d5b8f8b7f3b1d01f85f3c0a17faeb628eadd47bca202d

SHA512
16aa0639847cf7e484f16e33ee6b9ab06111e6ce733eaa8f6b459ab2df96e86aa640a10a66ffd677cf8866e6060d83e654a2d76bd356da375b9496fa6ec4dc29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b96f4f637732436aeab2723d7df8928

SHA1
bf022bef27c0c8cb5eeef11bca25f6492ade9122

SHA256
4dc7fed2b87ac99c42eb6681b1bedc3a8516f5a290abbd9b6be74ba5d2ace5d1

SHA512
ddeae3aec6155b184dee4e99e48ba1ec29a614f7dfcd130c1b9b5d9b7b4255c6b234130d3d3970846415fa0cfb88230580ad86179214b28f4e050a4685e56f6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ed789b6cfc56f469d56c694ba6f1e031

SHA1
a25be3120e275d7d7afcadfb6a106039a324618f

SHA256
8130dcd29c6855682fb19aafc840d2a41d7f61c81296dcb621776029e28e11fc

SHA512
490a80ef434ac449972e32a31c0e8f8b95016cc90ac894fd5932f4605801cee55b2494a274707aeb3a69c70e2ba44b4664ac80376f60d2201e7b7bad39073142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\673915ec-0514-43b5-ad37-485c096c6a44.tmp

Filesize
7KB

MD5
70ff3d7a8e4df5f563e41036400f49fa

SHA1
0078d93a954cf3f39808fc40722898eaec6633d3

SHA256
029a177dc3e7aa4ef76a46dfa8021a420fb519269e1feedd3cb066665009d5a0

SHA512
be2dce84436dff36524596faea65ccba9a0515511fc4eb47d10bdc9a48e8465f43a2028eafd3404831fb789d6b4f11d7bde1983cd16b752cf44a6b72df79c6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\916ab872-4b0a-43a7-a543-aae63b5c6ef8.tmp

Filesize
6KB

MD5
f4ea771e98afe80c9ded45d726981cf9

SHA1
c20001ad1a2a3da636723911c9385e9e8009e2d9

SHA256
07c1f2962522de869026bf3109acdb242472654c3e3e1fdf424728bd28740dcc

SHA512
3df35993258575470e472990c929afbde63fbbd3bc2d8656ef99be7ef68a88122a8acd3269c70b45eb930c794e057d85f181359f035844dea4130a2670012079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
19KB

MD5
ce1093c800c0933d7c9674eda75790d8

SHA1
371c2dcde092f51b18852e2617bc6c0c176f5873

SHA256
57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

SHA512
fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
16KB

MD5
b17255d44e7a6e203b72d7dbe2d17921

SHA1
7e50dd8ebb4af6fba066b0a23bc019f54d00089a

SHA256
6aa0234078ec77154960bbfd5e3eaa0c78388dd9d5abccf1f5f901086e03d2d5

SHA512
1847b92d50ca859eab0403563821c8a3d6dee0ab7388076a0cf295860dc6d7df76db47bb99886a75a4e5c7660a5d4fabb04ff12b1b04a041ac8d16f918653761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
26KB

MD5
e9f2b85be013faf1fae0e6973211a3ba

SHA1
cbaed034b85f22ed7afa9c93cb8f17e21221175b

SHA256
ac043245833da9c2bc1b00869f469a2e087228eb2e4751278b41b504779ec092

SHA512
366910f1d6dd46822b73b725dba936153a27c48646630ce4f830e556301c41d6e243e729c13566c0c4d9953089bc027d7758e7436a5a3677cd78987ae15dd373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
62KB

MD5
17e08579d28ea14e46c20dde4dd989d3

SHA1
34f1da35133b80e527922018d1c60a882c033724

SHA256
45ebaaa1455ed1bedea47d3253a843b233358c391b7e48c3ed212c75894b3946

SHA512
1ec6733214d091c127633036e53150aecfe6c2853a7413f870fc98ba89d61f671e10fcd4427f072f5debd3359198ea971bbd6a7a0718794621d310aadca8a369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a54611cbd85bc2e_0

Filesize
233B

MD5
ab97671219219f4edc5aea6ecd19d381

SHA1
09f94602263a15e65ad7752e552dbd7a41dc760f

SHA256
56fffc9deaa84c7a67d21f3a83185d4b06657264f18d2aaa7d583d6dc2e49bd4

SHA512
f824f085c4e1994ca04c5220ed12c0106e353a214c602849ef009980ed3ddaa2f55200c24a199aae95cf6de8ad1f01a2441557fb7aacdc16faada1bfd89f4e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\204f9cdced66a7dc_0

Filesize
242B

MD5
8c7715c6fbba8bc2857b5d662dc4ca5a

SHA1
b9f1d8e5d8026470f0ccd69b4ba2d1db0d3062d1

SHA256
a8748f6096a2b4e6bb34e567220f187651482b34fc179b1edba567a4811b65fa

SHA512
73f82ee5decdf2d577dbc988733b44d74740de77247c36730b54af35d23e4d89665d09477f5af62f91565a4c5c5e39d4690e14ca6c438c82fe0eb0dc95ca304a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4384501dabc818f3_0

Filesize
232B

MD5
247c1108883e988416d559bc51a609df

SHA1
7e2589757455f3290671663c7624093c047918d6

SHA256
14b7afcee16eb46e7e1e6cb745a1a870fac292e78d7aed7963f71f0183ada30d

SHA512
6989915034cb41785ec9328110da080d4eff5f0e9e234cd4e24bcb953e34443365edba55268388bd4aa0ac3d22871754f57d08a48d4afc9a2a1ff74418ced222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c2fb73611ee2a51_0

Filesize
53KB

MD5
de202740626f1d0754d8120009c3dd0d

SHA1
a40ff64edc631197f25bacd03459435582dc4d3d

SHA256
913cc32bb9ad6141ad67966dfc50a5f4847c47f5c74a97f28519622afdb5ac9c

SHA512
88551df9d621f62d4f34fd78fe56f2203d9cb9de3b746f73e184ecfbf6c125ff7889b6c5350f34a78fa4641ae3b71c4c6d3dd99a54992eed7d3d80bdd8844345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9bb22c7c128c6b1b_0

Filesize
53KB

MD5
ccd7292bf5dcf6f2c2d6f4c342927a7f

SHA1
1505067d96fe2900da16aa8d8261149d85c8550b

SHA256
965e9705cf8989e586277e063f2a1e7bac47df0f0db67a0d3aa4738a215c4bbc

SHA512
f61fbcd65c1409d1fe088dafd58af6d89140771dd457074bbea1c753d1f2d86ab9aaa4581f6478b18b7aa9234e25ef812c349c94e1f99c5a2b037be6f075d624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a44b10701ac1235d_0

Filesize
303B

MD5
d1456eb4612960e2b7b56cf0cce6fbfb

SHA1
cf3bb1fb93555b2b6518edc6900814274d5ea700

SHA256
b493afe1946b04a110c3a5a1620600398f7b2c97dabfd6ba2cf1ce75c507e4e9

SHA512
cf3c3406d59dbc62ee7f59f1b17a56275b63135a9e24baa119d94a35d313544914bc1466e85db5bdc9832f2cdfdd58fe4263638ff84488559d4981fc9f913e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\abf951b98bca9a3b_0

Filesize
232B

MD5
63f0579a8b0d3b17526782a993b62abd

SHA1
9e47e73334691e96215d5997b2155a79b7b09ccc

SHA256
97e92dd683da17d125bc475fc3f03484a85888cdac8a8eee500fa80d847dc3f7

SHA512
424efb52d7457b382d9c6f0fe6cbea2b05725a04354d0996863b76c668b9195717627f8eabc4e020cbce54b6c2ef26b66793e13d6a4cd1815ba833ff0c1640d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d468bc9374be225f_0

Filesize
229B

MD5
ce60a443f27a5aa233d35b99a9a34244

SHA1
13844d589bc385cce666ec2d079ac81bb13760b4

SHA256
1bcd49feebcc6e9095a321cb2d4f92b3f2d903795454ffe5e5c7611005dd27e0

SHA512
e48bdf4b6cb7aad12a3f8ce18682c2c90697f1bd2ce426b5c5153fcca610ca14266cb7579539180313a34ac6ad2c17242477456eec0491cc12d86c3ec434c07b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e6cf5d2a301ddf5b_0

Filesize
297B

MD5
c2ee67876163ecc79a06cf6c77324bd5

SHA1
5824f26022fce5f7c39c4a72abcd5d21695ec9b3

SHA256
7b2cb743b09f2c388f0b2c40e3d3b3addb4f39c3abafb1be24a4119bdecab8ba

SHA512
dc67e82b270e1903ba5c140717b3d310951c654d46c0fbda0cacaf6b0e66fb6d1ab87c4307a17f922653ee91a6ebe99027333f35dc2f0659e5af6d82146f8797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7a3ccf30-b355-42b4-a08c-b7ff8b111224.tmp

Filesize
6KB

MD5
0141eb25957f9cddd6ae5acb9482fe81

SHA1
7fc77d1f3c21dc5bc592022a388e9034f012344a

SHA256
a01f2ccdd55c2467f7eac55f92c483ceeea616dde610ea7d6f99c8f0d3b411f7

SHA512
c6147356e05b7f9c9e6cbcaffca9a859b04cd34e869f9d89c4113124999424ac085a1dc37b7338dd58751562cb251abce5d8f2f8d49ca451152cb5c3a7c7e8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e781c06053c727a3c44b045511d5fb33

SHA1
925ff0c3546e5a28b5f7be8bfba8d34526d02109

SHA256
93cf33897caa5db2d795e6cdf882d34669827161aad0317fe94e6206e53711cb

SHA512
bebffab5a72dac751af07978c2bc42df856afb01dca9abbfe77be9134b535313660a8f0db1cb795017d6bf39c23ab1118974be54e44a9c2b3a2150f837b28504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e5b933229adbf90a8affda30408e58a1

SHA1
bc2fbf11cad24a75176360b6a98ac292ad54f0f2

SHA256
14e35b4acf83086d8a0ba0630e6c58d5a62a0a569193bc4ec572474c88c3a91b

SHA512
71c76899b343fd5310e76e4b1511000d2d1343a1dc04881c6bb52d760663ccd92ed111f16914421d0254edff07db33a2a74154dff1f3bac540e39a26214898f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
4e12a7c19ec26233b4bda97ae66ebaad

SHA1
29fac106ca850f2a8f33f254b79f1057020cd264

SHA256
05f0a1b90e27909eb2afe987530a560524799775c96a6bc833659c9dc44ba70b

SHA512
748b62683f165301f7358d2a8a0476ddd7651862968fe9f368b0657b699bcd8ff4d66824f7c206dfbbc8e3f9013341c893ae0c5799c3c85f45234fd270e19929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
5e6788a77896e7450068dfb57023d291

SHA1
773c5068e79fd5d7e7f58d5f02b1d92a4a04ca0b

SHA256
8e15f833e162dd4d2d65d54abcf129b00005320e82f23bf4f1755fd0dcee9f6e

SHA512
679c316d863e6846eeb4001713224d149aac70cc40914f20c1b6a98a3f1e0becd73d63c3d8fdcdc6ce153aab3de10f278eeeac44f41f6cff6ee248976d137b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
48b63bb6ed92b559eb531b1fbe6dc27e

SHA1
313f01b5f98c2bc979e0fafca5fbf63589b5c412

SHA256
1fa2859695f4637a1b3902415f26d88318bbc281fa548ed517c018310852e488

SHA512
af857443338f61756236ccf56e5d9d040a11b2b8109661041895cb4c1b670885f8f4ed94a9f496b2c7edd2f0b6a2fa7a9c7bb86537dbe65629a2aa2e513c0197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
0573974cc19dc041942f186ed1a97baa

SHA1
9dfb78e39ad41ff01383239b7ca5ec8734dae315

SHA256
b9ff54363bd0402f4fcbeacf1d38253974ac97fa2165fd5e1731ca33e6701a2a

SHA512
95a1f64f3eefc76b017b3ed58131247def6913c06388d3a936afa59bdf7457af0eb4cca89387a21031b704d8e2c459257bf37b33ff1d3d5abeb88afddc3ff66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
fb5c271a606bba98f36796a1ec5777ad

SHA1
bdd8aa6e37156cc7fbc740910be49e09997dd0ff

SHA256
147711f2ff148814a1582947f3b103598001b8ee9de9c57fde1d98fdcbfd82fa

SHA512
a57aeba14abb65162f18cd7b4d464e71d23dff1ee39015a96e8ecd4f751fe24baeb9dfe47160569a037ad604eec3fc1d2f3d103316ae8d14a0ebd55d61174d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b7d03a13-3aed-4513-8328-657d80588317.tmp

Filesize
6KB

MD5
a804c32aefe75567d18ac31e6fc7a56c

SHA1
0787b0017d82a15c5e509ff6e734fd48382fe20a

SHA256
6df0f13044796357a560aaf63e014cb4126c1a3908d439113237f42edb4d0c5f

SHA512
a983a1fd005f3b1ab804e7080c3f0ffb63c0f779bdfd45569c2114f4554b2954411a415173e9ec8c803b5a416acd45c93a676fe69375cd8e414db1aad37da4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc607d4734cc65ee2ad9351fcdd79459

SHA1
405d57df9c7f9282b9c515e9c8b4f0e3cd6beee3

SHA256
a135dd9eda7dc52af5da4959d355b0c7223e0a1a476b391c9b6ae5601bfcf695

SHA512
c52faa240ee324cead6e63caf2c8d3fc1245344bc9d874d40ca7c5aa7be01ab4620344db105ad7b2607d964113d546b3f6d068df70a5541994069295a7f9777e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
baa985e76804128e31b30cf5069bf318

SHA1
171eabdd124ade6a634ccde5fc068c796e5f505a

SHA256
29095bf4b500c339f0002c78b475eba1ed77e75a2c0db7933157d7f783262096

SHA512
95ff6df09df868ed17c8d8de45087aed157b84a58d1a23576d8cf64123271f3bb9f0317cc4e2df8770492ac04be2938acfe84515852b9a33b43c6a9e4753485f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
1f248c62ebf57b0b010ad9db4969af68

SHA1
ef9326fe38e96fa3cc38ced12da30fe8a3b01f6f

SHA256
b19ec32d39bf8de0bf2879181082997341103ef5c43288fb12cebfaba39a2411

SHA512
b5bb27ec760eb13929d9ad987f505df7e683bfac39140be90c21761672482b34511a5adf595c8d13055548468b5a215c10e5e78c2fe97f39b5b2d64f6ddacd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
e4094f9cbadedfdf6c7f8a1aa0770b96

SHA1
263596f0591ea78c8e2cca102277c7f0cd4fb2ca

SHA256
199f3a44fe9232591bc4be6d399f4a66b35f1c691d929e93f3aac4f4dc4d3bba

SHA512
e27abbfecb938f9faf23a3e832aec656e6ff1aff117182f106dc7ba4abd11111b8edd7162a8e5d139cf3394328565bb74e8e62b329173c10f969ac496110b028

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab37F3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar39B0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF77821C4CA5EE01EA.TMP

Filesize
16KB

MD5
9ee2f82d89fb4fa93bbdb0a9d2a0be23

SHA1
e796511cb958640a9bd41380d55f7a6ac06d4eb2

SHA256
4e1bd60f59ca7222ed51e34f7d3543e330c22b72ebeb9965c786a800349496ff

SHA512
cc9e4eba47a2f222a4b853e718d7c7f48e164f6a88a2fededd87b0d3463e250b1b0e3a0d61fa89dee610554c52c206c2ca36041ead0231aae232aadf5b7b4859

Download Submit
C:\Users\Admin\Downloads\Bon.zip

Filesize
49.8MB

MD5
65259c11e1ff8d040f9ec58524a47f02

SHA1
2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

SHA256
755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

SHA512
37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

Filesize
7.8MB

MD5
c3b0a56e48bad8763e93653902fc7ccb

SHA1
d7048dcf310a293eae23932d4e865c44f6817a45

SHA256
821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb

SHA512
ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

Download Submit
\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

Filesize
997KB

MD5
3f8f18c9c732151dcdd8e1d8fe655896

SHA1
222cc49201aa06313d4d35a62c5d494af49d1a56

SHA256
709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331

SHA512
398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

Download Submit
\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
memory/2688-2275-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2688-2274-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download